Explore

Rapid Read Rapid Read
Axios npm Hack Exploits Fake Teams Error to Compromise Maintainer Account

Axios npm Hack Exploits Fake Teams Error to Compromise Maintainer Account

The maintainers of the popular Axios HTTP client have reported a security breach involving a social engineering attack linked to North Korean hackers. The attackers compromised a maintainer account to publish two malicious versions of Axios to the npm package registry, initiating a supply chain attack. These versions included a dependency that installed a remote access trojan (RAT) on various operating systems. The malicious versions were available for a short period before removal, but systems that installed them are considered compromised. The Google Threat Intelligence Group has attributed this attack to North Korean threat actors known as UNC1069. The attack began with a targeted social engineering campaign against the project's lead maintainer, involving impersonation and a fake Microsoft Teams update that installed malware.
Reuters Reuters
South Korea says 'credible intelligence' indicates North Korean leader's daughter is successor

South Korea says 'credible intelligence' indicates North Korean leader's daughter is successor

By Kyu-seok Shim SEOUL, April 6 (Reuters) - South Korea's spy agency now believes North Korean leader Kim Jong Un's teenage daughter has been positioned as his successor, lawmakers said on Monday, citing a recent public display of her driving a tank that was likely intended to dispel any doubts.
Rapid Read Rapid Read
Iran Utilizes North Korean Missile Systems in Conflict with US and Israel

Iran Utilizes North Korean Missile Systems in Conflict with US and Israel

Iran has reportedly been using missile systems acquired from North Korea in its ongoing conflict with the United States and Israel. According to experts, a significant portion of Iran's ballistic missile arsenal was either directly purchased from North Korea or developed with North Korean assistance. Recently, Iran fired two ballistic missiles at a joint US-UK military base on Diego Garcia, although neither missile hit the base. The missiles, including the Musudan and Shahab-3, are said to be based on North Korean designs. The relationship between Iran and North Korea involves Iran purchasing missile systems and components, with North Korea acting as the supplier.
Trendline Trendline
Fortinet Releases Emergency Patch for Critical FortiClient EMS Vulnerability Exploited in Attacks

Fortinet Releases Emergency Patch for Critical FortiClient EMS Vulnerability Exploited in Attacks

Fortinet Releases Emergency Patch for Critical FortiClient EMS Vulnerability Exploited in Attacks
Rapid Read Rapid Read
North Korean Hackers Exploit Phishing Tactics to Target U.S. Crypto Industry

North Korean Hackers Exploit Phishing Tactics to Target U.S. Crypto Industry

A recent incident involving North Korean hackers has highlighted the ongoing threat they pose to the U.S. crypto industry. A journalist from Fortune was targeted by a phishing attack orchestrated by hackers linked to the Democratic People’s Republic of Korea (DPRK). The attack involved a fake Zoom link sent via Telegram, which, if executed, would have allowed the hackers to access sensitive information such as passwords and cryptocurrency holdings. This incident is part of a broader pattern of North Korean cyber activities aimed at stealing cryptocurrency to fund the regime, which reportedly accumulated $2 billion in stolen crypto in 2025 alone. The hackers use sophisticated social engineering tactics, often impersonating known contacts to gain trust before launching their attacks.
Rapid Read Rapid Read
UNC1069 Social Engineering Attack Compromises Axios npm Package, Threatens JavaScript Ecosystem

UNC1069 Social Engineering Attack Compromises Axios npm Package, Threatens JavaScript Ecosystem

The Axios npm package maintainer, Jason Saayman, confirmed a supply chain compromise due to a sophisticated social engineering attack by North Korean threat actors known as UNC1069. The attackers impersonated a legitimate company's founder, inviting Saayman to a fake Slack workspace and a Microsoft Teams meeting. During the meeting, a fake error message prompted an update that deployed a remote access trojan, allowing the attackers to steal npm account credentials. This led to the publication of two trojanized Axios package versions containing the WAVESHAPER.V2 implant. The attack shares similarities with tactics used by UNC1069 and BlueNoroff, previously targeting crypto founders and public figures. Saayman has since implemented preventive measures, including resetting devices and credentials and updating GitHub Actions.
Rapid Read Rapid Read
North Korean Hackers Exploit Axios Maintainer in npm Supply Chain Attack

North Korean Hackers Exploit Axios Maintainer in npm Supply Chain Attack

The maintainer of the popular Axios npm package, Jason Saayman, has confirmed a supply chain compromise resulting from a sophisticated social engineering campaign by North Korean threat actors known as UNC1069. The attackers impersonated a legitimate company's founder to gain Saayman's trust, eventually leading him to a fake Microsoft Teams call. During the call, a fake error message prompted him to update his system, which triggered the deployment of a remote access trojan. This allowed the attackers to steal npm account credentials and publish two compromised versions of the Axios package, containing a malicious implant named WAVESHAPER.V2. The attack shares similarities with previous campaigns by UNC1069 and BlueNoroff, targeting open-source software maintainers to infiltrate downstream users.
Rapid Read Rapid Read
FBI Classifies Wiretap Infrastructure Breach as Major Incident, Suspects Chinese Hackers

FBI Classifies Wiretap Infrastructure Breach as Major Incident, Suspects Chinese Hackers

The FBI has officially classified a breach of its lawful wiretap infrastructure as a major incident, highlighting significant national security risks. The breach, reportedly carried out by state-sponsored Chinese hackers, involved accessing the FBI's infrastructure through a commercial ISP. The compromised system contained sensitive information, including returns from legal processes such as pen register and trap and trace surveillance returns, as well as personally identifiable information related to FBI investigations. This breach underscores the vulnerabilities in critical law enforcement infrastructure and the ongoing threat posed by sophisticated cyberattacks.
Curious Chronicles Curious Chronicles
Top Crypto Tax Software 2026: Integrations, Pricing, and Supported Exchanges

Top Crypto Tax Software 2026: Integrations, Pricing, and Supported Exchanges

Tax season 2026 brings new crypto reporting requirements that make manual tracking nearly impossible. The IRS now requires detailed cost basis reporting for all digital asset transactions, including DeFi swaps and NFT sales. CoinTracker leads the market at $199/year for unlimited transactions, supporting over 300 exchanges including Coinbase, Binance.US, and Kraken. Koinly offers similar coverage for $179/year, while TaxBit targets high-volume traders at $250/year with advanced DeFi tracking. | Software | Annual Price | Exchanges Supported | DeFi Integration | Free Transactions | | CoinTracker | $199 | 300+ | Yes | 25 | | Koinly | $179 | 350+ | Limited | 10,000 | | TaxBit | $250 | 200+ | Advanced | 100 | | CryptoTrader.Tax | $49 | 150+ | No | 100 | | TokenTax | $65 | 100+ | Basic | 100 | The right choice depends on your trading volume and complexity. Most casual investors with under 500 transactions can use CryptoTrader.Tax for $49/year.
AFP AFP
Corea del Norte celebrará funeral por los soldados caídos en la guerra de Ucrania

Corea del Norte celebrará funeral por los soldados caídos en la guerra de Ucrania

Corea del Norte celebrará este mes una ceremonia para dar sepultura a los restos de sus soldados caídos mientras combatían junto a Rusia en la guerra contra Ucrania, informó este viernes la prensa estatal.
Trendline Trendline
Critical Vulnerabilities in ShareFile Platform Enable Unauthenticated Remote Code Execution

Critical Vulnerabilities in ShareFile Platform Enable Unauthenticated Remote Code Execution

Critical Vulnerabilities in ShareFile Platform Enable Unauthenticated Remote Code Execution
AFP AFP
Corea del Norte celebrará fueneral por los soldados caídos en la guerra de Ucrania

Corea del Norte celebrará fueneral por los soldados caídos en la guerra de Ucrania

Corea del Norte celebrará este mes una ceremonia para dar sepultura a los restos de sus soldados caídos mientras combatían junto a Rusia en la guerra contra Ucrania, informó este viernes la prensa estatal.