Axios npm Hack: Critical Supply Chain Compromise — BleepingComputer

The Axios npm package was compromised through a sophisticated phishing attack that involved a fake Microsoft Teams error message. This allowed attackers to hijack a maintainer's account and inject malicious code into the package. Given Axios' popularity, this incident poses a significant supply chain risk, potentially affecting numerous projects that depend on the package. Security teams should verify the integrity of their dependencies and consider implementing multi-factor authentication for npm accounts.

Urgent iOS Update: Zero-Day Exploitation Detected — Google News Security (CN)

A critical vulnerability affecting iOS versions 13 to 17.2.1 has been identified, with active exploitation in the wild. Attackers are reportedly using this flaw to implant trojans via SMS, email, or web pages, potentially compromising user data like photos and passwords. Apple's emergency patch addresses this issue, and users are strongly advised to update their devices immediately to mitigate the risk. Security teams should ensure that all corporate devices are updated to the latest iOS version.

• $2.6M Complete Payroll Solutions data breach class action settlement - Class Action Lawsuits [Google News Security]
• Device code phishing attacks surge 37x as new kits spread online [BleepingComputer]
• Qilin ransomware group claims the hack of German political party Die Linke - Security Affairs [Google News Security]
• Hackers breached the European Commission by poisoning the security tool it used to protect itself - The Next Web [Google News Security]
• Meta paused its work with AI training startup Mercor after a data breach - Business Insider [Google News Security]