Supply chain blast: Top npm package backdoored to drop dirty RAT on dev machines

Hijacked maintainer account let attackers slip cross-platform trojan into 100M-downloads-a-week Axios

One of npm's most widely used HTTP client libraries briefly became a malware delivery vehicle after attackers hijacked a maintainer's account and slipped a remote-access trojan (RAT) into two seemingly legitimate axios releases, in what's being described as "one of the most impactful npm supply chain attacks on record."...