Open-Source Supply Chains Hit

A software library can be as small as a few files and still end up inside millions of apps, because developers pull in prebuilt code the way restaurants buy ingredients from wholesalers. Axios is one of those ingredients: Microsoft said it handles more than 70 million weekly downloads on the Node Package Manager registry, and two poisoned Axios releases were published on March 31, 2026. (microsoft.com) The trick in this attack was not breaking into every company that used Axios. The attacker hijacked a primary maintainer’s Node Package Manager account and uploaded axios version 1.14.1 and 0.30.4, so the malware arrived through the normal update channel developers already trusted. (microsoft.com) (csa.gov.sg) Those two versions carried a fake dependency called plain-crypto-js version 4.2.1. That package ran a post-install script, which is code that executes during setup, and Microsoft said it pulled a second-stage remote access trojan for Windows, macOS, and Linux from attacker infrastructure it linked to Sapphire Sleet, a North Korean state actor. (microsoft.com) (csa.gov.sg) The ugly part is how little had to go wrong downstream. If a project was configured to accept newer Axios versions automatically, Microsoft said installing a version higher than axios caret 1.14.0 or caret 0.30.0 could connect to the command-and-control server and fetch malware, which turns one stolen maintainer account into a supply-chain problem for everyone below it. (microsoft.com) This same pattern is now showing up outside classic server software. Microsoft disclosed on April 9, 2026 that a bug in the Engage Software Development Kit, a third-party Android component used for push notifications, let one app on a phone jump the usual app sandbox and reach private data belonging to another app. (microsoft.com) Android’s sandbox is supposed to work like separate locked apartments inside one building. Microsoft said the Engage bug opened a hallway between apartments, putting more than 30 million crypto wallet installs at risk and contributing to exposure across more than 50 million Android installs before the issue was fixed in Engage Software Development Kit version 5.2.1 on November 3, 2025. (microsoft.com) (thehackernews.com) Microsoft said it has not seen evidence that the Engage flaw was exploited in the wild, and Google Play removed the apps it detected using vulnerable versions. But the point is the same as Axios: a weakness in one upstream component can silently spread risk into thousands of downstream products that did not write the bad code themselves. (microsoft.com) A third piece of the story sits in the artificial intelligence world, where the code itself is becoming part of the target. Wired reported that Meta paused work with data vendor Mercor after a breach tied to the Lite Large Language Model proxy exposed information about how companies including Meta, OpenAI, and Anthropic train models, which turns supplier compromise into a way to reach proprietary artificial intelligence workflows instead of just end-user devices. (wired.com) Anthropic had a separate scare on March 31, 2026, when a Claude Code package release on the Node Package Manager registry included a 59.8 megabyte source map that let outsiders reconstruct about 512,000 lines of TypeScript. Anthropic said no customer data or credentials were exposed, but the episode showed that one packaging mistake can spill proprietary code through the same software distribution pipes developers use every day. (techspot.com) Put those cases together and the map of software risk looks different from the old picture of a hacker battering at one company’s front door. In April 2026, the weak points were a maintainer account, a mobile software development kit, and a release package, which is why defenders are now treating dependency updates, vendor integrations, and build pipelines as part of the attack surface, not just the app at the end. (microsoft.com 1) (microsoft.com 2) (wired.com)