Axios npm Supply Chain Attack: Cross-Platform RAT Delivery via Compromised Maintainer Credentials

A threat actor compromised Axios’s npm maintainer credentials to inject a malicious dependency, enabling cross-platform remote access trojan (RAT) delivery to millions of downstream applications via a single supply chain attack—demonstrating that one stolen token can bypass all upstream security controls and weaponize the entire JavaScript ecosystem.