Joris Meys

An Axios dev got his credentials stolen after he installed a tool supposedly meant to take part in a meeting with a company. Turned out to be a remote access trojan, and the meeting fake.

The Axios supply chain attack used individually targeted social engineering. #opsec #developer #security #hack #Axios

By @simon

https://simonwillison.net/2026/Apr/3/supply-chain-social-engineering/

The Axios supply chain attack used individually targeted social engineering

The Axios team have published a full postmortem on the supply chain attack which resulted in a malware dependency going out in a release the other day, and it involved …

Simon Willison’s Weblog
Apr 3 at 10:55pmWeb