VentureBeat

Hackers slipped a trojan into the code library behind most of the internet. Your team is probably affected

Attackers stole a long-lived npm access token belonging to the lead maintainer of axios, the most popular HTTP client library in JavaScript, and used it to publish two poisoned versions that install a ...
CoinTelegraph

Supply chain attack hits Axios npm releases, users urged to rotate keys

Security companies flagged [email protected] and 0.30.4 as compromised, urging credential rotation and rollback of affected packages. Update March 31, 2026, 1:28 pm UTC: This article has been updated to ...
Hosted on MSN

Supply chain attack hits Axios npm releases, users urged to rotate keys

Update March 31, 2026, 1:28 pm UTC: This article has been updated to add comments from Abdelfattah Ibrahim, senior offensive security engineer at Hacken. Two malicious Axios npm releases have prompted ...