The article details a software supply chain attack where threat actors compromised the lead maintainer's account for the Axios npm package and published malicious versions 1.14.1 and 0.3.4 on March 31, 2026, containing the `plane-crypto-JS@4.2.1` dependency which deploys a multi-stage payload for arbitrary command execution and data exfiltration. The attackers maintained control of the account to suppress warnings, and the malicious packages, which average over 100 million and 37 million weekly downloads respectively, were distributed through the npm registry. The article recommends circulating and changing all secrets involving public npm packages to mitigate downstream risks from stolen credentials.
Hak5 -- Cyber Security Education, Inspiration, News & Community since 2005: -----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆ Our Site → https://www.hak5.org Shop → http://hakshop.myshopify.com/ Community → https://www.hak5.org/community Subscribe → https://www.youtube.com/user/Hak5Darren?sub_confirmation=1 Support → https://www.patreon.com/threatwire Contact Us → http://www.twitter.com/hak5 -----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆ ____________________________________________ Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award winning educational podcasts, leading pentest gear, and inclusive community – where all hackers belong.