DevOps & Infrastructure •
Axios Compromised on npm: How 1.14.1 and 0.30.4 Dropped a Cross-Platform RAT
Axios was compromised on npm on March 31, 2026. Malicious versions 1.14.1 and 0.30.4 pulled plain-crypto-js@4.2.1, executed a postinstall dropper, and fetched a cross-platform RAT. Here is the verified timeline, impact, IOCs, and recovery plan.
14 min read
Read more →