axios

MAL-2026-2307

npmmalware3/31/2026

Description

Malicious code in axios (npm)

Indicators of Compromise

SHA256 Hashes (2)

bcd851213ecf0f8dc58fe88d79b3d19a59388272b2426097de7edc4c53df5d9e

50bbf7104516d22bb93a54feaf5122939b7fe72e943ce7da13ca88cb6c70aacf

Domains (1)

sfrclak.com

IP Addresses (1)

142.11.206.73

References (3)

https://github.com/advisories/GHSA-fw8c-xr5c-95f9OSV https://www.stepsecurity.io/blog/axios-compromised-on-npm-malicious-versions-drop-remote-access-trojanOSV https://github.com/axios/axios/issues/10604OSV

Details

Ecosystemnpm

Attack Typemalware

Published3/31/2026

Aliases

GHSA-fw8c-xr5c-95f9

Quick Actions

All Incidents npm Incidents

Agentic AI · Pentesting

Ready for Agentic Automated Testing?

Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.

Zero false positives

PoC for every finding

30+ tools orchestrated

Book a Demo Learn More

Setup in 5 minutesSOC 2 & ISO 27001