Source: Security.NL
A widely used software library called Axios has been compromised after attackers gained access to the account of its primary maintainer through a social engineering attack, according to Security.NL. The attackers then published malicious versions of the library that installed a remote access trojan (RAT) on the systems of users who downloaded them.
Axios is a library that developers use to handle web requests in applications and websites. According to Security.NL, it receives more than 100 million weekly downloads on npmjs.com, making it one of the most widely used tools of its kind.
According to Security.NL, the maintainer's account was compromised after attackers posed as someone interested in open source collaboration. Once they had access, they published versions of Axios containing malicious code. That code installed a remote access trojan, a type of software that gives attackers control over an infected system.
The maintainer has since responded by reformatting all of his systems, resetting all of his accounts and planning to use a FIDO security key going forward to strengthen his account security.
Free website scan covering GDPR, copyright, accessibility, security, and more.
Start free checkThe source URL could not be accessed because JavaScript is disabled, preventing content extraction.
It is worth noting that Security.NL is a secondary news source reporting on the maintainer's own GitHub statement. The original statement has not been directly linked as a primary source, so some details should be treated with caution.
If your website or web application was built by a developer, there is a reasonable chance it uses libraries like Axios behind the scenes. When a popular library is compromised in this way, it is called a supply chain attack. The risk does not come from your own code, but from trusted tools your site depends on.
This type of attack is a reminder that the software your website relies on is only as secure as the people maintaining it. Developers who build and maintain websites should be checking whether any libraries they use have been affected and updating to clean versions promptly.
You can find practical steps for keeping your website secure in our security checklist for small businesses and our guide on vulnerable WordPress plugins.
If someone else built your website, it is worth asking your developer whether they use Axios or similar libraries and whether they have checked for any issues following this incident. Keeping the software your website depends on up to date is one of the most straightforward ways to reduce your risk. Even if you run a small operation like a bakery or hair salon, your website can still be affected by vulnerabilities in widely used tools.
A critical authentication bypass vulnerability (CVE-2026-41940) in cPanel and WHM is being actively exploited, with security updates available since 28 April 2026 and exploitation reportedly…
Two backdoors were discovered in the WordPress plugin 'Quick Page/Post Redirect', which has more than 70,000 active installations, with the malicious code reportedly added in 2021.