UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

Friday, April 3, 2026 at 11:04 AM UTC·Source: The Hacker News

Updated: Friday, April 3, 2026 at 01:53 PM UTC

Executive Summary

The maintainer of the Axios npm package has confirmed that the supply chain compromise was the result of a highly-targeted social engineering campaign orchestrated by North Korean threat actors tracked as UNC1069. Maintainer Jason Saayman said the attackers tailored their social engineering efforts "specifically to me" by first approaching him under the guise of the founder of a

Analysis

Source Attribution

Originally published by The Hacker News on Apr 3, 2026.

Related Threats

MEDIUMSupply Chain

Do not get high(jacked) off your own supply (chain)

In the span of just a few weeks, we have observed a dizzying array of major supply chain attacks. If we are all building on such shaky foundation, what can we do to keep safe?

7h agoCisco Talos

LOWSupply Chain

Axios NPM supply chain incident

Overview of the recent Axios NPM supply chain incident including details of the payloads delivered from actor-controlled infrastructure.

7h agoCisco Talos

LOWSupply Chain

Claude Code is still vulnerable to an attack Anthropic has already fixed

The leak of Claude Code’s source is already having consequences for the tool’s security . Researchers have spotted a vulnerability documented in the code. The vulnerability, revealed by AI security company Adversa , is that if Claude Code is presented with a command composed of more than 50 subcommands, then for subcommands after the 50th it will override compute-intensive security analysis that m

7h agoCSO Online