security — 2026-04

1 result(s)

• security: Mitigating the Axios npm supply chain compromise
  2026-04-01 · security · timeframe: 2026-04 · tags: Axios, npm, supply-chain, security, Microsoft Threat Intelligence, Sapphire Sleet

  Microsoft reported that Axios was hit by a supply chain attack on March 31, 2026. Malicious npm releases 1.14.1 and 0.30.4 were used to fetch content from a C2 server linked to the North Korean actor Sapphire Sleet; the compromised versions have since been removed.

  • Source: Microsoft Security Blog