Pull to refresh
Logo
Daily Brief
Following
Why Ranks Sign Up
Jason Saayman

Jason Saayman

Lead maintainer, Axios npm package

Appears in 1 story

Stories

North Korean hackers compromise Axios, one of the most-used packages in the npm ecosystem

Force in Play

Account compromised; cooperating with investigation

Axios is installed in roughly 80% of cloud and code environments and downloaded over 100 million times per week. On March 31, 2026, a North Korean hacking group hijacked the npm account of its lead maintainer and published two backdoored versions with a cross-platform remote access trojan. They were live for nearly three hours before being noticed. Google's Threat Intelligence Group formally attributed the attack to UNC1069, a financially motivated North Korean threat cluster active since at least 2018.

Updated May 30