Загрузка...

the WORST hack of 2026

Axios, the most popular HTTP library with over 100 million weekly downloads, was just hijacked in one of the most sophisticated supply chain attacks in history. A hacker took over the lead maintainer's npm account, injected a phantom dependency that deploys a cross-platform remote access trojan in 1.1 seconds, and the malware erases itself leaving no trace. I break down exactly how it happened, explain what a supply chain attack is, and show you how to check if YOUR system is affected.

npm supply chain attack, axios hacked, axios npm compromised, supply chain attack explained, npm install malware, remote access trojan, axios 1.14.1, plain-crypto-js, npm security, javascript security, open source security, postinstall script attack, supply chain hack 2026

TIMESTAMPS:
0:00 - npm install just became DANGEROUS
0:41 - How the attack happened
0:52 - What is Axios? (and why you probably have it)
1:39 - The account takeover
2:20 - The ONE line of code that did it all
3:06 - How it was discovered
3:32 - The postinstall dropper
4:08 - The RAT payload (Mac, Windows, Linux)
4:28 - The self-destruct (no evidence left)
4:40 - What IS a supply chain attack?
4:55 - The coffee analogy
5:51 - Are YOU affected? Let's check together
6:34 - Checking for the RAT on your system
6:51 - What to do if you're compromised
7:50 - Prayer
9:19 - BONUS: Pikachu explains supply chain attacks

ALL COMMANDS, DETECTION SCRIPTS, IOCs, AND REMEDIATION:
https://github.com/theNetworkChuck/axios-attack-guide

Quick check:
npm list axios
npm list -g axios

BAD VERSIONS: 1.14.1 and 0.30.4
SAFE VERSIONS: 1.14.0 and 0.30.3

One command that would have BLOCKED this attack:
npm config set min-release-age 3

RESOURCES:
Socket.dev (first to detect): https://socket.dev/blog/axios-npm-package-compromised
StepSecurity deep dive: https://www.stepsecurity.io/blog/axios-compromised-on-npm-malicious-versions-drop-remote-access-trojan
GitHub Issue: https://github.com/axios/axios/issues/10604
Huntress Blog: https://www.huntress.com/blog/supply-chain-compromise-axios-npm-package

John Hammond Video: https://youtu.be/A58cV17avpM
John Hammond Livestream: https://www.youtube.com/watch?v=A-KpP-6Dt8E

SUPPORT NETWORKCHUCK:
NetworkChuck Academy: https://academy.networkchuck.com

FOLLOW ME EVERYWHERE:
Twitter: https://twitter.com/networkchuck
Instagram: https://www.instagram.com/networkchuck
TikTok: https://www.tiktok.com/@networkchuck
Discord: https://discord.gg/networkchuck

READY TO LEARN??
NetworkChuck Academy: https://academy.networkchuck.com
YouTube Membership: https://www.youtube.com/networkchuck/join

#npm #supplychain #cybersecurity

Видео the WORST hack of 2026 канала NetworkChuck
Комментарии отсутствуют
Зарегистрируйтесь или войдите с
Информация о видео
31 марта 2026 г. 20:00:51
00:11:00
NetworkChuck
Правообладателям
Жалоба на материал Недопустимый материал Нарушение авторских прав
Комментарии
Поделиться
Другие видео канала

NetworkChuck 10 Days of Christmas GIVEAWAY!! (CCNA Packet Tracer Labs)NetworkChuck 10 Days of Christmas GIVEAWAY!! (CCNA Packet Tracer Labs)

Trying to Study for my CCNA CCNP with KIDS!! - Study Tips for CCNA CCNPTrying to Study for my CCNA CCNP with KIDS!! - Study Tips for CCNA CCNP

What if you forgot EVERYTHING? - Re-Learning IT after MEMORY LOSS w/ Shawn Powers | Linux | CCNAWhat if you forgot EVERYTHING? - Re-Learning IT after MEMORY LOSS w/ Shawn Powers | Linux | CCNA

Network ChuckNetwork Chuck

NetworkChuck 10 Days of Christmas 2018 - CBT Nuggets | David Bombal | Kevin Wallace (and more!!)NetworkChuck 10 Days of Christmas 2018 - CBT Nuggets | David Bombal | Kevin Wallace (and more!!)

Start your IT Journey in 2023 RIGHT NOWStart your IT Journey in 2023 RIGHT NOW

What is a ROUTER? // FREE CCNA // EP 2What is a ROUTER? // FREE CCNA // EP 2

FREE CCNA // What is a Network? // Day 0FREE CCNA // What is a Network? // Day 0

the hacker’s roadmap (how to get started in IT in 2025)the hacker’s roadmap (how to get started in IT in 2025)

your favorite websites can be HACKED! (watering holes, typo squatting) // FREE Security+ // EP 4your favorite websites can be HACKED! (watering holes, typo squatting) // FREE Security+ // EP 4

how the OSI model works on YouTube (Application and Transport Layers) // FREE CCNA // EP 5how the OSI model works on YouTube (Application and Transport Layers) // FREE CCNA // EP 5

You need these skills to become a hackerYou need these skills to become a hacker

What is a SWITCH? // FREE CCNA // Day 1What is a SWITCH? // FREE CCNA // Day 1

Linux for Hackers // EP 1 (FREE Linux course for beginners)Linux for Hackers // EP 1 (FREE Linux course for beginners)

40 Windows Commands you NEED to know (in 10 Minutes)40 Windows Commands you NEED to know (in 10 Minutes)

I'm going to be a hackerI'm going to be a hacker

Gemma 4 on the iPhone (local AI, no internet required)Gemma 4 on the iPhone (local AI, no internet required)

60 Hacking Commands You NEED to Know60 Hacking Commands You NEED to Know

we’re out of IP Addresses….but this saved us (Private IP Addresses)we’re out of IP Addresses….but this saved us (Private IP Addresses)

STRESSED OUT!! (you need to learn EVERYTHING RIGHT NOW!!)STRESSED OUT!! (you need to learn EVERYTHING RIGHT NOW!!)

you need to learn Python RIGHT NOW!! // EP 1you need to learn Python RIGHT NOW!! // EP 1

Яндекс.Метрика
© 2008-2026 «Информационно-развлекательный портал города Верхняя Салда»
salda.ws@mail.ru salda_ws Контакты Карта портала Сообщить об ошибке Соглашения Пользовательское соглашение Соглашение о конфиденциальности Согласие на обработку персональных данных Информация для правообладателей Об использовании Cookies
Все заметки Новая заметка Страницу в заметки
Страницу в закладки Мои закладки
На информационно-развлекательном портале SALDA.WS применяются cookie-файлы. Нажимая кнопку Принять, вы подтверждаете свое согласие на их использование.
О CookiesНапомнить позжеПринять