This is your reminder to make sure you’re using npm min-release-age, pnpm minimumReleaseAge, or yarn npmMinimalAgeGate to protect your projects.

You should also check to ensure your projects are not already compromised.

Any system that ran npm install (or equivalent) resolving [email protected] or [email protected] after 2026-03-31T00:21:58Z may have executed the stage-2 payload.

See also the Stage 2 macOS trojan analysis for more detail and IoCs.

Now let's talk attribution. @DefSecSentinel quickly pointed to DPRK 🇰🇵. Remarkable similarities to WAVESHAPER / UNC1069 https://t.co/d4FXH4mQXl pic.twitter.com/wkzfiAZVeP
— Joe Desimone (@dez_) March 31, 2026

More Technology Knowledge Updates…

Axios compromised with a remote access trojan

2026-03-31

12:12 AM
Fatherhood is the end of philosophy

2026-03-28

3:21 PM
Pretext

2026-03-28

11:38 AM
gzip decompression in 250 lines of rust

2026-03-27

4:36 PM
Introducing Apple Business — a new all‑in‑one platform for businesses of all sizes

2026-03-24

8:19 AM
Worktrunk

2026-03-11

11:40 AM
Banned in California

2026-02-26

11:40 AM
Apple accelerates U.S. manufacturing, with Mac mini production coming later this year

2026-02-24

9:20 AM
Something Big Is Happening

2026-02-11

8:01 AM
You Are Here

2026-02-07

3:38 PM

Reid Burke

Axios compromised with a remote access trojan ↗︎

Leave a Reply

More Technology Knowledge Updates…

Axios compromised with a remote access trojan

Fatherhood is the end of philosophy

Pretext

gzip decompression in 250 lines of rust

Introducing Apple Business — a new all‑in‑one platform for businesses of all sizes

Worktrunk

Banned in California

Apple accelerates U.S. manufacturing, with Mac mini production coming later this year

Something Big Is Happening

You Are Here

STay Updated

Leave a Reply

More Technology Knowledge Updates…