North Korean UNC1069 Compromises Axios npm Package in Supply Chain Attack

North Korean UNC1069 compromised Axios npm package (hundreds of millions of weekly downloads). Trojanized versions 1.14.1 and 0.30.4 deliver cross-platform backdoor via malicious 'plain-crypto-js' dependency.

Affected Products: Axios npm package versions 1.14.1 and 0.30.4. Any Node.js project that updated to these versions is potentially compromised.

Exploitation Status: Active supply chain attack.

Recommended Mitigations: (1) Check package.json for Axios versions 1.14.1 or 0.30.4 and upgrade. (2) Audit npm logs for 'plain-crypto-js' dependency. (3) Scan systems for indicators of compromise. (4) Rotate all credentials from affected environments.