Taggart10h ago

This is a big deal. Already seeing evidence of this by way of OpenClaw installations.

https://opensourcemalware.com/blog/axios-compromised

https://www.stepsecurity.io/blog/axios-compromised-on-npm-malicious-versions-drop-remote-access-trojan

One of the most popular JavaScript packages on earth Axios has been compromised

The Axios NPM package has been compromised and the maintainer of the project has been locked out of their account. This will go down in history as one of the most successful software supply chain attacks ever

Show threadChristoffer S.10h ago

@mttaggart I'm thinking that this is too big... this must be more than what the attackers can handle, no?

It's absolutely bonkers in size, and the amount of affected orgs... it's hard to grasp the entirety of it all. Jesus fucking christ.

Show threadTaggart10h ago
@nopatience Luckily it's only a couple of versions, but still gnarly.
Show threadTaggart
@nopatience Exceeeept it's used in OpenClaw installs https://github.com/openclaw/openclaw/issues/58140
5:43amWeb