Axios NPM Package Breached in North Korean Supply Chain Attack
Malicious versions of the Axios NPM library were distributed to millions in a supply chain attack blamed on North Korean hackers. The backdoored package versions were removed from the registry roughly three hours later, but not before being downloaded by roughly 3% of the Axios userbase.
A supply chain attack targeted the Axios NPM library, used by millions. On March 31, 2026, two backdoored versions were published to the NPM registry. They were removed three hours later, but not before being downloaded by 3% of users. The attack was blamed on North Korean hackers. The backdoored versions contained a phantom dependency that executed a payload across Windows, macOS, and Linux systems. The attackers compromised the NPM account of the primary maintainer to publish the malicious packages.
This content was automatically generated and/or translated by AI. It may contain inaccuracies. Please refer to the original sources for verification.