Lead maintainer, Axios npm package
Appears in 1 story
Account compromised; cooperating with investigation
Axios is installed in roughly 80% of cloud and code environments and downloaded over 100 million times per week. On March 31, 2026, a North Korean hacking group hijacked the npm account of its lead maintainer, published two backdoored versions containing a cross-platform remote access trojan, and had them live for nearly three hours before anyone noticed. Google's Threat Intelligence Group formally attributed the attack to UNC1069, a financially motivated North Korean threat cluster active since at least 2018.
Updated 3 hours ago
No stories match your search
Try a different keyword
How would you like to describe your experience with the app today?
