Crypto M - Crypto News
@cryptom
2.08K subscribers
15.9K photos
194 links
Your #1 destination for the latest and most unbiased market news on Bitcoin, Ethereum, NFT, Fintech, Web3, DeFi, and Blockchain.
Download Telegram
About
Blog
Apps
Platform
Join
Crypto M - Crypto News
2.08K subscribers
Crypto M - Crypto News
🚀 Axios Library Compromised by Malicious Attack

An attacker has compromised the npm access token of the lead maintainer of Axios, a popular JavaScript HTTP client library, and used it to release two malicious versions containing cross-platform remote access trojans (RATs). According to ChainCatcher, these versions, axios@1.14.1 and axios@0.3.4, targeted macOS, Windows, and Linux systems. The malicious packages were removed from the npm registry approximately three hours after their release.

Data from security company Wiz indicates that Axios is downloaded over 100 million times weekly and is present in about 80% of cloud and code environments. Security firm Huntress detected the first infections just 89 seconds after the malicious packages went live and confirmed that at least 135 systems were compromised during the exposure period. Notably, the Axios project had implemented modern security measures such as the OIDC trusted publishing mechanism and SLSA provenance proofs. However, the attacker bypassed these defenses entirely.

The investigation revealed that while configuring OIDC, the project retained the traditional long-lived NPM_TOKEN. When both tokens coexist, npm defaults to using the traditional token, allowing the attacker to publish without breaching OIDC.

#Axios #JavaScript #npm #CyberSecurity #Malware #RAT #SupplyChainAttack #macOS #Windows #Linux #SoftwareSecurity #OIDC #SLSA #Huntress #ChainCatcher #npmToken
4 views
Crypto M - Crypto News
🚀 AI TRENDS | Anthropic Limits Claude Mythos Access Following Security Concerns

Anthropic has decided to restrict access to its Claude Mythos AI system to vetted cybersecurity groups. According to NS3.AI, this decision follows pre-release tests that revealed thousands of zero-day vulnerabilities and an 84% exploit success rate on Firefox 147's JavaScript engine. Anthropic's comprehensive 244-page system card highlighted that many existing cyber benchmarks were no longer adequately informative and disclosed significant evaluation oversights discovered late in the testing process.

#AI #Anthropic #ClaudeMythos #Cybersecurity #Vulnerabilities #ZeroDay #Firefox #JavaScript #Exploit #SystemCard #CyberBenchmarks #SecurityConcerns
12 views