https://startaitools.com/tags/supply-chain/Recent content in Supply-Chain on Start AI Tools - Presented by Intent SolutionsHugoen-USIntent Solutions. All rights reserved.Thu, 02 Apr 2026 22:12:54 -0500https://startaitools.com/posts/software-supply-chain-security/Thu, 02 Apr 2026 08:00:00 -0500https://startaitools.com/posts/software-supply-chain-security/<p>On March 31, 2026, attackers published two malicious versions of axios — a package with roughly 100 million weekly npm downloads — during a window of a little over three hours. Google Threat Intelligence Group attributed the campaign to UNC1069, a North Korea-nexus threat actor. The malicious releases introduced a dependency that used a postinstall script to deploy a cross-platform remote access trojan.</p> <p>During that window, any CI/CD pipeline or developer workstation that freshly resolved the affected versions and allowed lifecycle scripts to run could have been compromised. Projects with previously committed lockfiles were far less likely to be affected.</p>