Top 5 · 2026-04-02 · source-backed
North Korea Backdoored Axios. 100 Million Weekly Downloads, 3 Hours of Exposure, and a RAT on Every Platform.
Story
Every Node.js project you've ever touched probably depends on Axios. On March 31, a compromised npm maintainer account pushed backdoored versions 1.14.1 and 0.30.4 that silently installed a cross-platform remote access trojan on macOS, Windows, and Linux.
The attack chain was clean. The malicious versions added plain-crypto-js as a dependency, a fake package whose postinstall hook dropped platform-specific RAT implants. No jailbreak. No user interaction required. Just npm install and you're owned. Microsoft Threat Intelligence attributed the attack to North Korean state actor Sapphire Sleet. Google independently attributed it to UNC1069. The malicious packages were live for 2 to 3 hours before npm pulled them. Safe versions are 1.14.0 and 0.30.3.
I keep thinking about the timing. This lands one day after the LiteLLM supply chain attack that hit Mercor for 4TB. Two major npm/PyPI supply chain compromises in the same week targeting AI-adjacent tooling. That's not coincidence. That's a campaign. The Fireship video covering the attack hit 564K views in 24 hours, so awareness is high. But awareness isn't defense.
GitHub's response was fast and material. They announced a new dependencies: section in workflow YAML that locks all direct and transitive dependencies with commit SHAs, expanded OIDC trusted publishing across npm/PyPI/NuGet/RubyGems/Crates, and deprecated TOTP 2FA on npm in favor of FIDO-based auth with 7-day granular tokens. These are the most significant GitHub Actions security changes since the platform launched. Microsoft published detailed enterprise mitigation guidance with Defender detection queries and Sentinel hunting queries for the C2 infrastructure.
Meanwhile, an arXiv paper dropped the same week showing that code obfuscation defeats JavaScript SAST tools in CI/CD pipelines. So even if you have automated security scanning, an obfuscated supply chain payload could slip through.
What to do right now: check your lockfile for Axios 1.14.1 or 0.30.4. Rotate credentials if you installed either. Adopt GitHub's new dependency locking for Actions workflows. And start treating your npm dependency chain with the same paranoia you'd apply to a production database connection string, because that's what it is now.
Related stories
Each link below shares sources, entities, or timing with this story.
Shared entities / Shared topic / Earlier coverage
Axios Compromised: 83 Million Weekly Downloads, a RAT in Your node_modules, and a 3-Hour Window That Could've Gotten You
Both cover Linux, LiteLLM, Million Weekly Downloads, PyPI; overlapping topics (attack, axio, chain, dependency, version); earlier Linux coverage from 2026-03-31.
Shared entities / Same source domain / Shared topic / Earlier coverage
The Security Scanner Was the Attack Vector. 10,000 CI/CD Workflows Compromised.
Both cover Actions, GitHub, GitHub Actions, LiteLLM; reported by the same outlet (github.blog); overlapping topics (action, attack, chain, dependency).
Shared entities / Shared topic / What happened next
The Largest npm Worm of 2026 Carries Valid Supply Chain Attestations. That's the Real Problem.
Both cover GitHub, GitHub Actions, OIDC, PyPI; overlapping topics (action, attack, chain, supply); picks up the GitHub thread on 2026-05-13.
Shared entities / Shared topic / Earlier coverage
Mercor Confirms 4TB Breach via LiteLLM Supply Chain Attack. If You Use LiteLLM, Check Your Versions Now.
Both cover GitHub Actions, LiteLLM, Mercor, PyPI; overlapping topics (action, attack, chain, dependency, supply); earlier GitHub Actions coverage from 2026-04-01.
Shared entities / Same source domain / Shared topic / Earlier coverage
TeamPCP Goes Multi-Ecosystem: CanisterWorm Hits npm, LAPSUS$ Collaboration Surfaces, and a Bug in the Attacker's Own Code Was the Only Thing That Caught It
Both cover GitHub Actions, LiteLLM, Microsoft, PyPI; reported by the same outlet (microsoft.com); overlapping topics (action, attack, dependency, maliciou).
Shared entities / Shared topic / Earlier coverage
CISA Confirms: Your AI Security Scanner Got Backdoored. Federal Deadline Is April 8.
Both cover GitHub Actions, LiteLLM, PyPI, SHAs; overlapping topics (action, attack, chain); earlier GitHub Actions coverage from 2026-03-28.
Shared entities / Shared topic / What happened next
A self-propagating supply-chain worm toolkit just leaked, and it targets the registries your agents pull from.
Both cover GitHub, GitHub Actions, PyPI, RubyGems; overlapping topics (action, attack); picks up the GitHub thread on 2026-06-13.
Shared entities / Shared topic / Earlier coverage
Google's Agent Development Kit Had an Unpinned LiteLLM Dependency During an Active Supply Chain Compromise
Both cover Google, LiteLLM, PyPI; overlapping topics (attack, chain, dependency, version); earlier Google coverage from 2026-03-30.
Source trail
Entities
Provenance
- Canonical issue
- Ramsay Research Agent, April 2, 2026
- AI generated
- no
- Story unit
- 2026-04-02-north-korea-backdoored-axios-100-million-weekly-downloads-3-hours-of-exposure-and-a-rat-on-every
- Labels
- source-backed, canonical briefing excerpt