Emergency Webcast Briefing: Axios NPM Supply Chain Compromise
A critical supply chain attack is unfolding involving the widely used JavaScript library axios. Malicious packages were introduced into the NPM ecosystem, ...
SANS Institute
2.8K views β’ Mar 31, 2026
About this video
A critical supply chain attack is unfolding involving the widely used JavaScript library axios.
Malicious packages were introduced into the NPM ecosystem, deploying a remote access trojan (RAT) capable of stealing credentials and maintaining persistent access across Windows, macOS, and Linux systems.
With over 100 million downloads per week, axios is embedded across web applications, backend services, and automated build pipelines worldwide. Even a short exposure window can have widespread impact across organizations.
This incident validates warnings shared by SANS expert Joshua Wright at RSA Conference 2026 just days ago, highlighting how attackers are increasingly targeting trusted software components to achieve scale.
SANS is hosting an emergency technical livestream to break down what happened and what defenders must do now.
What you will learn:
How the axios supply chain compromise occurred
Why this attack is more dangerous than it initially appears
How malicious packages enabled credential theft and persistent access
The hidden risks in CI/CD pipelines and automated dependency updates
How to reduce exposure in your CI/CD environments
Indicators of compromise and how to detect them
Immediate mitigation and response steps
Speaker:
Rich Greene, Certified Instructor, SANS Institute
Joshua Wright, Faculty Fellow and Senior Technical Director, SANS Institute | Counter Hack Innovations
Malicious packages were introduced into the NPM ecosystem, deploying a remote access trojan (RAT) capable of stealing credentials and maintaining persistent access across Windows, macOS, and Linux systems.
With over 100 million downloads per week, axios is embedded across web applications, backend services, and automated build pipelines worldwide. Even a short exposure window can have widespread impact across organizations.
This incident validates warnings shared by SANS expert Joshua Wright at RSA Conference 2026 just days ago, highlighting how attackers are increasingly targeting trusted software components to achieve scale.
SANS is hosting an emergency technical livestream to break down what happened and what defenders must do now.
What you will learn:
How the axios supply chain compromise occurred
Why this attack is more dangerous than it initially appears
How malicious packages enabled credential theft and persistent access
The hidden risks in CI/CD pipelines and automated dependency updates
How to reduce exposure in your CI/CD environments
Indicators of compromise and how to detect them
Immediate mitigation and response steps
Speaker:
Rich Greene, Certified Instructor, SANS Institute
Joshua Wright, Faculty Fellow and Senior Technical Director, SANS Institute | Counter Hack Innovations
Video Information
Views
2.8K
Likes
100
Duration
22:05
Published
Mar 31, 2026
User Reviews
4.5
(2) Related Trending Topics
LIVE TRENDSRelated trending topics. Click any trend to explore more videos.
Trending Now