Tradecraft Tuesday Recap: axios npm Supply Chain Compromise

A March supply-chain compromise of the widely used axios npm package involved two malicious releases that delivered a cross-platform RAT capable of reconnaissance, credential theft, and remote execution; Google attributed the attack to UNC1069 and researchers observed active infections and tracked IoCs, prompting guidance on dependency pinning, vetting, and other supply-chain mitigations.