Supply ChainApr 1, 2026
🚨 Breaking: On March 31, 2026, a threat actor used stolen maintainer credentials to compromise t...
Threat actor compromises Axios npm package with stolen credentials, deploys ZshBucket malware.
Summary
On March 31, 2026, a threat actor gained access to the Axios npm package using stolen maintainer credentials and deployed platform-specific ZshBucket malware variants. CrowdStrike's Counter Adversary Operations team attributed the attack. This represents a critical supply chain compromise affecting a widely-used HTTP client library with millions of downloads.
Indicators of Compromise
- malware — ZshBucket
- malware — Axios