Suspected North Korea-linked attackers hijacked the open source Axios trust chain, pushing malicious updates to downstream users in a campaign experts believe is aimed at stealing cryptocurrency and exploiting blind dependency trust. A suspected North Korea-linked hacking group has compromised the open-source Axios package, turning a trusted dependency into the entry point for a potentially months-long crypto-focused software supply-chain attack affecting US enterprises.

Source: Open Source For U