Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Whitepapers
    • AI Models Leaderboard
  • AI toolsNEW
  • Newsletter
  • + More
    • Glossary
    • Conversations
    • Events
    • About
      • Who we are
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
  • AI
  • Tech
  • Cybersecurity
  • Finance
  • DeFi & Blockchain
  • Startups
  • Gaming
Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Whitepapers
    • AI Models Leaderboard
  • AI toolsNEW
  • Newsletter
  • + More
    • Glossary
    • Conversations
    • Events
    • About
      • Who we are
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
Dataconomy
No Result
View All Result

The axios breach shows how fragile the npm supply chain remains

Google Threat Intelligence Group said the malicious dependency acted as an obfuscated dropper that installed Waveshaper.v2, a backdoor capable of running on Windows, Linux, and Mac systems.

byAytun Çelebi
April 2, 2026
in Research
Home Research
Share on FacebookShare on TwitterShare on LinkedInShare on WhatsAppShare on e-mail
Google Preferred Source

A supply chain attack targeting the axios JavaScript library, which sees over 100 million downloads weekly, is attributed to a North Korean threat actor, according to security researchers.

Compromised this week, the npm account of an axios maintainer led to the introduction of a malicious dependency named plain-crypto-js. Although the malicious versions were removed within hours, the risk remains that many users downloaded the compromised version due to axios’s extensive usage.

Google Threat Intelligence Group researchers identified the malicious dependency as an obfuscated dropper that installs a backdoor called Waveshaper.v2 across Windows, Linux, and Mac systems. The attacker, tracked as UNC1069, has been active since at least 2018, with the newly discovered backdoor being an updated variant previously linked to this group.

Stay Ahead of the Curve!

Don't miss out on the latest insights, trends, and analysis in the world of data, technology, and startups. Subscribe to our newsletter and get exclusive content delivered straight to your inbox.

Sophos researchers connected the attack to a North Korean hacking group known as Nickel Gladstone. “North Korean hackers have deep experience with supply chain attacks, which they’ve historically used to steal cryptocurrency,” said John Hultquist, chief analyst at GTIG. He added that the overall impact of this incident is still unknown but is expected to be significant.

Austin Larsen, principal threat analyst at GTIG, cautioned that users who downloaded axios versions 1.14.1 and 1.30.4 may have inadvertently executed a backdoor payload linked to the malicious dependency. According to a post on LinkedIn, the initial attack activity was staged 18 hours prior to deployment.

Step Security, which detected the attack, stated that the payloads were intentionally prepared for deployment across three operating systems. “Both release branches were poisoned within 39 minutes of each other,” researchers noted. The attacker compromised the npm account of maintainer jasonsaayman, changing the registered email to one controlled by the threat actor.

This malicious artifact was designed to self-destruct after execution. Research teams characterized the attack as one of the “most operationally sophisticated supply chain attacks ever documented” against a major npm package.

John Hammond, senior principal security researcher at Huntress, warned of potential downstream effects for organizations utilizing Node.js or JavaScript-based software relying on the axios component. “Unfortunately, the full effects are dynamic and still being uncovered,” Hammond stated, indicating the widespread implications for various software environments.

The axios compromise is part of a worrying trend of supply chain attacks, with another recent incident involving Trivy, an open-source tool from Aqua Security, linked to a threat actor identified as TeamPCB. Charles Carmakal, CTO at Mandiant Consulting, revealed that thousands of stolen credentials have emerged as a result of these recent supply chain breaches, warning of possible future compromises, ransomware, and crypto thefts.


Featured image credit

Tags: axiosGoogle

Related Posts

Anthropic research introduces GRAM for isolating dangerous AI knowledge

Anthropic research introduces GRAM for isolating dangerous AI knowledge

July 9, 2026
Global PC shipments fall 5% as AI-driven memory crisis hits supply chains

Global PC shipments fall 5% as AI-driven memory crisis hits supply chains

July 9, 2026
Only 6% of Singapore desk workers use AI daily, says Salesforce

Only 6% of Singapore desk workers use AI daily, says Salesforce

July 8, 2026
Anthropic J-lens reveals hidden workspace inside Claude

Anthropic J-lens reveals hidden workspace inside Claude

July 7, 2026
Gartner: Customers prefer ChatGPT over company chatbots

Gartner: Customers prefer ChatGPT over company chatbots

July 6, 2026
Alibaba framework allegedly cuts AI agent token use by 99%

Alibaba framework allegedly cuts AI agent token use by 99%

July 3, 2026

LATEST NEWS

Claude Fable 5 free access extended until July 19

Samsung Galaxy Z TriFold 2 launch may be delayed

Apple to skip M6 Pro and Max chips, fast-tracks M7 lineup for AI focus

OpenAI lifts GPT-5.6 Sol usage limits temporarily

OpenAI launches ChatGPT Work productivity app

Meta files patent for AI-powered emotional monitoring device

BEST AI MODELS LEADERBOARD

See the best AI models, ranked by intelligence, benchmark results, speed and token price. Find the most suitable LLMs, Text-to-Image, Image Editing, Text-to-Speech, Text-to-Video and Image-to-Video  artificial intelligence model for your tasks and business.

LATEST TOOLS

Mootion

Legacy AI

Copyseeker

ProPhotos

Kuki AI

Create

RemodelAI

AItwitch

Vadoo AI

Greptile AI

Dataconomy

COPYRIGHT © DATACONOMY MEDIA GMBH, ALL RIGHTS RESERVED.

  • About
  • Imprint
  • Contact
  • Legal & Privacy

Follow Us

  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Whitepapers
    • AI Models Leaderboard
  • AI tools
  • Newsletter
  • + More
    • Glossary
    • Conversations
    • Events
    • About
      • Who we are
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
No Result
View All Result
Subscribe

This website uses cookies to improve your experience. You can choose to accept or reject them. Visit our Privacy Policy.