UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

North Korean actors compromised the Axios npm maintainer through social engineering and published malicious versions (1.14.1 and 0.30.4) containing WAVESHAPER.V2 remote access trojan. Nearly 100 million weekly downloads were exposed. Any system running affected Axios versions has potential RCE.

CRITICALAdvisoryApr 04, 2026

Action required

Immediately audit npm package versions in use. Upgrade Axios to 1.6.8 or latest patch version. Check logs and process execution for any suspicious activity correlating to Axios import timestamps between compromise window and package removal.

Affected products

Axios

Linked articles

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

Source links

https://thehackernews.com/2026/04/unc1069-social-engineering-of-axios.html