
The Axios Supply Chain Attack
From State of Cybercrime by Varonis, Matt Radolec, David Gibson
April 10, 2026 · 43 min · Season 3 · Episode 35
About this episode
The episode discusses the Axios supply chain attack and its implications for cybersecurity and geopolitics.
The Axios supply chain attack proves attackers don’t need vulnerabilities if they can hit the assembly line. By compromising a single npm maintainer account, they were able to slip a trojan into Axios updates that executed automatically inside developer machines and CI/CD pipelines long before security tools could intervene. On this episode of State of Cybercrime, Matt and David examine how the Axios incident marks a shift toward supply chain abuse and what Google’s attribution to a North Korean-linked group reveals about the blurred lines between developer infrastructure, cybercrime, and geopolitics.
People in this episode
Hosts: Matt Radolec, David Gibson
Topics covered
- supply chain attack
- cybersecurity
- npm
- trojan
- geopolitics
- developer infrastructure
Keywords
- Axios
- supply chain attack
- npm maintainer
- trojan
- cybercrime
- North Korea
Mentioned in this episode
Organizations: Axios, Google
Places: North Korea
More episodes of State of Cybercrime
- The Canvas Breach · May 19, 2026 · 30 min
- Salesforce Aura Data Theft · March 20, 2026 · 30 min
- OpenClaw & Moltbook (w/ Moriah Hara!) · February 14, 2026 · 43 min
- The React2Shell Crisis · December 15, 2025 · 23 min
- AI-Powered Espionage · November 24, 2025 · 24 min
- Black Hat Cartels · October 31, 2025 · 23 min
Explore listener stats, chart rankings, contacts and more on the State of Cybercrime podcast page.