Supply Chain attack: Axios Was Compromised. Here’s Exactly What Happened and What We Did.
A supply chain attack quietly installed a remote access trojan on developer machines worldwide. We found it in our stack within hours — here’s our full response, and what you need to do right now. axios@1.14.1 and axios@0.30.4 were published via a hijacked maintainer account on npm They silently install plain-crypto-js@4.2.1, a RAT dropper that […]