North Korean threat actors (BlueNoroff/UNC1069) compromised the Axios npm maintainer account and published two malicious versions — axios@1.14.1 and axios@0.30.4 — during a roughly three-hour window on this reporting date, bundling cross-platform RATs via a malicious dependency (plain-crypto-js) targeting Windows, macOS, and Linux. With approximately 400 million monthly downloads, the potential blast radius is exceptionally broad across JavaScript and Node.js applications globally. Any organization whose CI/CD pipelines, build agents, or application servers installed either malicious version during the exposure window should treat those systems as fully compromised and immediately audit for the presence of plain-crypto-js, rotate all credentials accessible from affected environments, and rebuild compromised hosts from known-good images.