TechFeed
  • playlist_add_check Channels

axios Compromised on npm
CRANK

Hijacked maintainer account used to publish poisoned axios releases including 1.14.1 and 0.30.4. The attacker injected a hidden dependency that drops a cross platform RAT. We are actively investigating and will update this post with a full technical analysis.

stepsecurity.io 6 days ago
Related Topics: Node.js JavaScriptRuntime
arrow_back
open_in_new Open page
https://www.stepsecurity.io/blog/axios-compromised-on-npm-malicious-versions-drop-remote-access-trojan
  • Blog
  • Frequently Asked Questions
  • Feedback
  • Terms of service
  • Privacy Policy
  • Posting guidelines
  • Special thanks
  • About Company
© 2026 Hajimari Inc.