Axios hacked March 30, malware pushed through npm packages
The popular JavaScript library Axios got hacked on March 30, letting a cybercriminal sneak malware into its code and push it out through npm.
Axios is used by millions of apps for internet connections, so this was a big deal, but thankfully, StepSecurity spotted the attack and stopped it within three hours.
If you installed Axios during that short window, security experts at Aikido say you should assume your device might be compromised.
Hackers increasingly target widely used software
This isn't just a one-off: hackers are increasingly targeting widely-used software to hit lots of users at once.
Previous big attacks like Log4j and 3CX show how important it is for developers to lock down their accounts and keep an eye on updates.
Open-source libraries need strong security because so many people rely on them every day.