Catalin CimpanuAxios project admin Jason Saayman says he lost access to the project through a social engineering attack where a threat actor lured him to collaborate on another project but infected him with malware that stole cookies, tokens, and credentials from his system
https://github.com/axios/axios/issues/10604#issuecomment-4167784086
[email protected] and [email protected] are compromised · Issue #10604 · axios/axios
more details: https://www.stepsecurity.io/blog/axios-compromised-on-npm-malicious-versions-drop-remote-access-trojan Most likely, a maintainer's GitHub and npm accounts are compromised as these iss...