🔫 Axios npm Package Compromised in Supply Chain Attack CISA issued an urgent w...

🔫 Axios npm Package Compromised in Supply Chain Attack CISA issued an urgent warning after attackers injected malicious code into Axios versions 1.14.1 and 0.30.4 on March 31, 2026. The compromised package installed a hidden dependency called plain-crypto-js 4.2.1, which functions as a malware loader connecting to attacker infrastructure. According to reporting, the primary payload is a remote access trojan capable of stealing source code, API keys, and credentials from developer environments. Organizations must immediately identify affected systems, downgrade to safe versions (1.14.0 or 0.30.3), remove node_modules/plain-crypto-js/ directories, and rotate all potentially exposed credentials. CISA recommends enforcing ignore-scripts=true in npm configurations and monitoring for connections to the malicious domain Sfrclak[.]com. 🛰️ Open sources - closed narratives @sitreports