Bug Bounty And Vuln HuntingVuln Item

Axios NPM supply chain attack with credential harvesting and cross platform RAT

April 3, 2026Cisco Talos Intelligence Group, SANS Institute, Qualys

Cisco Talos, SANS, Qualys, and Trend Micro describe malicious Axios releases that harvested credentials and deployed cross platform malware, urging dependency tree checks because transitive installs were affected and artifacts were deleted after execution.

Open in PulseSee the full expert discussion →

QUOTES

Cisco Talos is actively investigating the March 31, 2026 supply chain attack on the official Axios NPM package:

If you haven't checked your dependency tree for axios v1.14.1 or v0.30.4 yet, transitive installs included, do it today.

The package is gone. The harvested credentials are not.

A supply chain attack has compromised Axios versions 1.14.1 and 0.30.4 to deploy a cross-platform Remote Access Trojan (RAT).

Malicious Axios releases deployed cross‑platform malware on macOS, Windows, and Linux, then deleted visible artifacts after execution.

VOICES

Cisco Talos Intelligence Group

SANS Institute

Qualys

Trend Micro Research

RELATED TERMS

supply chainnpm packagemalwareapi keysgithubaxiosmalwareapi keyssupply chainnpm package

OTHER FINDINGS IN BUG BOUNTY AND VULN HUNTING

Axios npm supply chain attack delivering cross platform rat via compromised maintainer OpenClaw privilege escalation via pair approve command DarkSword/Coruna iOS exploit kits expanding beyond nation-state use

AMYGDALA PULSE

See what experts are saying right now

This finding is one of many signals tracked across Cyber Security. The live feed updates every few hours with new expert voices, debates, and emerging ideas.

Open Cyber Security Pulse Browse all topics

← Back to Cyber Security