Axios npm supply chain attack: Malicious updates add remote access trojan

Laura FrenchMarch 31, 2026

The axios npm package, with about 100 million weekly downloads, was compromised via a maintainer’s account.

RESOURCES

Email security
Email authentication in 2026: What every organization still gets wrong
Data Security
Your DLP can’t stop a smartphone: The data-leak crisis no one talks about
Governance, Risk and Compliance
Building institutional capacity: Why AI-augmented security is the new standard
Automated penetration testing
Why traditional VAPT is falling behind in the age of AI-built software
Identity
Thwarting AI-powered attacks: How identity management can help

PODCASTS

Application security
Developing the Skills Needed for Modern Software Development – Keith Hoodlet, Ron Rasin, Shashwat Sehgal – ASW #376
Leadership
Oops, all Interviews: Switching to Cyber, CISO Reflections, and the State of TPCRM – Lenny Zeltser, Helen Patton, Alexandre Sieira – ESW #452
AI/ML
Scam Baiting, AI, and the New Grift Economy, Part 2 – Rinoa Poison – SWN #567
AI/ML
Scanning The Internet with Linux Tools – PSW #919
Asset Management
Say Easy, Do Hard – Crypto-Agility – BSW #440

FEATURED

Perspectives Spotlight: Expert Insights

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

Perspectives

In Brief

More Resources

AI/ML

OpenAI fixes Codex flaw that could lead to GitHub token theft

Laura FrenchMarch 31, 2026

A command injection hidden in a branch name could cause an OAuth token to be exfiltrated.

Network Security

F5 BIG-IP APM DoS bug exploited as an RCE, added to CISA list

Steve ZurierMarch 30, 2026

Flaw upgraded to an actively exploited RCE, experts advise teams to patch right away.

RSAC

BSides SF: SaaS, cloud assets vulnerable to identity-based ransomware attacks

Paul WagenseilMarch 28, 2026

It's easy to mount ransomware attacks upon SaaS and cloud assets, a researcher said at the BSides SF 2026 hacker conference.

A giant sandworm appears over a desert sand dune.

RSAC

Wormsign, RSAC 2026: More auto-updating supply chain attacks on the way

Paul WagenseilMarch 28, 2026

The Shai-Hulud worms that exploited automatic updates in open-source software repositories may be only the beginning, two researchers said at RSAC 2026.