Tag

#npm

Incident Critical npm javascript

Axios Supply Chain Attack: All begin with Social Engineering Campaign Targeting npm's Most Downloaded HTTP Library

Axios maintainer hacked via social engineering; RAT dropper found in versions 1.14.1 & 0.30.4 via malicious dependency.

Ricardo Sanchez · Apr 7, 2026 · 9 min read

Incident Critical npm PyPI openvsix

TeamPCP Part II: Backdooring the AI Credentials Vault

TeamPCP's endgame: LiteLLM's PyPI wheel backdoored post-build, .pth system-wide persistence, and why AI gateways are a new class of supply chain target.

Daniel Malvaceda · Apr 1, 2026 · 27 min read