A supply chain attack targeting the widely used HTTP client Axios has introduced a malicious dependency into specific npm releases, including [email protected] and [email protected] latest version pulls in [email protected], a package that Socket has confirmed as malicious. Our analysis shows the malicious package deploys a multi-stage payload, including a remote access trojan (RAT) capable of executing arbitrary commands, exfiltrating system data, and persisting on infected machines. Axios is one...