On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages for version updates to download from command and control (C2) that Microsoft Threat Intelligence has attributed to the North Korean state actor Sapphire Sleet. Although the malicious versions are no longer available for download, since Axios is one of the most widely used HTTP clients in the JavaScript ecosystem, this compromise exposed hundreds to potentially millions of users.
The post Mitigating the Axios npm supply chain compromise appeared first on Microsoft Security Blog.
---
来源: Microsoft Security
原文链接: https://www.microsoft.com/en-us/security/blog/2026/04/01/mitigating-the-axios-npm-supply-chain-compromise/
Mitigating the Axios npm supply chain compromise
15 浏览
0 回复
暂无回复,快来抢沙发吧!