Securing the Supply Chain: How SentinelOne's AI EDR Stops the ...

On March 31, 2026, a North Korean state actor hijacked the npm credentials of the primary Axios maintainer and published two backdoored releases that deployed a cross-platform remote access trojan (RAT) to Windows, macOS, and Linux systems. Axios is the most widely used HTTP client in the JavaScript ecosystem, with approximately 100 million weekly downloads and a presence in roughly 80% of cloud and code environments.

Pulse ID: 69cf03e05f6b299dc3efd2cd
Pulse Link: https://otx.alienvault.com/pulse/69cf03e05f6b299dc3efd2cd
Pulse Author: AlienVault
Created: 2026-04-03 00:03:44

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BackDoor #Cloud #CyberSecurity #EDR #HTTP #InfoSec #Java #JavaScript #Korea #Linux #Mac #MacOS #NPM #NorthKorea #OTX #OpenThreatExchange #RAT #RemoteAccessTrojan #SentinelOne #SupplyChain #Trojan #Windows #bot #iOS #AlienVault

A Technique-Based Approach to Hunting Web-Delivered Malware

This report presents a technique-based approach to HTTP body hunting using Censys that addresses this tension directly, and demonstrates its effectiveness by walking through a live discovery: a ClickFix campaign delivering XWorm V5.6 through a 5-stage attack chain.

Pulse ID: 69cf8d0d1edba26a610bb8bd
Pulse Link: https://otx.alienvault.com/pulse/69cf8d0d1edba26a610bb8bd
Pulse Author: AlienVault
Created: 2026-04-03 09:49:01

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Censys #CyberSecurity #HTTP #InfoSec #Malware #OTX #OpenThreatExchange #RAT #Worm #XWorm #bot #AlienVault

Как тестировать API прямо в IDE, или почему я больше не использую Postman

Postman используют миллионы разработчиков — и не зря. Удобный интерфейс, коллекции, окружения, командный доступ. О чём еще мечтать? Но если вы большую часть дня проводите в IDE, у этого подхода есть один постоянный friction point: нужно переключаться. Открыть Postman, вспомнить, где нужный запрос, скопировать токен из консоли, вставить руками. Потом вернуться обратно. И так по кругу. В этой статье разберем альтернативный HTTP-клиент, который встроен прямо в IDE и его возможности для тестирования API.

https://habr.com/ru/companies/haulmont/articles/1018588/

#java #spring #openide #httpклиент #тестирование #rest #http #kotlin #автотесты #qa

North Korea-Nexus Threat Actor Compromises Widely Used Axios NPM Package in Supply Chain Attack

Google Threat Intelligence Group (GTIG) is tracking an active software supply chain attack targeting the popular Node Package Manager (NPM) package "axios." Between March 31, 2026, 00:21 and 03:20 UTC, an attacker introduced a malicious dependency named "plain-crypto-js" into axios NPM releases versions 1.14.1 and 0.30.4. Axios is the most popular JavaScript library used to simplify HTTP requests, and these packages typically have over 100 million and 83 million weekly downloads, respectively. This malicious dependency is an obfuscated dropper that deploys the WAVESHAPER.V2 backdoor across Windows, macOS, and Linux.

Pulse ID: 69cd1d9aae74cc11b50ba18e
Pulse Link: https://otx.alienvault.com/pulse/69cd1d9aae74cc11b50ba18e
Pulse Author: AlienVault
Created: 2026-04-01 13:28:58

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BackDoor #CyberSecurity #Google #HTTP #InfoSec #Java #JavaScript #Korea #Linux #Mac #MacOS #NPM #NorthKorea #OTX #OpenThreatExchange #SupplyChain #Windows #bot #iOS #AlienVault

Axios Front-End Library npm Supply Chain Poisoning Alert

On March 31, NSFOCUS CERT detected that the npm repository of the HTTP client library Axios was poisoned by the supply chain. The attacker bypassed the normal GitHub Actions CI/CD pipeline of the project, changed the account email address of the axios maintainer to an anonymous ProtonMail address, and manually released a malicious version with a Trojan backdoor through the npm CLI. When the user installs it, a persistent remote control will be established on the host. The impact is wide-ranging, and relevant users are requested to take measures for investigation and protection as soon as possible.

Pulse ID: 69cd1aa5d630ea626fc62588
Pulse Link: https://otx.alienvault.com/pulse/69cd1aa5d630ea626fc62588
Pulse Author: AlienVault
Created: 2026-04-01 13:16:21

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BackDoor #CyberSecurity #Email #GitHub #HTTP #InfoSec #NPM #OTX #OpenThreatExchange #SupplyChain #Trojan #bot #iOS #AlienVault

x402 V2: Neues Protokoll macht HTTP-Zahlungen multichain-fähig und modularer

Das x402-Protokoll, das HTTP-Zahlungen direkt über den lange ungenutzten 402-Statuscode in bestehende HTTP-Infrastruktur einbettet, erhält mit Version 2 ein umfassendes technisches Upgrade. Seit dem Start im Mai 2025 wurden über 100 Millionen Transaktionen abgewickelt

https://www.all-about-security.de/x402-v2-neues-protokoll-macht-http-zahlungen-multichain-faehig-und-modularer/

#http

It's alive!

#AdaLang #HTTP

#Development #Reports
axios compromised on npm · Popular JavaScript HTTP client hit by supply chain attack https://ilo.im/16bt4y

_____
#Malware #JavaScript #HTTP #Library #Npm #Security #WebDev #Frontend #Backend

Populární knihovna axios byla krátce kompromitována na npm. Útočník získal přístup k maintainer účtu a publikoval škodlivé verze:

[email protected]

[email protected]

Jak útok fungoval

Nešlo o přímou úpravu kódu axiosu, ale o supply chain attack přes závislosti:

Útočník přidal do balíčku novou závislost:

[email protected]

Tento balíček obsahoval škodlivý […]