On March 31, 2026, attackers compromised the axios maintainer's npm account and published two malicious versions that dropped a cross-platform remote access trojan via a fake dependency. Here's how the attack worked, how to check if you're affected, and what to do about it.
A full breakdown of the March 2026 LiteLLM supply chain compromise — how attackers weaponized Trivy to backdoor 3.4M daily downloads, the three-stage malware payload, and the exact commands to check if you're affected and recover.
On March 31, 2026, attackers compromised the axios maintainer's npm account and published two malicious versions that dropped a cross-platform remote access trojan via a fake dependency. Here's how the attack worked, how to check if you're affected, and what to do about it.
A full breakdown of the March 2026 LiteLLM supply chain compromise — how attackers weaponized Trivy to backdoor 3.4M daily downloads, the three-stage malware payload, and the exact commands to check if you're affected and recover.