Threat Intelligence Report

Mitigating the Axios npm supply chain compromise | Microsoft Security Blog

📅 April 1, 2026 📰 www.microsoft.com 🔍 0 CVE(s) referenced

North Korean state actor Sapphire Sleet compromised two widely used Axios npm package versions with a malicious dependency, enabling stealthy cross-platform remote access trojans and persistent command-and-control, exemplifying the escalating risk of supply chain attacks in open-source software.

🔐 Sign In to Read Full Report

You'll need to accept our Terms of Service to access the platform.

📊 Visual Mindmap

🎯 IOC Extraction

⚔️ MITRE ATT&CK TTPs

📦 STIX 2.1 Bundle