Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account

3 hours ago [email protected] (The Hacker News)
Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account


The popular HTTP client known as Axios has suffered a supply chain attack after two newly published versions of the npm package introduced a malicious dependency.
Versions 1.14.1 and 0.30.4 of Axios have been found to inject “plain-crypto-js” version 4.2.1 as a fake dependency.
According to StepSecurity, the two versions were published using the compromised npm credentials of the primary Axios

The post “Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account” appeared first on The Hacker News

Source:The Hacker News – [email protected] (The Hacker News)

Tags: , , ,

More Stories

DeepLoad Malware Uses ClickFix and WMI Persistence to Steal Browser Credentials

17 hours ago [email protected] (The Hacker News)

⚡ Weekly Recap: Telecom Sleeper Cells, LLM Jailbreaks, Apple Forces U.K. Age Checks and More

19 hours ago [email protected] (The Hacker News)

Three China-Linked Clusters Target Southeast Asian Government in 2025 Cyber Campaign

1 day ago [email protected] (The Hacker News)

Iran-Linked Hackers Breach FBI Director’s Personal Email, Hit Stryker With Wiper Attack

3 days ago [email protected] (The Hacker News)

CISA Adds CVE-2025-53521 to KEV After Active F5 BIG-IP APM Exploitation

3 days ago [email protected] (The Hacker News)

Apple Sends Lock Screen Alerts to Outdated iPhones Over Active Web-Based Exploits

4 days ago [email protected] (The Hacker News)