Skip to content
You can now search across every topic, entity and event.What's new
Timeline

WAVESHAPER.V2

Cross-platform backdoor planted by North Korea's UNC1069 in the Axios npm package in March 2026.

2 of 2 entries (2 events, 0 interactions)

Filters
#411 May

Shipped inside @shadanai/openclaw and @qqbrowser/openclaw-qbot during automated dependency resolution on 31 March 2026

Cybersecurity: Threats and Defences: UNC1069 expands the npm WAVESHAPER supply chain
#35 May

Planted in Axios v1.14.1 and v0.30.4 as malicious dependency plain-crypto-js

Cybersecurity: Threats and Defences: UNC1069 planted WAVESHAPER.V2 in Axios via maintainer phishing