npm - Neural Digest

Sign in Subscribe

npm

A collection of 2 posts

Axios npm Package Compromised: Supply Chain Attack Deploys Cross-Platform RAT

Axios npm Package Compromised: Supply Chain Attack Deploys Cross-Platform RAT

On March 31, 2026, one of the most widely-used JavaScript packages in the world was weaponized against its own users. The axios npm package — downloaded over 100 million times per week and present in approximately 80% of cloud environments — was compromised in a supply chain attack that deployed a cross-platform

GlassWorm Returns: The Invisible Supply Chain Attack Hiding in 400+ GitHub Repos and VS Code Extensions

GlassWorm Returns: The Invisible Supply Chain Attack Hiding in 400+ GitHub Repos and VS Code Extensions

GlassWorm has compromised 400+ components using invisible Unicode characters that bypass visual code review, linters, and security tools. The supply chain attack hides malicious payloads in variation selectors that render as whitespace but execute as full JavaScript code.