Wiz reports that an unknown actor compromised an axios maintainer npm account on March 31, 2026 and published malicious axios versions 1.14.1 and 0.30.4. The poisoned releases introduced plain-crypto-js, whose setup.js dropper downloaded second-stage payloads from sfrclak.com:8000 and then attempted to remove evidence by deleting itself and restoring a clean package.json. The macOS, Windows, and Linux payloads functioned as lightweight RATs that beaconed every 60 seconds and supported remote shell execution, binary injection, directory browsing, process listing, and system reconnaissance. The short exposure window still mattered because axios is widely used across cloud and code environments, making developer workstations, build systems, and production workloads potential compromise paths.