Noticias Tech
Tech
Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account
La popular librería HTTP Axios sufrió un ataque de cadena de suministro cuando las versiones 1.14.1 y 0.30.4 introdujeron una dependencia maliciosa llamada 'plain-crypto-js' a
2026-03-311 min de lectura
Fuente: Cloud360.net · Noticias
Temas
Tech
The popular HTTP client known as Axios has suffered a supply chain attack after two newly published versions of the npm package introduced a malicious dependency. Versions 1.14.1 and 0.30.4 of Axios have been found to inject "plain-crypto-js" version 4.2.1 as a fake dependency. According to StepSecurity, the two versions were published using the compromised npm credentials of the primary Axios
Newsletter12,500+ suscriptores
Recibe el mejor contenido tech cada mañana
Gratis · Sin spam · Cancela cuando quieras