The Threat Codex3d ago
STARDUST CHOLLIMA Likely Compromises Axios npm Package
#STARDUSTCHOLLIMA #AxiosProject
https://www.crowdstrike.com/en-us/blog/stardust-chollima-likely-compromises-axios-npm-package/
STARDUST CHOLLIMA Likely Compromises Axios npm Package

STARDUST CHOLLIMA has likely compromised Axios Note Package Manager (npm) Package with stolen manager credentials. Learn more.

CrowdStrike.com
The Threat Codex4d ago
North Korea-Nexus Threat Actor Compromises Widely Used Axios NPM Package in Supply Chain Attack
#AxiosProject #UNC1069 #WAVESHAPER
https://cloud.google.com/blog/topics/threat-intelligence/north-korea-threat-actor-targets-axios-npm-package
North Korea-Nexus Threat Actor Compromises Widely Used Axios NPM Package in Supply Chain Attack | Google Cloud Blog

A North Korea-nexus threat actor targeted the popular axios NPM package in a massive supply chain attack.

Google Cloud Blog
The Threat Codex5d ago
axios Compromised on npm - Malicious Versions Drop Remote Access Trojan
#AxiosProject
https://www.stepsecurity.io/blog/axios-compromised-on-npm-malicious-versions-drop-remote-access-trojan
axios Compromised on npm - Malicious Versions Drop Remote Access Trojan - StepSecurity

Hijacked maintainer account used to publish poisoned axios releases including 1.14.1 and 0.30.4. The attacker injected a hidden dependency that drops a cross platform RAT. We are actively investigating and will update this post with a full technical analysis.