Buy Crypto- Markets
Futures- Spot
- Copy Trade
- Earn
- More
The Axios library was attacked through a supply chain, with hackers using stolen npm tokens to implant a remote trojan, affecting about 80% of cloud environments
The attacker stole the npm access token of the chief maintainer of Axios, the most popular HTTP client library for JavaScript, and used that token to publish two malicious versions containing cross-platform remote access trojans (RATs) (axios@1.14.1 and axios@0.3.4), targeting macOS, Windows, and Linux systems. The malicious packages were removed from the npm registry about 3 hours after being published.
According to data from security company Wiz, Axios is downloaded over 100 million times weekly and exists in about 80% of cloud and code environments. Security company Huntress detected the first infections just 89 seconds after the malicious packages went live and confirmed that at least 135 systems were compromised during the exposure window. Notably, the Axios project had previously deployed modern security measures such as OIDC trusted publishing mechanisms and SLSA provenance proofs, but the attacker completely bypassed these defenses. Investigations revealed that while configuring OIDC, the project retained the traditional long-lived NPM_TOKEN, and npm defaults to using the traditional token when both coexist, allowing the attacker to publish without breaching OIDC.
You may also like
The DeFi lending protocol Drift was hacked for over $200 million in just 10 seconds, affecting more than 15 projects
Q1 Market Review: Traditional Assets Enter the Blockchain Era; Geopolitical Turbulence Puts Pressure on the Cryptocurrency Market
$285 million, the largest on-chain attack of the year, or still the age-old private key issue
NVIDIA Loses 40% of China Market in Three Years | Rewire News Morning Edition
Traditional Brokerage Enters Crypto: Interactive Brokers Surges Into Crypto Market in Three Months
OpenAI completes largest funding round ever, with Anthropic even more eager to go public
Trump Speech Sparks Market: "Major Strike on Iran" in the Next Two to Three Weeks, Oil Price Surges, Gold Plunges
After two accidents in one week, looking back at how the Anthropic co-founders were talking about "safety" a year ago
Morning News | OpenAI completes $122 billion financing; SpaceX has secretly submitted IPO application; B2C2 sets Solana as the mainnet for institutional stablecoin settlement
Claw Wallet: Let Agent's on-chain assets no longer run naked
Dialogue with BlackRock's Head of Digital Assets: How do tokenized stocks work?
Is the Middle East Conflict Really Coming to an End?
How to Rediscover Your Lost Creativity in the AI Age
How to Win at WEEX's Joker Returns 2026: Poker Card Strategy & Tips
Learn how to win at WEEX Joker Returns 2026 using poker-style card combos and Joker wildcard strategy. Discover how stronger hands improve multipliers and reward potential.
What Is A Joker Card In Poker? Rules, Role & How To Win It For 15,000 USDT
Master the Joker Card to win 15,000 USDT. Learn poker strategy for WEEX's Joker Returns crypto event (April 1-30, 2026). Turn deposits & trades into winning combos. Join now!
Cryptocurrency exchanges are launching a battle for VIP clients
PlanX launched with a 24-hour trading volume exceeding $12.9M: AI-driven on-chain execution begins to reshape trading paradigms, with the next day's trading volume surpassing $75M
App