This Sophisticated Scam Should Be a Warning To All Companies

**Executive Summary:** On March 31, 2026 attackers likely linked to a nation-state compromised an Axios npm maintainer account and published malicious axios package versions that installed a cross-platform RAT via a fake dependency and post-install script; the attack used sophisticated social engineering (fake Slack/Teams workspace and a Click-Fix PowerShell prompt), was live for a short period, impacted roughly 3% of environments, and the report recommends education, phishing-resistant MFA, and developer isolation as mitigations.