North Korean threat actor UNC1069 compromised the Axios npm package, a JavaScript HTTP library with billions of weekly downloads, by social engineering a maintainer into installing malware via a fake Microsoft Teams prompt. Two malicious versions (1.14.1 and 0.30.4) were published to the npm registry and remained live for approximately three hours, sufficient time for any organization running automated dependency pulls to potentially introduce the trojanized package into their environment. Downstream compromise requires execution of the embedded RAT payload, which has not been publicly confirmed at scale.