- March 31, 2026
- Posted by: admin
- Category: BitCoin, Blockchain, Cryptocurrency, Investments
Security companies flagged [email protected] and 0.30.4 as compromised, urging credential rotation and rollback of affected packages.
Two malicious Axios npm releases have prompted warnings for developers to rotate credentials and treat affected systems as compromised after a supply chain attack poisoned the popular JavaScript HTTP client library.
The compromise was first reported by cybersecurity company Socket, which said [email protected] and [email protected] were modified to pull in [email protected], a malicious dependency that ran automatically during installation before the releases were removed from npm.
According to security company OX Security, the altered code can give attackers remote access to infected devices, allowing them to steal sensitive data such as login credentials, API keys and crypto wallet information.
