Mandiant, Elastic Security Labs, Huntress, and others report a maintainer account takeover led to trojanized axios releases that executed malware on install across Windows, macOS, and Linux, forcing teams to triage dependency ranges and rebuild compromised systems.
UNC1069 compromised the "axios" NPM package (v1.14.1 & 0.30.4), deploying the WAVESHAPER.V2 backdoor across Windows, macOS, and Linux.
We have discovered a massive supply chain compromise in the Axios npm package.
The Huntress SOC is currently tracking a sophisticated supply chain attack targeting the popular axios npm package. With over 100M+ weekly downloads, the reach is massive, and we’ve seen the attack impacting 135 customer endpoints so far.
Axios npm package briefly compromised after attacker takeover of a trusted maintainer account
No zero-day. No exploit. Just npm install doing exactly what it's supposed to do.
This finding is one of many signals tracked across Cyber Security. The live feed updates every few hours with new expert voices, debates, and emerging ideas.
← Back to Cyber Security