SlowMist (@SlowMist_Team) “🚨 Another major supply chain incident 🚨 axios — one of the most widely used np” — TopicDigg
SlowMist
@SlowMist_Team
SlowMist is a Blockchain security firm established in 2018, providing services such as security audits, security consultants, red teaming, and more.
加入 April 2018
405 正在关注 88.5K 粉丝
🚨 Another major supply chain incident 🚨
axios — one of the most widely used npm packages — has been compromised. Malicious versions axios@1.14.1 and axios@0.30.4 were published and are actively dropping malware.
The attack pulls in a newly created dependency plain-crypto-js@4.2.1, confirmed as a malicious loader: it executes obfuscated payloads, runs shell commands, and attempts to evade detection while wiping traces.
With 100M+ weekly downloads, this is a live, large-scale supply chain attack.
More details:
显示更多
