Axios Supply Chain Attack Explained: npm's Most Popular HTTP Client Compromised with Cross-Platform RAT
On March 31, 2026, an attacker hijacked the lead axios maintainer's npm account and published two malicious versions — axios@1.14.1 and axios@0.30.4 — injecting a cross-platform remote access trojan via a fake dependency. Here is the full timeline, technical analysis, IOCs, and what to do if you are affected.