Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Axios JavaScript NPM package hit by network compromise

Incident
First reported
Last updated
Happening score
H score 37
2 unique sources, 2 articles

Summary

Hide ▲

Axios suffered a supply-chain compromise after malicious versions were published to NPM, creating a high-risk exposure for developers and downstream consumers. The malicious releases were active for around three hours, and one embedded dependency could deliver a RAT across Windows, Linux, and Mac. The incident matters because Axios is downloaded more than 400 million times per month, so even a short window could affect a very large ecosystem.

Related Happenings

Shai-Hulud worm clone activity on NPM

Malware Activity
First: 18.05.2026 12:45 Last: 18.05.2026 12:45 Sources 1

About this happening: The **Shai-Hulud** malware activity has continued to evolve across the **npm supply chain** and related developer ecosystems. It first infected **npm packages** in **September 202...

Open Happening

Inactive maintainer account 'atiertant' hit by network compromise

Incident
First: 15.05.2026 20:10 Last: 15.05.2026 20:10 Sources 1

About this happening: The **inactive maintainer account 'atiertant'** for **node-ipc** was **compromised**, enabling malicious package releases that could steal credentials from downstream installation...

Open Happening

TanStack hit by network compromise

Incident
First: 12.05.2026 17:45 Last: 12.05.2026 17:45 Sources 1

About this happening: **TanStack** was hit by a **package compromise** on **May 11, 2026**, when attackers published **84 malicious versions** across **42 @tanstack/* packages** and abused the release...

Latest development: 21.05.2026 11:00

On May 17, 2026, Grafana Labs said an unauthorized attacker had downloaded its codebase after accessing the firm's GitHub environment, and the company later said additional internal operational information and business contact names and email addresses were taken from its GitHub repositories; Grafana Labs said there was no indication that customer production systems or the Grafana Cloud platform were compromised.

Open Happening

Mini Shai-Hulud npm supply-chain malware wave

Malware Activity
First: 12.05.2026 14:07 Last: 12.05.2026 14:07 Sources 1

About this happening: The **Sha1-Hulud** npm supply-chain campaign is a fresh **second wave** of **Shai-Hulud**-style activity that has compromised **hundreds of npm packages**. The malware runs during...

Open Happening

Npm typosquatting campaign distributing WinOS 4.0 implant

Campaign
First: 09.05.2026 17:26 Last: 09.05.2026 17:26 Sources 1

About this happening: A **npm typosquatting campaign** distributing the **WinOS 4.0 implant** overlapped with malicious repository activity, indicating a broader coordinated distribution effort beyond...

Open Happening

Timeline

  1. 13.04.2026 20:39 1 articles · 1mo ago

    OpenAI rotates macOS code-signing certificates after Axios compromise

    Mitigation Patch Update

    OpenAI is revoking and rotating potentially exposed macOS code-signing certificates after a GitHub Actions workflow executed compromised Axios version 1.14.1 during the March 31, 2026 supply chain attack. The certificate was used to sign OpenAI macOS apps including ChatGPT Desktop, Codex, Codex CLI, and Atlas, and macOS users must update to versions signed with the new certificate before the old certificate is fully revoked on May 8, 2026.

    Show sources
    Open in new tab
  2. 30.03.2026 03:00 1 articles · 1mo ago

    Axios NPM compromise disclosed

    Initial Disclosure

    StepSecurity identified two malicious Axios NPM releases, [email protected] and [email protected], after the maintainer account "jasonsaayman" was compromised; the releases introduced plain-crypto-js, which impersonated crypto-js and executed a script that installed a cross-platform RAT, and NPM later removed the campaign while defenders were urged to verify dependencies and check indicators of compromise.

    Show sources
    Open in new tab