Executive Summary According to a released report by StepSecurity, on 30 March 2026, an unnamed threat actor compromised a npm account associated with the Axios library and published malicious package versions, impacting developers and organizations relying on the dependency. The threat actor introduced backdoored versions of 1.14.1 and 0.30.4 that included a hidden malicious component designed...