3 matches found
Mitigating the Axios npm supply chain compromise
In this article 1. Analysis of the attack 2. Mitigation and protection guidance 3. Microsoft Defender detections 4. Indicators of compromise 5. Hunting queries On March 31, 2026, two new npm packages for updated versions of Axios, a popular HTTP client for JavaScript that simplifies making HTTP...
PT-2025-29826
Name of the Vulnerable Software and Affected Versions Icinga DB Web versions 1.2.0 through 1.2.1 Description Icinga DB Web, a graphical interface for Icinga monitoring, allows users with access to Icinga Dependency Views to view hosts and services they are not authorized to access on the dependen...
GHSA-XWG3-GJXH-C8PM Malicious Package in ngx-context-menu
Version 0.0.26 of ngx-context-menu contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment. It's also...