Foresight News
Foresight News|Mar 31, 2026 07:11
[SlowMist Yu Jian: The latest version of OpenClaw may introduce a compromised axios] Foresight News reports that SlowMist founder Yu Jian stated, 'We have basically confirmed that if your OpenClaw is the latest version 3.28, it may introduce a compromised axios. Please conduct thorough checks! Additionally, not only could OpenClaw directly introduce it, but related Skills might also rely on axios, leading to indirect compromise. Of course, since axios is so widely used, conducting checks is absolutely necessary. Fortunately, the poisoning incident was discovered in a timely manner.' Earlier, Foresight News reported that Socket AI founder Feross issued a warning, stating that the core dependency package axios in the npm ecosystem has been subjected to an active supply chain attack. Its latest version, axios@1.14.1, was injected with a previously non-existent malicious package, plain-crypto-js@4.2.1.
+3
Mentioned
Share To

Timeline

HotFlash

APP

X

Telegram

Facebook

Reddit

CopyLink

Hot Reads