> TritonInfoSec News
Home / Apr 01, 2026 / Story
0
#1 BleepingComputer general March 31, 2026 at 13:53 UTC

Hackers compromise Axios npm package to drop cross-platform malware

By Bill Toulas

AI Summary

Hackers compromised the npm account for Axios, a JavaScript HTTP client with over 100 million weekly downloads, releasing malicious versions 1.14.1 and 0.30.4 that inject a fake dependency called "plain-crypto-js" to deliver cross-platform remote access trojans. Google attributes this supply chain attack to North Korean threat group UNC1069, which has been using similar tactics since 2023.

Read full article → https://www.bleepingcomputer.com/news/security/hac…

Relevance score: 95.0/100

# More from April 01

  1. 2
    Claude AI finds Vim, Emacs RCE bugs that trigger on file open BleepingComputer
  2. 3
    Cisco source code stolen in Trivy-linked dev environment breach BleepingComputer
  3. 4
    TrueConf Zero-Day Exploited in Attacks on Southeast Asian Government Networks The Hacker News
  4. 5
    CISA orders feds to patch actively exploited Citrix flaw by Thursday BleepingComputer
  5. 6
    Exploitation of Critical Fortinet FortiClient EMS Flaw Begins SecurityWeek
  6. 7
    GIGABYTE Control Center vulnerable to arbitrary file write flaw BleepingComputer
  7. 8
    Hacker charged with stealing $53 million from Uranium crypto exchange BleepingComputer
  8. 9
    Dutch Finance Ministry takes treasury banking portal offline after breach BleepingComputer
  9. 10
    StrongSwan Flaw Allows Unauthenticated Attackers to Crash VPNs SecurityWeek