A North Korea-linked threat actor compromised the widely used Axios NPM package in a software supply chain attack. The article does not provide a CVSS score, specific affected version ranges, a fixed version number, or a recommended workaround.
2026-03-31 (Back to Inventory) North Korea-Nexus Threat Actor Compromises Widely Used Axios NPM Package in Supply Chain Attack Author(s): Adrian Hernandez , Ashley Zaya , Austin Larsen , Christopher Gardner , Dima Lenz , Michael Rudden , Mon Liclican , Tyler McLellan Organization: Google osx.waveshaper Open article directly Open article on Archive.org Related Articles 2026-03-18 ⋅ Google ⋅ Google Threat Intelligence Group The Proliferation of DarkSword: iOS Exploit Chain Adopted by Multiple Threat Actors GHOSTBLADE 2026-03-03 ⋅ Google ⋅ Google Threat Intelligence Group Coruna: The Mysterious Journey of a Powerful iOS Exploit Kit Coruna 2026-03-03 ⋅ Google ⋅ Google Threat Intelligence Group Coruna: The Mysterious Journey of a Powerful iOS Exploit Kit Coruna UNC6353 UNC6691