Axios NPM Package Compromised: Supply Chain Attack Hits JavaScript HTTP Client with 100M+ Weekly Downloads
Trend Micro Simply Security
2026-03-31 08:00:00
收藏
A supply chain attack hit Axios when attackers used stolen npm credentials to publish malicious versions containing a phantom dependency. This triggered a cross-platform RAT during installation and replaced its files with clean decoys, making detection challenging.
目录
最新
- Agentic Governance: Why It Matters Now
- Analyzing TeamPCP’s Supply Chain Attacks: Checkmarx KICS and elementary-data in CI/CD Credential Theft
- Vibe Hacking: Two AI-Augmented Campaigns Target Government and Financial Sectors in Latin America
- What Is the Instructure Canvas Breach? Impact, Risks, and What Institutions Should Do
- Supporting the National Cyber Strategy: How TrendAI™ Helps
- InstallFix and Claude Code: How Fake Install Pages Lead to Real Compromise
- Quasar Linux (QLNX) – A Silent Foothold in the Supply Chain: Inside a Full-Featured Linux RAT With Rootkit, PAM Backdoor, Credential Harvesting Capabilities
- Inside Shadow-Earth-053: A China-Aligned Cyberespionage Campaign Against Government and Defense Sectors in Asia