On March 30, 2026, a big JavaScript library was turned into a weapon This article explores attackers poison axios. . Attackers put poison in Axios' npm package and secretly installed malware.
The attacker got into a hacked admin-level account that belonged to Jason Saayman, the lead maintainer of Axios. Axios is one of the most popular HTTP clients in the JavaScript ecosystem, with over 100 million downloads every week. This makes the supply chain attack very important. Peter Girnus and Jacob Santos, two researchers from Trend Micro, did a forensic analysis of the attack that showed its full infection chain and scope.
At the time of their investigation, their analysis showed that the threat had already made its way into businesses in a variety of fields, such as government, finance, healthcare, manufacturing, retail, and technology. It took about 18 hours to plan the operation in great detail.
The attacker first put out a clean version of plain-crypto-js as a decoy to build registry history and avoid raising alarms. Then, hours later, they registered the command-and-control server. In CI/CD pipelines, using `npm ci –ignore-scripts` stops postinstall hooks, which removes the main execution path that this attack depended on.
It is also highly recommended to block sfrclak[. ]com at the network level. Set LinkedIn, X, and Google's ZeroOwl as your preferred sources. Follow these steps to get the most recent security updates from our friends at Cascades.
Go back to the Mail Online home page. to the page you came from.Every week, "Cascades" gives you an updated look at what's going on in the world of security. Follow us on Twitter at @cascades and @jennifer_jenson.
We also have a weekly Newsquiz that lets you test how well you remember stories you read on CNN.com and CNN iReport. We want to hear from you.
