Web-code library with millions of weekly downloads poisoned by malicious release: 'This is unironically a malware…The popular JavaScript library Axios was targeted in a sophisticated supply chain attack, with malicious versions distributing a remote access trojan. Attackers, identified as a North Korea-nexus threat actor, pre-built payloads and poisoned release branches, with malware calling home within seconds of installation. While malicious versions were quickly removed, cybersecurity firms warn of potential compromise and recommend thorough security assessments. PC Gamer
·
▸