heise online

Malware on npm: HTTP client axios loads backdoor for Windows, macOS, and Linux

The maintainer account for the axios package on npm was compromised to inject a remote access trojan for Windows, macOS, and Linux. Version 1.14.1, released by the attackers on March 30, is affected.
Bleeping Computer

Hackers compromise Axios npm package to drop cross-platform malware

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver remote access trojans to Linux, Windows, and macOS systems. One malicious ...
GitHub

MariaDbSchemaState uses mysql --version for client detection instead of mariadb --version

mysql Ver 8.0.45 for macos26.2 on arm64 (Homebrew) and mariadb from 12.2.2-MariaDB, client 15.2 for osx10.21 (arm64) using EditLine wrapper MariaDbSchemaState inherits detectClientVersion() from ...
OMG! Ubuntu!

Skyscraper brings Bluesky to the Linux terminal

What’s better than using a social network? Not using one, I suppose. Or using one in the nerdiest way you can. Case in point, Skyscraper. Created by developer Cameron Banga, Skyscraper is an ...
The Hacker News

Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account

The popular HTTP client known as Axios has suffered a supply chain attack after two newly published versions of the npm package introduced a malicious dependency that delivers a trojan capable of ...
GitHub

Elgato 4K60 Pro MK.2 (1cfa:000e) and Elgato 4K Pro (1cfa:0012) Linux Driver

Debian 6.12.57+ Stable Warning: Repository version of OBS may crash. Use Flatpak OBS. Fedora Atomic 6.17.7+ Experimental Supported on Bazzite, Bluefin, Aurora, Silverblue. Unified installer that ...
The Hacker News

Microsoft Warns of WhatsApp-Delivered VBS Malware Hijacking Windows via UAC Bypass

Microsoft is calling attention to a new campaign that has leveraged WhatsApp messages to distribute malicious Visual Basic Script (VBS) files. The activity, beginning in late February 2026, leverages ...