Skip to content
Briefings are running a touch slower this week while we rebuild the foundations.See roadmap
Timeline

Axios npm package

JavaScript HTTP library; v1.14.1 and v0.30.4 backdoored by North Korea's UNC1069 on 31 March 2026.

1 of 1 entries (1 events, 0 interactions)

Filters
#35 May

Compromised by UNC1069 via maintainer phishing with WAVESHAPER.V2 injected into two versions

Cybersecurity: Threats and Defences: UNC1069 planted WAVESHAPER.V2 in Axios via maintainer phishing
← Back to Axios npm package