An unknown attacker has compromised the GitHub and npm accounts of the main developer of Axios, a widely used HTTP client library, and published npm packages backdoored with a malicious dependency that triggered the installation of droppers and remote access trojans. How the attack unfolded On March 30, 2026, with an account using a separate throwaway ProtonMail address, the attacker published on NPM a trojanized copy of the popular crypto-js JavaScript library of crypto standards. … More
The post Axios npm packages backdoored in supply chain attack appeared first on Help Net Security.
