TI Mindmap HUB
Threat Intelligence Report

Supply Chain Attack on Axios Pulls Malicious Dependency from npm

๐Ÿ“… March 31, 2026 ๐Ÿ“ฐ socket.dev ๐Ÿ” 0 CVE(s) referenced

A sophisticated supply chain attack compromised popular Axios npm releases by surreptitiously introducing a malicious dependency, plain-crypto-js@4.2.1, which deployed a stealthy, cross-platform remote access trojan capable of exfiltration and command execution, highlighting critical gaps in publishing workflows and the cascading risks of transitive dependencies.

Sign in to access the full report including:
detailed analysis, IOCs, MITRE ATT&CK mapping, and STIX bundle.

๐Ÿ” Sign In to Read Full Report

You'll need to accept our Terms of Service to access the platform.

๐Ÿ“Š Visual Mindmap
๐ŸŽฏ IOC Extraction
โš”๏ธ MITRE ATT&CK TTPs
๐Ÿ“ฆ STIX 2.1 Bundle