Skip to content
You can now search across every topic, entity and event.What's new
Timeline

Axios npm package

JavaScript HTTP library; v1.14.1 and v0.30.4 backdoored by North Korea's UNC1069 on 31 March 2026.

2 of 2 entries (2 events, 0 interactions)

Filters
#73 Jun
#35 May

Compromised by UNC1069 via maintainer phishing with WAVESHAPER.V2 injected into two versions

Cybersecurity: Threats and Defences: UNC1069 planted WAVESHAPER.V2 in Axios via maintainer phishing