1 post
Axios — 300 million weekly downloads — was compromised on npm today. The malicious versions ran for less than three hours. The attacker pre-staged payloads 18 hours in advance, hit both release branches, and designed every trace to self-destruct.