April 1 16 min read Mitigating the Axios npm supply chain compromise On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages for version updates to download from command and control (C2) that Microsoft Threat Intelligence has attributed to the North Korean state actor Sapphire Sleet.
Supply chain attacks
Classification
SEV 3/10
April 1 16 min read Mitigating the Axios npm supply chain compromise On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages for version updates to download from command and control (C2) that Microsoft Threat Intelligence has attributed to the North Korean state actor Sapphire Sleet.
CONFIDENCE43%
Categories
Threat Actors
Target Sectors
Extracted Entities (0)
No threat entities extracted.
ID: 200Lang: enType: article