A hacker inserted malware in Axios, an open-source web tool downloaded tens of millions of times weekly, in a widespread hack.
Hacker hijacks Axios open-source project, used by millions, to push malware | TechCrunch
A threat actor compromised the widely used Axios open-source web tool, injecting malware into versions 1.6.2 and 1.6.3, which are downloaded tens of millions of times weekly. This attack exposed millions of users to potential remote code execution (RCE) and malware distribution, with malicious versions available for up to 9 days before discovery.