Skip to content
Briefings are running a touch slower this week while we rebuild the foundations.See roadmap
Timeline

WAVESHAPER.V2

Cross-platform backdoor planted by North Korea's UNC1069 in the Axios npm package in March 2026.

1 of 1 entries (1 events, 0 interactions)

Filters
#35 May

Planted in Axios v1.14.1 and v0.30.4 as malicious dependency plain-crypto-js

Cybersecurity: Threats and Defences: UNC1069 planted WAVESHAPER.V2 in Axios via maintainer phishing
← Back to WAVESHAPER.V2