Axios npm compromise pushed cross-platform malware through poisoned releases

Developers who installed axios@1.14.1 or axios@0.30.4 on March 31 should treat those systems as compromised. Axios maintainer Jason Saayman confirmed that two malicious versions were published through his compromised npm account, and both pulled in a fake dependency named plain-crypto-js@4.2.1 that installed a remote access trojan on Windows, macOS, and Linux. The malicious releases stayed […] The post Axios npm compromise pushed cross-platform malware through poisoned releases appeared first on VPN Central.