security: Mitigating the Axios npm supply chain compromise
Microsoft Security Blog
2026-04-01
Microsoft reports that Axios was compromised in a March 31, 2026 npm supply chain attack. Two newly published version-update packages were used to download from command-and-control infrastructure, which Microsoft Threat Intelligence attributes to the North Korean actor Sapphire Sleet.