Skip to content
Briefings are running a touch slower this week while we rebuild the foundations.See roadmap
Timeline

plain-crypto-js

Malicious npm package injected by UNC1069 into Axios, carrying the WAVESHAPER.V2 backdoor.

1 of 1 entries (1 events, 0 interactions)

Filters
#35 May

Introduced into Axios versions v1.14.1 and v0.30.4 as the delivery vehicle for WAVESHAPER.V2

Cybersecurity: Threats and Defences: UNC1069 planted WAVESHAPER.V2 in Axios via maintainer phishing
← Back to plain-crypto-js