GIGAZINE

Google has identified North Korean hacker group 'UNC1069' as the perpetrators of a supply chain attack against the open-source Axios.

Google's security researchers have submitted a report investigating the Axios JavaScript library's supply chain attack that resulted in the installation of a remote access Trojan. Google has concluded ...
Dark Reading

Axios NPM Package Compromised in Precision Attack

The Axios JavaScript NPM package was recently compromised, representing one of the highest impact supply chain attacks against the open source development ecosystem in recent months. Axios is the most ...
SiliconANGLE

Hackers compromise popular Axios Javascript library with hidden malware

The widely used Axios HTTP client library, a JavaScript component used by developers, was recently hacked to distribute malware via a compromised account. Attackers exploited a hijacked account on npm ...
Security Boulevard

Poisoned Axios: npm Account Takeover, 50 Million Downloads, and a RAT That Vanishes After Install

On March 30-31, 2026, threat actors published two malicious versions of the popular HTTP library axios (versions 1.14.1 and 0.30.4) to the npm registry. Both versions included a new dependency named ...
GitHub

ChainStackForge/openapi-client-axios

JavaScript client library for consuming OpenAPI-enabled APIs with axios. Types included. client is an axios instance initialized with baseURL from OpenAPI definitions and extended with extra operation ...
Hosted on MSN

North Korean hackers hit major software tool

Suspected North Korean hackers briefly seized control of the Axios JavaScript library, used by thousands of companies, to push malicious updates in a precision supply-chain attack. The breach, lasting ...
thearabianpost

Axios breach jolts software supply chains

A supply-chain attack on the widely used Axios JavaScript library has raised fresh concern over the fragility of open-source software distribution after attackers slipped malicious code into two ...