North Korea Backdoored axios — 100 Million Projects Didn't Notice for 39 Minutes

North Korean threat actors compromised the axios npm package — used in 100 million JavaScript projects weekly — through a hijacked maintainer account, delivering a cross-platform RAT in under an hour. For IoT and embedded device builders, it's a wake-up call about firmware supply chain risk.