Anthropic is scrambling to contain the leak, but the AI coding agent is spreading far and wide and being picked apart.

Attackers stole a long-lived npm token from the lead axios maintainer and published two poisoned versions that drop a cross-platform RAT. Axios sits in 80% of cloud environments. Huntress confirmed ...

An attacker compromised the npm account of a lead Axios maintainer on March 30, and used it to publish two malicious versions ...

自社の内情を隠しきれないAnthropic。未発表モデルの詳細が、未公開の文書やブログ記事の下書きを公開キャッシュに残していたことで明るみに出たばかりですが、今度はAIコーディング支援ツール｢Claude ...

The leak provides competitors—from established giants to nimble rivals like Cursor—a literal blueprint for how to build a ...

The NPM package for Axios, a popular JavaScript HTTP client library, was briefly compromised this week, possibly by North Korean threat actors.

More open-source developers are finding that, when used properly, AI can actually help current and long-neglected programs.

With almost 175,000 npm projects listing the library as a dependency, the attack had a huge cascade effect and shows how ...

�� CRITICAL: Active supply chain attack on axios -- one of npm's most depended-on packages. The latest axios@1.14.1 now pulls ...

チェコのJetBrainsは3月19日（現地時間）、統合開発環境「IntelliJ ...

はじめに：これは「エンジニアの話」ではない 2026年3月31日。世界中の開発者が使う「axios」というソフトウェア部品が乗っ取られた。 🚨 CRITICAL: Active supply chain attack on axios -- one ...

Axios, a widely used JavaScript HTTP client, was briefly distributed through npm in two malicious versions after a maintainer account was taken over. Security r ...