Axios npm packages backdoored in supply chain attack
✦ NabkaNews BriefAuto-summarized from multiple outlets · verify with the source
A supply chain attack has compromised the Axios npm package, which is a widely used javascript http client. The attack may have been carried out by hackers from North Korea, although this is not universally reported. The compromised package is reported to have been used to distribute malicious software, potentially including a cross-platform remote access tool, to developer machines.
Full coverage
12345678