Security alert: Axios npm supply chain attack

**Executive Summary:** The Axios npm package was briefly compromised on March 30–31, 2026 when attackers added a malicious dependency ([email protected]) that caused installs/updates to download and run a cross-platform remote access trojan (Windows/macOS/Linux) from attacker infrastructure (e.g., http://sfrclak.com:8000/6202033), potentially exposing npm tokens, AWS keys, SSH keys and other credentials; Expel SOC detected the activity and is coordinating remediation and threat hunting.