"STARDUST CHOLLIMA Likely Compromises Axios npm Package" published by CrowdStrike. #Axios, #NPM, #StardustChollima, #DPRK, #CTI https://www.crowdstrike.com/en-us/blog/stardust-chollima-likely-compromises-axios-npm-package/
lazarusholic
- 87 Followers
- 0 Following
- 1.7K Posts
"Mitigating the Axios npm supply chain compromise" published by Microsoft. #Axios, #NPM, #SapphireSleet, #DPRK, #CTI https://www.microsoft.com/en-us/security/blog/2026/04/01/mitigating-the-axios-npm-supply-chain-compromise/
Mitigating the Axios npm supply chain compromise | Microsoft Security Blog
On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages for version updates to download from command and control (C2) that Microsoft Threat Intelligence has attributed to the North Korean state actor Sapphire Sleet. Although the malicious versions are no longer available for download, since Axios is one of the most widely used HTTP clients in the JavaScript ecosystem, this compromise exposed hundreds to potentially millions of users.
"Axios npm compromise: XOR dropper to cross-platform RAT" published by Derp. #Axios, #NPM, #DPRK, #CTI https://www.derp.ca/research/axios-npm-supply-chain-rat/
"axios Compromised: npm Supply Chain Attack via Dependency Injection" published by SafeDep. #Axios, #NPM, #DPRK, #CTI https://safedep.io/axios-npm-supply-chain-compromise/
axios Compromised: npm Supply Chain Attack via Dependency Injection
axios 1.14.1 was published to npm via a compromised maintainer account, injecting a trojanized dependency that executes a multi-platform reverse shell on install. No source code changes in axios itself, just a new entry in package.json.
"Axios npm Package Compromised: Supply Chain Attack Delivers Cross-Platform RAT" published by Snyk. #Axios, #NPM, #DPRK, #CTI https://snyk.io/blog/axios-npm-package-compromised-supply-chain-attack-delivers-cross-platform/
Axios npm Package Compromised: Supply Chain Attack Delivers Cross-Platform RAT | Snyk
Meta description: Malicious versions of the Axios npm package (1.14.1 and 0.30.4) were published via a compromised maintainer account, injecting a hidden dependency that deploys a cross-platform remote access trojan. Here's what happened, who's affected, and how to check your exposure.
"Axios npm Supply Chain Compromise (2026-03-31) — Full RE + Dynamic Analysis + BlueNoroff Attribution" published by N3mes1s. #Axios, #BlueNoroff, #NPM, #DPRK, #CTI https://gist.github.com/N3mes1s/0c0fc7a0c23cdb5e1c8f66b208053ed6
Axios npm Supply Chain Compromise (2026-03-31) — Full RE + Dynamic Analysis + BlueNoroff Attribution | 17 SHA256 | YARA/Sigma/Suricata rules | Live peinject validation on Daytona
Axios npm Supply Chain Compromise (2026-03-31) — Full RE + Dynamic Analysis + BlueNoroff Attribution | 17 SHA256 | YARA/Sigma/Suricata rules | Live peinject validation on Daytona - 00_README.md
"Supply Chain Compromise of axios npm Package" published by Huntress. #Axios, #NPM, #DPRK, #CTI https://www.huntress.com/blog/supply-chain-compromise-axios-npm-package
"axios Compromised: A Supply Chain Attack on npm's Most Popular HTTP Client" published by Koi. #Axios, #NPM, #DPRK, #CTI https://www.koi.ai/blog/axios-compromised-a-supply-chain-attack-on-npms-most-popular-http-client
"Axios npm Hijack 2026: Everything You Need to Know – IOCs, Impact & Remediation" published by SOCRadar. #Axios, #NPM, #DPRK, #CTI https://socradar.io/blog/axios-npm-supply-chain-attack-2026-ciso-guide/
