Simon Willison14h ago
Warning to open source maintainers: the Axios supply chain attack started with some
very sophisticated social engineering targeted at one of their developers https://simonwillison.net/2026/Apr/3/supply-chain-social-engineering/
The Axios supply chain attack used individually targeted social engineering

The Axios team have published a full postmortem on the supply chain attack which resulted in a malware dependency going out in a release the other day, and it involved …

Simon Willison’s Weblog
Show threadjlapoutre

RE: https://fedi.simonwillison.net/@simon/116341351192013388

@simon Broken record here: Why use axios? We have fetch. For 10+ years (or slightly less, too lazy to check my own facts).

10:21pmWeb