X @BSCN

CISA ISSUES FORMAL ALERT ON AXIOS NPM SUPPLY CHAIN COMPROMISE THREE WEEKS AFTER ATTACKThe US Cybersecurity and Infrastructure Security Agency (@CISACyber) published a formal alert today on the March 31 supply chain attack against axios, the JavaScript HTTP client library with over 100 million weekly downloads. Microsoft and Google attributed the campaign to North Korean state actors tracked as Sapphire Sleet and UNC1069.Compromised versions axios @ 1.14.1 and axios @ 0.30.4 injected a fake dependency, plain ...