Tuesday, 31 March 2026

Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account

iT4iNT SERVER The popular HTTP client known as Axios has suffered a supply chain attack after two newly published versions of the npm package introduced a malicious dependency.
Versions 1.14.1 and 0.30.4 of Axios have been found to inject "plain-crypto-js" version 4.2.1 as a fake dependency.
According to StepSecurity, the two versions were published using the compromised npm credentials of the primary Axios VDS VPS Cloud


http://dlvr.it/TRnfKp
-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Anthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chain

iT4iNT SERVER Cybersecurity researchers have discovered a critical "by design" weakness in the Model Context Protocol's (MCP) ...