Simon Willison15h ago
Warning to open source maintainers: the Axios supply chain attack started with some
very sophisticated social engineering targeted at one of their developers https://simonwillison.net/2026/Apr/3/supply-chain-social-engineering/
The Axios supply chain attack used individually targeted social engineering

The Axios team have published a full postmortem on the supply chain attack which resulted in a malware dependency going out in a release the other day, and it involved …

Simon Willison’s Weblog
Show threadGhostOnTheHalfShell

@simon

If you’ve heard about the elements of Claude source code incorporating addictive gaming design and sycophancy, it makes the situation even worse for any contributors who are playing around with the technology. At the very least it’s risk factor.

6:33pmWeb