Axios

#Axios • 2026-03

Unknown

In March 2026, attackers attributed by security researchers to North Korea-linked UNC1069/Sapphire Sleet compromised Axios npm maintainer access and published malicious axios releases 1.14.1 and 0.30.4. The releases added the malicious dependency [email protected], whose postinstall chain downloaded cross-platform payloads targeting developer and CI/CD environments; affected organizations were advised to downgrade, remove the dependency, audit build systems, and rotate exposed secrets.

Related Actors

Related Reports

2026-04-02
Elastic
#NPM #Axios
2026-04-02
Veracode
#NPM #Axios
2026-04-02
Socket
#NPM #Axios
2026-04-02
Axios Http
#NPM #Axios
2026-04-01
Qihoo360
#NPM #Lazarus #Axios
2026-04-01
Bitdefender
#NPM #Axios
2026-04-01
Secu I
#NPM #Axios
2026-04-01
Cybersec Sentinel
#NPM #UNC1069 #Axios #T1140 #T1070.004 #T1071.001 #T1195.002 #T1059.007 #T1036 #T1059.004 #T1547.001
2026-04-01
Paloalto Networks
#NPM #Axios #T1105 #T1219 #T1204.005
2026-04-01
Socket
#NPM #Axios
2026-04-01
Hunt.io
#TA444 #Bluenoroff #NPM #Axios #T1082 #T1070.004 #T1071.001 #T1195.002 #T1059.006 #T1027 #T1057 #T1547.001 #T1059.001 #T1036.005 #T1059.002 #T1055 #T1553.002
2026-04-01
Crowd Strike
#StardustChollima #NPM #Axios
2026-04-01
Microsoft
#NPM #SapphireSleet #Axios
2026-04-01
Elastic
#NPM #Axios
2026-04-01
Elastic
#NPM #Axios
« Back