One of JavaScript's most popular libraries compromised by hackers — Axios npm package hit in supply chain attack that deployed a cross-platform RAT

Hackers compromised the npm account of a lead Axios maintainer, publishing two malicious versions of the JavaScript HTTP client library, axios@1.14.1 and axios@0.30.4, injecting a hidden dependency that installed a cross-platform remote access trojan on developer machines. The trojan disguised as the legitimate crypto-js library made outbound connections to a command-and-control server, downloading a RAT payload on macOS, Windows, and Linux systems. The attack lasted roughly 18 hours, with advisories recommending compromised systems to rotate credentials immediately. The compromised versions were live for a few hours before being unpublished by npm.