Axios

#Axios • 2026-03

Unknown

In March 2026, attackers attributed by security researchers to North Korea-linked UNC1069/Sapphire Sleet compromised Axios npm maintainer access and published malicious axios releases 1.14.1 and 0.30.4. The releases added the malicious dependency [email protected], whose postinstall chain downloaded cross-platform payloads targeting developer and CI/CD environments; affected organizations were advised to downgrade, remove the dependency, audit build systems, and rotate exposed secrets.

Related Actors

Related Reports

2026-05-29
SOCRadar
#Trend #TraderTraitor #SupplyChain #NPM #UNC1069 #Lazarus #WAVESHAPER #Axios #DriftProtocol #KelpDAO
2026-05-19
OSM
#NPM #UNC1069 #Axios
2026-05-14
OSM
#NPM #ContagiousInterview #BeaverTail #InvisibleFerret #Lazarus #VSCode #Axios #TasksJacker
2026-04-20
USCISA
#NPM #Axios
2026-04-17
Igloo
#NPM #Axios
2026-04-10
Open AI
#Axios
2026-04-09
Levelblue
#SupplyChain #NPM #Axios #T1059 #T1105 #T1195.001
2026-04-09
Kaspersky
#Bluenoroff #NPM #GhostCall #Axios #SysPhon
2026-04-07
e Sentire
#NPM #WAVESHAPER #Axios
2026-04-06
Poly Swarm
#NPM #UNC1069 #Axios
2026-04-04
Resecurity
#NPM #Axios #T1082 #T1041 #T1027 #T1071 #T1059 #T1195 #T1003
2026-04-03
DCSO
#Bluenoroff #NPM #Axios #T1059.004 #T1059.002 #T1105
2026-04-03
Cisco Talos
#NPM #Axios
2026-04-03
Socket
#NPM #Axios
2026-04-03
NVISO
#NPM #Axios
« Back