Mastodawn

Lukasz Olejnik (@lukOlejnik)

북한이 널리 쓰이는 JavaScript 라이브러리 Axios에 악성 코드를 심은 사례가 언급됐다. Axios는 AI 도구, 머신러닝 पाइ프라인, 핀테크 인프라에서 사용돼 잠재적 피해 범위가 매우 크며, 탐지되지 않았다면 수십만 개 프로젝트로 오염이 확산될 수 있었다.

https://x.com/lukOlejnik/status/2039592564618068094

#axios #javascript #opensource #supplychain #malware

Lukasz Olejnik (@lukOlejnik) on X

North Korea planted malicious code in Axios - one of the most popular JavaScript libraries, used by developers worldwide: in AI tools, ML pipelines, and fintech infrastructure. Had the attack gone undetected, infected packages could have reached hundreds of thousands of projects,

X (formerly Twitter)

Naty 2h ago

Re: Axios remote access trojan (RAT)

https://github.com/axios/axios/issues/10636

Luckily I don't use npm much (only #Indiekit) and it wasn't the malicious v1.14.1 or v0.30.4, it was v1.13.2.

Check with `npm list axios` in your /node_modules folder. I also ran `find ~ -type d -path "*/node_modules/plain-crypto-js" 2>/dev/null` to see if the RAT is found any where on my Mac. 🤞Luckily nothing. Scary! Read the full post mortem report above!

@paulrobertlloyd

#RemoteAccessTrojan #trojan #hack #virus #npm #axios

Post Mortem: axios npm supply chain compromise · Issue #10636 · axios/axios

Post Mortem: axios npm supply chain compromise Date: March 31, 2026 Author: Jason Saayman Status: Remediation in progress On March 31, 2026, two malicious versions of axios (1.14.1 and 0.30.4) were...

GitHub

GripNews 2h ago

🌗 事後報告：Axios npm 供應鏈遭入侵事件
➤ 透過帳號劫持植入後門：Axios 供應鏈攻擊始末
✤ https://github.com/axios/axios/issues/10636
2026 年 3 月 31 日，知名開源套件 Axios 的兩項版本（1.14.1 及 0.30.4）因主要維護者的 npm 帳號遭駭客入侵，被植入了惡意依賴項 `plain-crypto-js`。此惡意程式碼在短暫存在的三小時內，會針對 macOS、Windows 及 Linux 系統植入遠端存取木馬（RAT）。Axios 團隊隨後證實此攻擊源於針對維護者的社交工程詐騙，目前已採取全面清除設備、重置所有憑證等緊急措施，並計畫導入 OIDC 自動化發布流程以提升安全性。
+ 這提醒了所有開發者，即便是有數百萬次下載的套件，也可能因為單一維護者的個人裝置安全漏洞而崩塌。我們需要更嚴謹的自動化發布機制。
+ 慶幸發現得早！如果是被植入惡意程式碼後長期潛伏，後果將不堪設想。強制採用 OIDC 與多重驗證確實是開源界的當務之急。
#資訊安全 #軟體供應鏈 #Axios #惡意軟體

Post Mortem: axios npm supply chain compromise · Issue #10636 · axios/axios

Post Mortem: axios npm supply chain compromise Date: March 31, 2026 Author: Jason Saayman Status: Remediation in progress On March 31, 2026, two malicious versions of axios (1.14.1 and 0.30.4) were...

GitHub

Axios [National News] 🤖2h ago

Republicans announce plan to end record-long DHS shutdown https://www.axios.com/2026/04/01/republicans-dhs-shutdown-mike-johnson-thune
#axios #news #usnews

Republicans announce plan to end record-long DHS shutdown

House Speaker Mike Johnson Johnson on Friday called the Senate bill a "joke."

Axios

N-gated Hacker News 3h ago

🔍 Oh no, #axios got tangled in a yarn of #npm drama! 😱 GitHub's fancy buzzwords like "AI CODE CREATION" and "INSTANT DEV ENVIRONMENTS" totally saved the day—just kidding, they were too busy admiring their AI to notice. 🙄 Keep your supply chain secure, folks, or #GitHub might need another "POST MORTEM" to figure out how they missed it! 🚨
https://github.com/axios/axios/issues/10636 #drama #AICodeCreation #supplyChainSecurity #HackerNews #ngated

Post Mortem: axios npm supply chain compromise · Issue #10636 · axios/axios

Post Mortem: axios npm supply chain compromise Date: March 31, 2026 Author: Jason Saayman Status: Remediation in progress On March 31, 2026, two malicious versions of axios (1.14.1 and 0.30.4) were...

GitHub

Hacker News 3h ago

Post Mortem: axios NPM supply chain compromise

https://github.com/axios/axios/issues/10636

#HackerNews #PostMortem #axios #NPM #supplyChain #Compromise #CyberSecurity #OpenSource

Post Mortem: axios npm supply chain compromise · Issue #10636 · axios/axios

Post Mortem: axios npm supply chain compromise Date: March 31, 2026 Author: Jason Saayman Status: Remediation in progress On March 31, 2026, two malicious versions of axios (1.14.1 and 0.30.4) were...

GitHub

Axios [National News] 🤖4h ago

Trump makes historic Supreme Court visit for birthright citizenship case https://www.axios.com/2026/04/01/trump-supreme-court-birthright-citizenship-hearing
#axios #news #usnews

Supreme Court casts doubt on Trump's birthright citizenship order

Even Trump's unprecedented courtroom appearance couldn't shield his executive order from skeptical questioning by justices.

Axios

Axios [National News] 🤖7h ago

Attorney General Pam Bondi pushed out https://www.axios.com/2026/04/02/pam-bondi-attorney-general-out
#axios #news #usnews

Attorney General Pam Bondi pushed out

Her exit underscores building scrutiny over the DOJ's handling of the Epstein files.

Axios

#TuckFrump 8h ago

Hegseth removes Army's top general during Iran war #Axios https://twp.ai/E6HGyW

Hegseth removes Army's top general during Iran war

George is the Army's most senior general and is being removed during a hot war.

Axios

#TuckFrump 8h ago

Mike Johnson will wait on holding a vote to fund DHS #Axios https://twp.ai/E6HGy1

Mike Johnson will wait on holding a vote to fund DHS

The House speaker told his conference in a call Thursday he thinks the Senate could pass a narrow reconciliation package funding ICE and CBP within two weeks.

Axios