GlassWorm/Axios npm hijack NK Lazarus/LiteLLM/Trivy/Next.js React2Shell/GitHub supply-chain
Key Questions
What was the Axios npm hijack?
Hackers hijacked Axios via social engineering on a maintainer using a fake Teams fix from a bogus company. They published malicious versions briefly. Conduct OSS audits regularly.
How does NK Lazarus use GitHub?
DPRK's Lazarus uses GitHub for C2 in phishing LNK files dropping malware. They target South Korea with PDF/PowerShell payloads. Scan repos and monitor for anomalies.
What is the Mercor LiteLLM breach?
Mercor's 4TB data leak involved LiteLLM supply chain compromise, halting Meta partnership. It exposed AI-sensitive info. Vet AI stack dependencies.
What is React2Shell in Next.js attacks?
Hackers exploit React2Shell for automated credential theft in Next.js apps. It targets developer environments. Secure supply chains and review code.
What are the 36 malicious npm packages?
36 npm packages poison supply chains, linked to NK ops and others. They enable crypto heists and spying. Use tools like Trivy for scans.
What is GlassWorm's role?
GlassWorm ties to Axios hijack and NK Lazarus reconfirmation in supply chain attacks. Urgent PyPI/npm/GitHub audits needed. AI aids some attacks.
How do social engineering attacks hit Node.js?
Coordinated phishing targets Node.js maintainers post-Axios, using fake fixes. It enables package takeovers. Multi-factor and vigilance key.
What defenses for OSS supply chains?
Audit npm/PyPI/GitHub regularly, use SBOMs, and monitor for hijacks like LiteLLM. Block malicious packages and train on phishing. 36 npm threats highlight risks.
NK Lazarus Axios npm reconfirmed; Mercor 4TB LiteLLM; React2Shell creds; DPRK LNK GitHub; 36 malicious npm. Urgent OSS audits.