The Axios library was attacked through a supply chain, with hackers using stolen npm tokens to implant a remote trojan, affecting about 80% of cloud environments
By: rootdata|2026/04/02 05:48:26
0
Share
The attacker stole the npm access token of the chief maintainer of Axios, the most popular HTTP client library for JavaScript, and used that token to publish two malicious versions containing cross-platform remote access trojans (RATs) (axios@1.14.1 and axios@0.3.4), targeting macOS, Windows, and Linux systems. The malicious packages were removed from the npm registry about 3 hours after being published.
According to data from security company Wiz, Axios is downloaded over 100 million times weekly and exists in about 80% of cloud and code environments. Security company Huntress detected the first infections just 89 seconds after the malicious packages went live and confirmed that at least 135 systems were compromised during the exposure window. Notably, the Axios project had previously deployed modern security measures such as OIDC trusted publishing mechanisms and SLSA provenance proofs, but the attacker completely bypassed these defenses. Investigations revealed that while configuring OIDC, the project retained the traditional long-lived NPM_TOKEN, and npm defaults to using the traditional token when both coexist, allowing the attacker to publish without breaching OIDC.
You may also like
Morning Report | Samsung announces a 265.5 trillion won investment plan, focusing on semiconductor and AI computing power data centers; Vitalik publishes an article detailing the entire technology tree behind the confusion protocol (iO) mainline
Overview of Important Market Events on June 29
What you bought on CEX is really not US stocks: Analyzing the 94% liquidation monopoly and the evaporation of equity under a five-layer pipeline
Peeling back its smooth trading interface to examine the underlying legal relationships and settlement processes, you will find that this is far from a simple "RWA asset revolution," but rather a complex game of interests involving spot pricing, rights ownership, and the monopoly of underlying custo...
In such a crowded cross-border payment arena, where is the next stop for the future?
Only by stepping into the mud can one have the chance to touch gold.
Why Is Bitcoin Down in 2026? What We Can Learn From 2022
Why is Bitcoin down in 2026? Bitcoin has just recorded its worst first half since 2022, with back-to-back quarterly losses, record ETF outflows, and extreme fear. Here's what history says, how 2026 differs from the last bear market, and the three signals traders should wat
The large models in the United States are moving towards closure in the name of security
The government successfully inserted itself as an approver between commercial AI models and their users for the first time.
From the white-haired stock god to the billionaire fund mogul, the smart people shorting Nvidia are all getting rich using the same framework
Give up on heavily investing in Nvidia's "nine major bottlenecks"! This article analyzes the underlying logic behind top AI investors making billions: physical infrastructure such as electricity, HBM, and optical interconnects are the true keys to wealth in AI hardware.
Morning Report | CoinEx becomes a key hub for Iran to evade sanctions, involving over $3.8 billion in funds; Kalshi seeks a new round of financing, with a valuation potentially rising to $40 billion
Overview of Important Market Events on June 25
Global Launch: As predictions become the most scarce asset in the AI era, Manadia is defining the next generation of the value internet
The trusted AI prediction ecosystem Manadia, which has secured $7 million in funding from well-known institutions like OKX, will globally launch in June. The core token UMXM has already been listed on multiple mainstream platforms, inviting you to seize the new blue ocean of the trillion-level predi...
Why do cryptocurrency projects always like to change their names?
In many cases, the old names of encryption projects have no competitive advantage, only historical baggage.
Who is footing the bill for the $64 billion accounting frenzy?
Affected by Bitcoin falling below $60,000, publicly listed companies heavily invested in this asset are facing huge paper losses and valuation discounts, and their debt structure and accounting standards may trigger structural liquidity risks in the future.
I never expected that the first application of AI x Crypto would be in security auditing
AI has accelerated attack efficiency and also promoted the upgrade of defense systems. The security audit sector is undergoing a transition from a dividend model to a competitive model.
What is your view on Binance's competitive advantages?
When the dividends of rule arbitrage gradually approach zero, can we produce product strength, governance capability, and trust that are commensurate with its scale?
ETH has entered a non-consensus phase, and the turning point is approaching!
This has nothing to do with the Ethereum Foundation or Ethlabs; Ethereum needs to win by solving real problems.
The shift in the cloud of the air: from despising stablecoins a year ago to the high-profile entry of capital today
It can continue to question the cost-effectiveness of stablecoins in the G10 currency corridor, but it cannot ignore the structural opportunities of stablecoins in emerging markets, corporate finance, and on-chain settlements.
The survival dilemma of small and medium exchanges behind the withdrawal anomalies exposed by AscendEX
The living space is constantly being compressed.
Why Is Bitcoin Falling Below $60K? 5 Key Market Drivers Explained
Bitcoin has dropped sharply amid ETF outflows, Strategy stock weakness, AI stock rallies, and changing Fed expectations. Explore the key forces driving BTC’s latest correction and what traders should watch next.
Bitcoin vs. Gold in 2026: Which Asset Performs Better in Different Markets?
Bitcoin vs. gold in 2026: Why are both assets falling, and what does their changing correlation mean? Discover what drives Bitcoin and gold prices and how traders can navigate different market conditions.
The cryptocurrency industry has entered the "Show Me" era: merely relying on vision is no longer enough
The awareness level of the audience in the cryptocurrency industry—including media, institutions, and retail investors—is steadily increasing, and this trend has become a foregone conclusion.
Morning Report | Samsung announces a 265.5 trillion won investment plan, focusing on semiconductor and AI computing power data centers; Vitalik publishes an article detailing the entire technology tree behind the confusion protocol (iO) mainline
Overview of Important Market Events on June 29
What you bought on CEX is really not US stocks: Analyzing the 94% liquidation monopoly and the evaporation of equity under a five-layer pipeline
Peeling back its smooth trading interface to examine the underlying legal relationships and settlement processes, you will find that this is far from a simple "RWA asset revolution," but rather a complex game of interests involving spot pricing, rights ownership, and the monopoly of underlying custo...
In such a crowded cross-border payment arena, where is the next stop for the future?
Only by stepping into the mud can one have the chance to touch gold.
Why Is Bitcoin Down in 2026? What We Can Learn From 2022
Why is Bitcoin down in 2026? Bitcoin has just recorded its worst first half since 2022, with back-to-back quarterly losses, record ETF outflows, and extreme fear. Here's what history says, how 2026 differs from the last bear market, and the three signals traders should wat
The large models in the United States are moving towards closure in the name of security
The government successfully inserted itself as an approver between commercial AI models and their users for the first time.
From the white-haired stock god to the billionaire fund mogul, the smart people shorting Nvidia are all getting rich using the same framework
Give up on heavily investing in Nvidia's "nine major bottlenecks"! This article analyzes the underlying logic behind top AI investors making billions: physical infrastructure such as electricity, HBM, and optical interconnects are the true keys to wealth in AI hardware.
Popular coins
Latest Crypto News
Customer Support:@weikecs
Business Cooperation:@weikecs
Quant Trading & MM:bd@weex.com
VIP Program:support@weex.com
