Two malicious versions of the popular JavaScript HTTP library Axios were briefly published to the npm registry on March 31, 2026. Each version carried a hidden dependency that installed a remote access trojan (RAT) across macOS, Windows, and Linux systems. The attack did not exploit a flaw in the Axios code itself. Instead, it targeted […] The post Axios Maintainer Confirms The npm Compromise Was via a Targeted Social Engineering Attack appeared first on Cyber Security News.