The Axios library was attacked through a supply chain, with hackers using stolen npm tokens to implant a remote trojan, affecting about 80% of cloud environments
The attacker stole the npm access token of the chief maintainer of Axios, the most popular HTTP client library for JavaScript, and used that token to publish two malicious versions containing cross-platform remote access trojans (RATs) (axios@1.14.1 and axios@0.3.4), targeting macOS, Windows, and Linux systems. The malicious packages were removed from the npm registry about 3 hours after being published.
According to data from security company Wiz, Axios is downloaded over 100 million times weekly and exists in about 80% of cloud and code environments. Security company Huntress detected the first infections just 89 seconds after the malicious packages went live and confirmed that at least 135 systems were compromised during the exposure window. Notably, the Axios project had previously deployed modern security measures such as OIDC trusted publishing mechanisms and SLSA provenance proofs, but the attacker completely bypassed these defenses. Investigations revealed that while configuring OIDC, the project retained the traditional long-lived NPM_TOKEN, and npm defaults to using the traditional token when both coexist, allowing the attacker to publish without breaching OIDC.
You may also like
Champion's Final Bow: FC Barcelona vs Real Betis – Celebrate the Title with a Home Finale
Best Oil Trading Platform for Crypto Users in 2026
5 Futures Trading Strategies Smart Traders Use to Cut Crypto Fees and Boost Futures Returns
What Is TradFi? How Crypto Traders Can Now Access Crude Oil, Gold, and Global Markets
How WEEX Bridges Crypto and Football: A Deep Look at the LALIGA Partnership Inside the WEEX App
WEEX is not just a LALIGA sponsor. It’s a true partner. From iPhone Dynamic Island to LALIGA-themed app icons and smart posters, see how WEEX brings football passion into every trade — and builds a real bridge between crypto and sports.
FC Barcelona vs Real Madrid Preview: El Clásico – Can Barça Clinch the Title at Spotify Camp Nou?
FC Barcelona vs Real Madrid El Clásico match preview for May 11, 2026. Barça need just 1 point to win LALIGA. Can Madrid delay the trophy? Full preview inside.
At the Stripe conference, I saw the future of the AI economy
Miners welcome a new life
Seven Important Judgments by Claude Code's Founder at the Sequoia Conference
The payment moment of AI agents: Who will become the Stripe of the machine economy?
Morning Report | MoonPay acquires Solana's execution layer DFlow; Strategy releases Q1 financial report; Manta Network announces the termination of Manta staking program
Rented Tracks: What is this wave of stablecoin FX hot money really paying for?
Dialogue Velocity Eric: What is the stablecoin track that the CFO really wants?
Strategy should have said that selling coins is not ruled out
How MegaETH Achieved a TVL of 700m Within a Week of TGE? Analyzing the Packaging Strategy
Futures Trading Hours: Trade Cryptocurrency 24/7 and Earn Back Up to 45% in Trading Fees
Learn futures trading hours and the best time to trade crypto futures. Discover 24/7 market insights, peak trading sessions, and how to earn back up to 45% in fees.
Why is a16z Crypto raising another $2.2 billion to heavily invest in Web3?
Polymarket Underlying Algorithm Explained
Champion's Final Bow: FC Barcelona vs Real Betis – Celebrate the Title with a Home Finale
Best Oil Trading Platform for Crypto Users in 2026
5 Futures Trading Strategies Smart Traders Use to Cut Crypto Fees and Boost Futures Returns
What Is TradFi? How Crypto Traders Can Now Access Crude Oil, Gold, and Global Markets
How WEEX Bridges Crypto and Football: A Deep Look at the LALIGA Partnership Inside the WEEX App
WEEX is not just a LALIGA sponsor. It’s a true partner. From iPhone Dynamic Island to LALIGA-themed app icons and smart posters, see how WEEX brings football passion into every trade — and builds a real bridge between crypto and sports.
FC Barcelona vs Real Madrid Preview: El Clásico – Can Barça Clinch the Title at Spotify Camp Nou?
FC Barcelona vs Real Madrid El Clásico match preview for May 11, 2026. Barça need just 1 point to win LALIGA. Can Madrid delay the trophy? Full preview inside.
Contents
Popular coins
Latest Crypto News
