North Korea-linked hackers suspected in Axios open-source hijack, Google analysts say

Google and security researchers report a suspected North Korea-linked group (tracked as UNC1069) compromised the widely used Axios npm package by publishing malicious versions that executed during installation to deploy a cross-platform remote-access trojan; StepSecurity detected and halted the malicious package within hours while Google Threat Intelligence investigates. The incident is a sophisticated supply-chain attack with potential for wide-reaching impact given the package's popularity.