Axios on npm Compromised: Update Now π¨
Hackers hijacked Axios maintainer accounts, pushing malicious versions 1.14.1 and 0.30.4. Developers must check npm immediately.
RootToHack
1.2K views β’ Mar 31, 2026
About this video
π¨ Axios was compromised on npm.
Attackers reportedly hijacked an Axios maintainer account and pushed two poisoned versions: 1.14.1 and 0.30.4.
The malicious releases added a fake dependency, plain-crypto-js, which security writeups say could download a cross-platform RAT affecting Windows, Linux, and macOS.
If you installed either version, treat that environment seriously:
β roll back
β rotate credentials
β investigate outbound activity
This is what modern supply chain attacks look like:
not fake appsβ¦
but code developers already trust.
#axios #npm #javascript #cybersecurity #supplychainattack #malware #infosec #developers #nodejs #hackingnews #cybernews #devsecops #opensource #programming #roottohack
Attackers reportedly hijacked an Axios maintainer account and pushed two poisoned versions: 1.14.1 and 0.30.4.
The malicious releases added a fake dependency, plain-crypto-js, which security writeups say could download a cross-platform RAT affecting Windows, Linux, and macOS.
If you installed either version, treat that environment seriously:
β roll back
β rotate credentials
β investigate outbound activity
This is what modern supply chain attacks look like:
not fake appsβ¦
but code developers already trust.
#axios #npm #javascript #cybersecurity #supplychainattack #malware #infosec #developers #nodejs #hackingnews #cybernews #devsecops #opensource #programming #roottohack
Video Information
Views
1.2K
Likes
20
Duration
1:04
Published
Mar 31, 2026
User Reviews
4.5
(1) Related Trending Topics
LIVE TRENDSRelated trending topics. Click any trend to explore more videos.
Trending Now