Crushing the Axios supply chain threat with Tenable Hexa AI: Use cases for agentic AI
See how you can use Tenable Hexa AI to determine in minutes if you’re impacted by the Axios npm supply chain attack. Learn how easy it is to automate configu...
Supply Chain
20 articles
Python Supply-Chain Compromise
This is news: A malicious supply chain compromise has been identified in the Python Package Index package litellm version 1.82.
5 steps to strengthen supply chain security and improve cyber resilience
Supply chain attacks have rapidly become one of the most damaging and difficult threats facing IT and security teams. When an adversary compromises a trusted...
Supply chain security is now a board-level issue: Here’s what CSOs need to know
For many years, supply chain security was viewed purely as a technical concern. However, with high-profile vulnerabilities and regulations, it is now a board...
Week in review: Axios npm supply chain compromise, critical FortiClient EMS bugs exploited
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Financial groups lay out a plan to fight AI identity attack...
The developer credential economy: Why exposure data is the new front line in the supply chain war
Recent supply chain attacks have highlighted an urgent need for organizations to shift from a reactive security posture to a preemptive exposure management s...
Axios npm compromise traced to targeted social engineering attack
The recent compromise of the widely used Axios npm package has been confirmed as the result of a targeted social engineering attack. The incident, which brie...
North Korea-Linked Hackers Hit Axios npm in Supply Chain Attack
A major software supply chain attack has been uncovered after threat actors compromised the widely used Axios npm package, impacting developers and organizat...
Securing the Supply Chain: How SentinelOne®’s AI EDR Stops the Axios Attack Autonomously
Read our blog post to learn how SentinelOne’s AI EDR autonomously stopped a global LiteLLM supply chain attack before execution.
Mercor Hit by LiteLLM Supply Chain Attack
The AI recruiting firm is investigating the incident as Lapsus$ claimed the theft of 4TB of Mercor data. The post Mercor Hit by LiteLLM Supply Chain Attack a...
How we caught the Axios supply chain attack
Joe Desimone shares the story of how he caught the Axios supply chain attack with a proof of concept tool built in an afternoon.
Mercor confirms security incident tied to LiteLLM supply chain attack
Although the LiteLLM attack was reportedly tied to a group called TeamPCP, the hacking gang Lapsus$ claimed on its website that it obtained hundreds of gigab...
Threat Brief: Widespread Impact of the Axios Supply Chain Attack
Unit 42 discusses the supply chain attack targeting Axios. Learn about the full attack chain, from the dropper to forensic cleanup.
AI startup Mercor confirms security incident linked to LiteLLM supply chain attack
The incident at Mercor is believed to stem from malicious code injected into the LiteLLM project, an open-source tool used by numerous companies to manage AI...
North Korean hackers linked to Axios npm supply chain compromise
The software supply chain attack that resulted in the compromise of npm packages of Axios, an extremely popular HTTP client library, is believed to be the wo...
SentinelOne autonomous detection blocks trojaned LiteLLM triggered by Claude Code
SentinelOne AI stopped a LiteLLM supply chain attack in seconds, blocking malicious code automatically without human intervention. SentinelOne’s AI-based sec...
Axios NPM Package Breached in North Korean Supply Chain Attack
A long-lived NPM access token was used to bypass the GitHub Actions OIDC-based CI/CD publishing workflow and push backdoored package versions. The post Axios...
NPM Supply Chain Attack Uses undicy-http to Deploy RAT
A highly sophisticated npm supply chain attack that abuses a fake HTTP client package to deliver both a powerful RAT and a stealthy browser stealer. The mali...
Elastic releases detections for the Axios supply chain compromise
Hunting and detection rules for the Elastic-discovered Axios supply chain compromise.
Inside the Axios supply chain compromise - one RAT to rule them all
Elastic Security Labs analyzes a supply chain compromise of the axios npm package delivering a unified cross-platform RAT