knoppix14h ago

Axios versions 1.14.1 and 0.30.4 were compromised via a malicious npm dependency, deploying a cross-platform RAT on Windows, macOS, and Linux. Users must downgrade and rotate credentials to maintain control over their environments ⚠️

🔗 https://thehackernews.com/2026/03/axios-supply-chain-attack-pushes-cross.html

#TechNews #Axios #npm #SupplyChainAttack #Attack #Hacking #Hackers #Cybersecurity #OpenSource #FOSS #RemoteAccessTrojan #Trojan #Malware #NodeJS #Security #DevSecOps #IT #Software #Privacy #RAT #Windows #Linux #macOS

Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account

Axios 1.14.1 and 0.30.4 injected malicious [email protected] after npm compromise on March 31, 2026, deploying cross-platform RAT malware.

The Hacker News
Frank Quednau1d ago

watch out foks
https://opensourcemalware.com/blog/axios-compromised

#axios #SupplyChainAttack

One of the most popular JavaScript packages on earth Axios has been compromised

The Axios NPM package has been compromised and the maintainer of the project has been locked out of their account. This will go down in history as one of the most successful software supply chain attacks ever

github.com/ghostwriter1d ago

Users who have #Axios versions 1.14.1 or 0.30.4 installed are required to rotate their secrets and credentials immediately, and downgrade to a safe version (1.14.0 or 0.30.3).

https://github.com/axios/axios/issues/10604

https://thehackernews.com/2026/03/axios-supply-chain-attack-pushes-cross.html

https://www.stepsecurity.io/blog/axios-compromised-on-npm-malicious-versions-drop-remote-access-trojan

#SupplyChainAttack #npm #cve #SupplyChain #Security #RAT

[email protected] and [email protected] are compromised · Issue #10604 · axios/axios

more details: https://www.stepsecurity.io/blog/axios-compromised-on-npm-malicious-versions-drop-remote-access-trojan Most likely, a maintainer's GitHub and npm accounts are compromised as these iss...

GitHub
Hackread.com1d ago

Hackers poisoned the Axios npm Package, one of the most widely used libraries with 100M weekly downloads. A stealth RAT enabled data theft and full system access during a short but critical window.

Read: https://hackread.com/hackers-poison-axios-npm-package-100m-downloads/

#Axios #npm #CyberSecurity #SupplyChainAttack #Malware

Hackers Poison Axios npm Package with 100 Million Weekly Downloads

Axios npm Package compromised in a supply chain attack, exposing developers to a stealth RAT, data theft, and full system takeover risks worldwide.

Hackread - Cybersecurity News, Data Breaches, AI and More
Kepi1d ago

Tož tohle je pořádnej průšvih, zvlášť pro ty, co pro mě totálně nepochopitelně, používají AI coding tooly bez sandboxu.

https://thehackernews.com/2026/03/axios-supply-chain-attack-pushes-cross.html

#axios #SupplyChainAttack

Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account

Axios 1.14.1 and 0.30.4 injected malicious [email protected] after npm compromise on March 31, 2026, deploying cross-platform RAT malware.

The Hacker News
ℂ𝕖𝕝𝕖𝕤𝕥𝕖@world: /# ▯1d ago

Just helping to spread the word: The widely used NPM package "Axios" fallen victim to supply chain poisoning. The versions 1.14.1 and legacy 0.30.4 are poisoned with a RAT after the lead maintainer of Axios had his dev account taken over at midnight. At 00:22 the RAT went online and stayed up for around 3h before being taken down by NPM security.

Below, you'll find references as shared by the security researcher John Hammond of the ITsec company "Huntress"

#axios #supplychainattack #infosec

ℂ𝕖𝕝𝕖𝕤𝕥𝕖@world: /# ▯1d ago

* checks company servers *: #axios installed 😬😨
* checks again *: Version 1.13.x 😌

* checks homelab servers, just to be sure *: axios version 1.14.1, recently updated 😳 RIP.

* Yanks network cable out of router *

* panics *

#supplychainattack #recent

DamonHD1d ago

UK registered organisations can apply for a share of up to £5 million for collaborative projects that enable adoption of the Government's Software Security Code of Practice to drive growth of secure and resilient software supply chains.

Competition closes: Wednesday 29 April 2026 11:00am

https://apply-for-innovation-funding.service.gov.uk/competition/2421/overview/3d6991fa-73b2-48c0-93eb-cc5393b5cf3d#summary

#supplyChain #supplyChainAttack #grant #industrialResearch #software

Competition overview - Secure Software for Resilient Growth - Innovation Funding Service

Show threadAdhidarma Hadiwinoto 1d ago

@sakeudeung kayaknya gak akan banyak yang kena karena versi #axios yang kena inject terbatas. Kode-kode yang cukup lama sepertinya malah aman. Kayaknya ya, blm baca lebih detail juga. Lapar.

https://github.com/axios/axios/issues/10604

https://www.stepsecurity.io/blog/axios-compromised-on-npm-malicious-versions-drop-remote-access-trojan

#nodejs #axios #vulnerabiliy #cvs #supplychainattack

[email protected] and [email protected] are compromised · Issue #10604 · axios/axios

more details: https://www.stepsecurity.io/blog/axios-compromised-on-npm-malicious-versions-drop-remote-access-trojan Most likely, a maintainer's GitHub and npm accounts are compromised as these iss...

GitHub
Anup Karanjkar2d ago

The TeamPCP Attack: How One Stolen Token Compromised Trivy, LiteLLM, and 47 npm Packages — What Every Developer Must Do Now

A single stolen automation token let the TeamPCP threat actor inject malicious code into Trivy, LiteLLM, and 47 npm packages in under 72 hours. Here is the full timeline, how to...

https://wowhow.cloud/blogs/teampcp-supply-chain-attack-trivy-litellm-npm-2026

#wowhow #supplychainattack #teampcp #trivy

The TeamPCP Attack: How One Stolen Token Compromised Trivy, LiteLLM, and 47 npm Packages — What Every Developer Must Do Now

The TeamPCP supply chain attack compromised Trivy, LiteLLM, and 47 npm packages via a stolen token. Full timeline, detection commands, and CI/CD hardening steps.