Advertisement
CVE-2026-40175: Siemens gWAP RCE via Axios Prototype Pollution
Siemens gWAP is vulnerable to RCE via CVE-2026-40175, a prototype pollution flaw in the Axios HTTP client library. Update to v3.1.1 or later.
OpenAI Revokes macOS App Certificate Following Supply Chain Attack
OpenAI revokes its macOS app signing certificate after a GitHub Actions workflow downloaded a malicious Axios library version during a supply chain incident.
Axios Attack: Industrialized Social Engineering on NPM Maintainers
An analysis of the Axios NPM package attack reveals advanced, scaled social engineering campaigns targeting open-source maintainers, elevating supply chain risk.
UNC1069 Social Engineering Leads to Axios npm Supply Chain Compromise
Runtime Rebel details how North Korean threat actor UNC1069 leveraged targeted social engineering against an Axios npm package maintainer, leading to a critical supply
Axios npm Supply Chain Attack Attributed to North Korea's UNC1069
Google Threat Intelligence attributes a major Axios npm supply chain attack to North Korean group UNC1069, emphasizing risks to developer environments.
UNC1069 Leverages Axios NPM Supply Chain to Deploy WAVESHAPER.V2
North Korea-nexus UNC1069 compromised widely used Axios NPM package (v1.14.1, 0.30.4) by injecting plain-crypto-js to deploy WAVESHAPER.V2 backdoor across multiple OS.
Axios NPM Compromise: Supply Chain Threat Analysis
Analysis of the Axios NPM package compromise, a potential supply chain attack impacting JavaScript HTTP client library users, possibly by North Korean threat actors.