Executive Summary Unit 42 researchers have observed widespread impact from the significant supply chain attack targeting the Axios JavaScript library. The attack occurred after an Axios maintainer's npm account was hijacked, leading to the release of malicious updates (versions v1.14.1 and v0.30.4). These compromised versions introduced a hidden dependency called plain-crypto-js. This dependency i...