🦑 Kraken AlertStepSecurity
axios Compromised on npm - Malicious Versions Drop Remote Access TrojanIncident started March 30, 2026 at 05:57 AM GMT
Reported Apr 2, 2026, 06:43 AM GMT
Threat Intel Feed
·|
Axios Maintainer Confirms Social Engineering Attack Behind npm Compromise
Socket.devIncident start — not yet confirmed
Published Apr 2, 2026, 04:47 PM GMTFirst seen Apr 2, 2026, 07:45 PM GMT
axios Compromised on npm - Malicious Versions Drop Remote Access Trojan
StepSecurityIncident started Mar 30, 2026, 05:57 AM GMT
Published Apr 2, 2026, 06:43 AM GMTFirst seen Apr 2, 2026, 01:19 PM GMT
North Korea-Nexus Threat Actor Compromises Widely Used Axios NPM Package in Supply Chain Attack
Google Threat IntelligenceIncident start — not yet confirmed
Published Mar 31, 2026, 02:00 PM GMTFirst seen Apr 2, 2026, 01:19 PM GMT
Trivy Compromised a Second Time - Malicious v0.69.4 Release, aquasecurity/setup-trivy, aquasecurity/trivy-action GitHub Actions Compromised
StepSecurityIncident start — not yet confirmed
Published Mar 26, 2026, 07:09 PM GMTFirst seen Apr 2, 2026, 01:19 PM GMT
Trivy Supply Chain Attack Expands to Compromised Docker Images
Socket.devIncident start — not yet confirmed
Published Mar 22, 2026, 11:44 PM GMTFirst seen Apr 2, 2026, 01:19 PM GMT