SlowMist
SlowMist|3月 31, 2026 04:39
🚨 Another major supply chain incident 🚨 axios — one of the most widely used npm packages — has been compromised. Malicious versions axios@1.14.1 and axios@0.30.4 were published and are actively dropping malware. The attack pulls in a newly created dependency plain-crypto-js@4.2.1, confirmed as a malicious loader: it executes obfuscated payloads, runs shell commands, and attempts to evade detection while wiping traces. With 100M+ weekly downloads, this is a live, large-scale supply chain attack. More details: https://www.stepsecurity.io/blog/axios-compromised-on-npm-malicious-versions-drop-remote-access-trojan(SlowMist)
+6
Mentioned
Share To

Timeline

HotFlash

APP

X

Telegram

Facebook

Reddit

CopyLink

Hot Reads