Simon Willison16h ago
Warning to open source maintainers: the Axios supply chain attack started with some
very sophisticated social engineering targeted at one of their developers https://simonwillison.net/2026/Apr/3/supply-chain-social-engineering/
The Axios supply chain attack used individually targeted social engineering

The Axios team have published a full postmortem on the supply chain attack which resulted in a malware dependency going out in a release the other day, and it involved …

Simon Willison’s Weblog
Show threadStephen Bannasch (316 ppm)

@simon

Also this whole thread by Axios developers is very detailed and quite interesting: https://github.com/axios/axios/issues/10636

#axios

Post Mortem: axios npm supply chain compromise · Issue #10636 · axios/axios

Post Mortem: axios npm supply chain compromise Date: March 31, 2026 Author: Jason Saayman Status: Remediation in progress On March 31, 2026, two malicious versions of axios (1.14.1 and 0.30.4) were...

GitHub
3:41pmWeb