axios@1.14.1 and axios@0.30.4 are compromised · Issue #10604 · axios/axios

Compromised axios npm package delivers cross-platform RAT | Datadog Security Labs

Datadoghq Christophe Tafani-Dereeper Mar 31, 2026

An attacker hijacked an axios maintainer's npm account to publish malicious releases that deliver a cross-platform RAT.

2 inbound links article en

axios Compromised on npm - Malicious Versions Drop Remote Access Trojan - StepSecurity

stepsecurity.io Ashish Kurmi View LinkedIn March Mar 30, 2026

Hijacked maintainer account used to publish poisoned axios releases including 1.14.1 and 0.30.4. The attacker injected a hidden dependency that drops a cross platform RAT. We are actively investigating and will update this post with a full technical analysis.

1 inbound link website en

Axios NPM Package Compromised: Supply Chain Attack Hits JavaScript HTTP Client with 100M+ Weekly Downloads

Trend Micro - United States (US) Peter Girnus; Jacob Santos Read time Mar 31, 2026

1 inbound link en latest news cyber threats

Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account

The Hacker News The Hacker News Mar 31, 2026

Axios 1.14.1 and 0.30.4 injected malicious plain-crypto-js@4.2.1 after npm compromise on March 31, 2026, deploying cross-platform RAT malware.

4 inbound links article en Article

Axios Maintainer Confirms Social Engineering Attack Behind n...

Socket Sarah Gooding Apr 2, 2026

Axios compromise traced to social engineering, showing how attacks on maintainers can bypass controls and expose the broader software supply chain.

2 inbound links website en

» north korean hacker group UNC1069 using social engineering to get access: axios npm for nodejs: software minimalism please and another javascript security problem (this time social engineered supply chain attack)

dwaves.de Admin Apr 4, 2026

Why keep all your results to yourself? - Blog with howtos and public free software and hardware OpenSource searchable knowledgebase about Linux and OpenSource - with a touch security, politics and philosophy.

0 inbound links en OpenSourceOpenSourceLinuxalternativasAndroidPHPTerminalBashScriptsGNUMySQLLinux-GNUDebianhackingHardwareinternetApplePolitikpoliticsSicherheitsecuritycybersecuritycyberencryptionhacktivismSPAMmailserverdatabasecybercrimefailfsfgnometechnologymailserverSoftwarestartupsstoragefilesystemsvirtualboxvirtualizationWebDevHTMLWebDevelopmentwordpressphilosophyunix CC BY-ND 3.0

axios Compromised on npm - Malicious Versions Drop Remote Access Trojan - StepSecurity

stepsecurity.io Ashish Kurmi View LinkedIn March Mar 30, 2026

Hijacked maintainer account used to publish poisoned axios releases including 1.14.1 and 0.30.4. The attacker injected a hidden dependency that drops a cross platform RAT. We are actively investigating and will update this post with a full technical analysis.

23 inbound links website en

Supply Chain Attack on Axios Pulls Malicious Dependency from...

Socket Socket Research Team Mar 31, 2026

A supply chain attack on Axios introduced a malicious dependency, plain-crypto-js@4.2.1, published minutes earlier and absent from the project’s GitHu...

8 inbound links website en