Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account

Updated on March 31, 2026

The popular HTTP client known as Axios has suffered a supply chain attack after two newly published versions of the npm package introduced a malicious dependency.
Versions 1.14.1 and 0.30.4 of Axios have been found to inject “plain-crypto-js” version 4.2.1 as a fake dependency.
According to StepSecurity, the two versions were published using the compromised npm credentials of the primary Axios…

Read the rest of the story at Read More

Source: The Hacker News

August 13, 2025 Uncategorized

Webinar: What the Next Wave of AI Cybera...

March 26, 2026 Uncategorized

[Webinar] Stop Guessing. Learn to Valida...

September 10, 2025 Uncategorized

Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account

Related posts

Webinar: What the Next Wave of AI Cybera...

[Webinar] Stop Guessing. Learn to Valida...

SAP Patches Critical NetWeaver (CVSS Up ...

Leave a Comment Cancel reply

Recent News

CERT-UA Impersonation Campaign Spread AGEWHEEZE Malware to 1 Million Emails

Block the Prompt, Not the Work: The End of “Doctor No”

Casbaneiro Phishing Targets Latin America and Europe Using Dynamic PDF Lures

Microsoft Warns of WhatsApp-Delivered VBS Malware Hijacking Windows via UAC Bypass

New Chrome Zero-Day CVE-2026-5281 Under Active Exploitation — Patch Released

3 Reasons Attackers Are Using Your Trusted Tools Against You (And Why You Don’t See It Coming)

Google Attributes Axios npm Supply Chain Attack to North Korean Group UNC1069

Claude Code Source Leaked via npm Packaging Error, Anthropic Confirms

Android Developer Verification Rollout Begins Ahead of September Enforcement

TrueConf Zero-Day Exploited in Attacks on Southeast Asian Government Networks