Axios
12 mentions across all digests
Axios is a widely-used JavaScript HTTP client library whose npm package was compromised in a March 2026 supply chain attack via social engineering of its lead maintainer, injecting a remote access trojan for approximately three hours.
We May Be Living Through the Most Consequential Hundred Days in Cyber History
Simultaneous coordinated breaches of the FBI, Lockheed Martin (375TB), and AI vendor Mercor by four distinct state/criminal actors signal an unprecedented escalation in parallel cyber warfare targeting US infrastructure and AI supply chains.
Two different attackers poisoned popular open source tools - and showed us the future of supply chain compromise
March 2026 supply chain attacks poisoned Trivy and Axios via social engineering, stealing secrets from tens of thousands of organizations across development pipelines and cloud environments with planned follow-up exploitation.
AI #162: Visions of Mythos
Anthropic's proprietary Mythos model and Claude Code source codebase leak alongside LiteLLM and Axios supply-chain compromises, cascading security failures across AI infrastructure.
OpenAI's response to the Axios developer tool compromise
Compromised Axios library exposed OpenAI's macOS app-signing pipeline in March 2026, risking counterfeit app distribution despite no user data breach—forcing swift certificate updates and mandatory client upgrades.
North Korea targets macOS users in latest heist
North Korean APT38 impersonates LinkedIn recruiters to deliver Zoom-disguised macOS malware targeting cryptocurrency wallets and finance sector trading secrets.