Axios npm Supply Chain Attack: 83M Downloads Compromised via Cross-Platform RAT (March 31, 2026)
⚠️ Past Incident — March 31, 2026. If you ran npm install or npm update between March 30 evening UTC and March 31, check your systems now. See remediation steps below. ✅ Story Concluded — Attribution resolved (UNC1069 / Sapphire Sleet — North Korea/BlueNoroff), malicious versions removed, maintainer post-mortem published, social engineering vector fully confirmed. No further updates scheduled. Last updated: April 7, 2026 15:00 UTC. Updates 2026-04-07 15:00 UTC — Final Wrap-Up: Social Engineering Vector Confirmed as Fake Teams Call; Dependency Cooldown Emerges as New Best Practice; Story Concluded ...