Advertisement
SU
CRITICAL
Supply Chain
TeamPCP Supply Chain Attack Targets Microsoft SDKs and GitHub
TeamPCP expands its supply chain campaign to trojanize official Microsoft Python SDKs and infiltrate GitHub, requiring immediate dependency audits.
Runtime Rebel Intel
3 min read·May 25, 2026
HIGH
Supply Chain
Axios Attack: Industrialized Social Engineering on NPM Maintainers
An analysis of the Axios NPM package attack reveals advanced, scaled social engineering campaigns targeting open-source maintainers, elevating supply chain risk.
Runtime Rebel Intel
4 min read·Apr 7, 2026
SU
CRITICAL
Supply Chain
UNC1069 Leverages Axios NPM Supply Chain to Deploy WAVESHAPER.V2
North Korea-nexus UNC1069 compromised widely used Axios NPM package (v1.14.1, 0.30.4) by injecting plain-crypto-js to deploy WAVESHAPER.V2 backdoor across multiple OS.
Runtime Rebel Intel
8 min read·Apr 1, 2026
HIGH
Supply Chain
Axios NPM Compromise: Supply Chain Threat Analysis
Analysis of the Axios NPM package compromise, a potential supply chain attack impacting JavaScript HTTP client library users, possibly by North Korean threat actors.
Runtime Rebel Intel
5 min read·Apr 1, 2026