North Korean hackers implicated in major supply chain attack
Quick Insights
The Bottom Line
North Korean hackers compromised Axios, a JavaScript library downloaded 100 million times weekly, affecting roughly 80% of cloud and code environments.
How This Affects You
Malware injected into Axios could compromise your data and system security if you use software built with this library, potentially exposing credentials and enabling persistent unauthorized access to your devices.
AI Summary
Google researchers have attributed a compromise of Axios, a JavaScript library downloaded roughly 100 million times weekly, to North Korean hackers linked to the group UNC1069. Attackers gained access to a maintainer account and published at least two malicious versions of the package targeting macOS, Windows, and Linux systems before the code was removed within three hours. The malware was designed to steal credentials and grant attackers persistent access to infected systems, posing particular risk given Axios's presence in approximately 80% of cloud and code environments. Google warned the incident could have "far-reaching impacts," and Wiz has already observed the malicious versions in roughly 3% of scanned environments. Security researchers are still investigating how the attackers initially breached the maintainer's GitHub account.
What's Being Done
Google researchers attributed the attack to North Korean hackers linked to UNC1069; the malicious code was removed within three hours and security researchers are investigating how attackers breached the maintainer's GitHub account.
This article is part of a story we're tracking:
Should this be getting more attention?
You Might Have Missed
Related stories from different sources and perspectives
National SecurityFederal judge temporarily blocks the Pentagon from branding AI firm Anthropic a supply chain risk - AP News
<a href="https://news.google.com/rss/articles/CBMimgFBVV95cUxNRTZVY1ZrcVpDb2t2TENia3U2dVA5SVBnQlBfVFBDOVh0MTN3R0ZjSWR4WFJNV19pY0NqMDlFRFpkNkpQbnNrZHdTTUoxZHRVTDUtTl9rV1RMbnJTVkhfMEFsN3duUjRQVE1XbWZfQk90Sk9QV2M3dFRYSUZJRzktcG9aTU5BZnd0T1J1REwtVWFZM1dIWnpMaGZR?oc=5" target="_blank">Federal judge temporarily blocks the Pentagon from branding AI firm Anthropic a supply chain risk</a> <font color="#6f6f6f">AP News</font>
Civil RightsAttack survivors, not believed by police, get the last word against kidnapper
After their kidnapping case drew national attention because they were accused of making it up, Denise Huskins Quinn and Aaron Quinn worked with law enforcement to help uncover additional crimes committed by their attacker – helping to bring justice to other victims and reclaiming their own story.
PoliticsFlorida axes sociology as required class at state universities in latest attack on ‘woke’
<p>Move by state education officials picked by Republican governor removes the course as a graduation component</p><p>Education leaders in Florida have removed <a href="https://www.theguardian.com/us-news/2026/mar/18/florida-colleges-push-back-race-gender-restrictions">sociology</a> as a graduation component at state universities in Republican governor Ron DeSantis’s latest attack on what he sees as the “woke” indoctrination of students.</p><p>The move on Thursday by a majority of DeSantis’s hand-picked university board of governors effectively relegates the stand-alone Introduction to Sociology course to a makeweight elective instead of a core component subject that has been a popular choice for generations of students.</p> <a href="https://www.theguardian.com/us-news/2026/mar/27/florida-sociology-university-class">Continue reading...</a>
GlobalNorth Korea's Kim Jong Un gifted gun by Belarusian leader
The Belarusian and North Korean leaders exchanged gifts as they met to sign a friendship treaty. Alexander #Lukashenko aims to strengthen ties with #Russia allies while normalizing his relationship with the #US.
PoliticsAlbanese government says fuel supply ‘same, if not higher’ in coming weeks as Coalition calls for halving of excise
<p>Latest figures from ACCC show diesel and unleaded petrol prices across the five largest cities up 10% and 8% respectively</p><ul><li><p><a href="https://www.theguardian.com/australia-news/live/2026/mar/27/tropical-cyclone-narelle-fuel-crisis-petrol-cost-of-living-inflation-iran-war-storm-anthony-albanese-angus-taylor-ntwnfb">Follow our Australia news live blog for latest updates</a></p></li><li><p>Get our <a href="https://www.theguardian.com/email-newsletters?CMP=cvau_sfl">breaking news email</a>, <a href="https://app.adjust.com/w4u7jx3">free app</a> or <a href="https://www.theguardian.com/australia-news/series/full-story?CMP=cvau_sfl">daily news podcast</a></p></li></ul><p>The prime minister and energy minister moved to reassure the public about normal or even higher levels of fuel supply in the coming weeks, as the Coalition escalated calls for a cut to the fuel excise and the government downplayed the prospect of any major restrictions on petrol sales.</p><p>It comes as the la...
GlobalFrench police make two more arrests over foiled attack on Bank of America
Prosecutors investigating suspected link to Iran war due to similarities with other recent attempted attacks in Europe.
Trump posts video of massive bombing in Iran's Isfahan
President Trump posted a video of a strike in Iran's central city of Isfahan, which is the home to one of three nuclear facilities attacked by the U.S. military in June 2025. CBS News' Olivia Gazis and Elizabeth Palmer report.
Did this story change how you see things?
Stories like this only matter when people see them. Help us get verified journalism in front of more eyes.
The Verity Ledger curates verified investigative journalism from trusted sources only.
See our sourcesMost Read This Week
'The gravest crime against humanity': What does the UN vote on slavery mean?
US paves way for private assets to be included in 401(k) retirement plans - Reuters
After 16 years and $8 billion, the military's new GPS software still doesn't work
US votes against UN resolution labeling slavery ‘gravest crime against humanity’
White House AI rollout exposes widening rift
