North Korea-linked actor compromises axios NPM package

A shocking discovery by Google Threat Intelligence Group has exposed a vulnerability in the popular axios NPM package, which has over 100 million weekly downloads, and has raised urgent questions about the trustworthiness of software supply chains. A malicious dependency was secretly introduced into axios releases, putting countless…

https://osintsights.com/north-korea-linked-actor-compromises-axios-npm-package

#Axios #Npm #NodePackageManager #NorthKorea #GoogleThreatIntelligenceGroup