Javascript

supply-chain 2026-03-31 Critical
Axios npm Hijacked: Compromised Maintainer Account Drops Cross-Platform RAT in 100M-Download Package
DPRK-linked UNC1069 compromised the axios npm maintainer's account and published two backdoored versions that deployed the WAVESHAPER.V2 RAT to macOS, Windows, and Linux — present in ~80% of cloud environments.
npm supply-chain rat north-korea waveshaper unc1069 javascript nodejs

Axios npm Hijacked: Compromised Maintainer Account Drops Cross-Platform RAT in 100M-Download Package