Tag: axios

Comments

The Cybersecurity and Infrastructure Security Agency (CISA) is releasing this alert to provide guidance in response to the software supply chain compromise of the Axios node package manager (npm).1 Axios is an HTTP client for JavaScript that developers commonly use in Node.js and browser environments.  On March 31, 2026, two npm packages for versions axios@1.14.1 […]

Der HTTP-Client Axios ist aufgrund eines Lieferkettenangriffs über mani­pu­lierte NPM-Versionen anfällig für die Installation von Remote-Access-Tro­ja­nern. Dahinter stecken nordkoreanische Akteure und nicht wie zuerst ver­mu­tet die Gruppe TeamPCP, die für andere Attacken verantwortlich ist.

Scans for EncystPHP Webshell https://isc.sans.edu/diary/Scans%20for%20EncystPHP%20Webshell/32892 CPUID Compromise https://securelist.com/tr/cpu-z/119365/ https://x.com/d0cTB/status/2042520961824559150 OpenAI Mac Application Update due to Axios Compromise https://openai.com/index/axios-developer-tool-compromise/ Axios Vulnerability CVE-2026-40175 https://github.com/axios/axios/security/advisories/GHSA-fvcv-3m26-pcqx

The attack on the popular NPM package Axios is just one of many targeting maintainers and has shone a light on how threat actors can scale sophisticated social engineering campaigns.

The NPM package for Axios, a popular JavaScript HTTP client library, was briefly compromised this week, possibly by North Korean threat actors.

Axios npm Hijack 2026: Everything You Need to Know – IOCs, Impact & RemediationOn March 31, 2026, a threat actor hijacked the npm account of the lead Axios maintainer and published two malicious versions of one of the world’s most popular JavaScript libraries – Axios (~100M weekly downloads). The malicious versions contained a hidden dependency […]