Rapid Response Status: check for Rapid Response outages and issues

Active Incidents

No active incidents

Recently Resolved Incidents

Axios NPM Package Compromise

Started 31 Mar 2026 11:40:50 (8 hours ago), resolved 31 Mar 2026 15:56:55 (4 hours ago)

Major Incident

Resolved

Rapid Response

Dear Customers,

Team Axon is actively monitoring a recent supply chain compromise affecting the widely used NPM package axios, which introduces significant risk across enterprise environments relying on this dependency.

Axios Compromise: Malicious versions of the axios package were published to NPM, embedding a remote access trojan. These versions were capable of establishing outbound connections to attacker-controlled infrastructure, enabling remote command execution and potential data exfiltration from affected systems.

The compromise is particularly concerning due to Axios’s widespread use in both frontend and backend applications, increasing the likelihood of downstream impact across development pipelines and production environments.

This incident exposes organizations to:

Unauthorized remote access to affected systems through embedded backdoor functionality.
Execution of attacker-controlled commands within application environments.
Potential exfiltration of sensitive data, including credentials and application data.
Supply chain propagation through dependent applications and services.

Our team continues to assess the scope and technical details of this compromise. In case we identify strong indications of exposure within your environment, we will reach out directly.

For further assistance or validation, please contact us.

Sincerely, Team Axon

NPM Packages: [email protected] [email protected]

IOCS:

IPs: 142.11.206.73

Domains: sfrclak[.]com

File Hashes: 2553649f2322049666871cea80a5d0d6adc700ca d6f3f62fd3b9f5432f5782b62d8cfd5247d5ee71 07d889e2dadce6f3910dcbc253317d28ca61c766

Resolved: Dear Customers, Following recent reports regarding the Axios NPM package compromise, we have continued our threat-focused hunting efforts, specifically reviewing IOC hits and related TTPs associated with this campaign. Axon reports have been published for Team Axon customers. These reports include:

A consolidated list of relevant IOCs Threat hunting queries Threat hunting results across applicable environments Any findings that may require your attention are highlighted within your Axon report. If you have any questions or require further assistance, please do not hesitate to reach out. Best regards, Team Axon

31 Mar 2026 15:56:55 (4 hours ago)

Identified: Dear Customers,

Team Axon is actively monitoring a recent supply chain compromise affecting the widely used NPM package axios, which introduces significant risk across enterprise environments relying on this dependency.

Axios Compromise: Malicious versions of the axios package were published to NPM, embedding a remote access trojan. These versions were capable of establishing outbound connections to attacker-controlled infrastructure, enabling remote command execution and potential data exfiltration from affected systems.

The compromise is particularly concerning due to Axios’s widespread use in both frontend and backend applications, increasing the likelihood of downstream impact across development pipelines and production environments.

This incident exposes organizations to:

Unauthorized remote access to affected systems through embedded backdoor functionality.
Execution of attacker-controlled commands within application environments.
Potential exfiltration of sensitive data, including credentials and application data.
Supply chain propagation through dependent applications and services.

Our team continues to assess the scope and technical details of this compromise. In case we identify strong indications of exposure within your environment, we will reach out directly.

For further assistance or validation, please contact us.

Sincerely, Team Axon

NPM Packages: [email protected] [email protected]

IOCS:

IPs: 142.11.206.73

Domains: sfrclak[.]com

File Hashes: 2553649f2322049666871cea80a5d0d6adc700ca d6f3f62fd3b9f5432f5782b62d8cfd5247d5ee71 07d889e2dadce6f3910dcbc253317d28ca61c766

31 Mar 2026 11:40:50 (8 hours ago)

See all updates

Rapid Response Outage Survival Guide

A step-by-step guide to help you survive a Rapid Response outage

NaN%

Rapid Response Components

Rapid Response

Tue 24

Wed 25

Thu 26

Fri 27

Sat 28

Sun 29

Mon 30

now

Rapid Response

Tue 24

Wed 25

Thu 26

Fri 27

Sat 28

Sun 29

Mon 30

now

Axios NPM Package Compromise

Started 31 Mar 2026 11:40:50 (8 hours ago), resolved 31 Mar 2026 15:56:55 (4 hours ago)

Major Incident

Resolved

Rapid Response

Dear Customers,

Team Axon is actively monitoring a recent supply chain compromise affecting the widely used NPM package axios, which introduces significant risk across enterprise environments relying on this dependency.

Axios Compromise: Malicious versions of the axios package were published to NPM, embedding a remote access trojan. These versions were capable of establishing outbound connections to attacker-controlled infrastructure, enabling remote command execution and potential data exfiltration from affected systems.

The compromise is particularly concerning due to Axios’s widespread use in both frontend and backend applications, increasing the likelihood of downstream impact across development pipelines and production environments.

This incident exposes organizations to:

Unauthorized remote access to affected systems through embedded backdoor functionality.
Execution of attacker-controlled commands within application environments.
Potential exfiltration of sensitive data, including credentials and application data.
Supply chain propagation through dependent applications and services.

Our team continues to assess the scope and technical details of this compromise. In case we identify strong indications of exposure within your environment, we will reach out directly.

For further assistance or validation, please contact us.

Sincerely, Team Axon

NPM Packages: [email protected] [email protected]

IOCS:

IPs: 142.11.206.73

Domains: sfrclak[.]com

File Hashes: 2553649f2322049666871cea80a5d0d6adc700ca d6f3f62fd3b9f5432f5782b62d8cfd5247d5ee71 07d889e2dadce6f3910dcbc253317d28ca61c766

Resolved: Dear Customers, Following recent reports regarding the Axios NPM package compromise, we have continued our threat-focused hunting efforts, specifically reviewing IOC hits and related TTPs associated with this campaign. Axon reports have been published for Team Axon customers. These reports include:

A consolidated list of relevant IOCs Threat hunting queries Threat hunting results across applicable environments Any findings that may require your attention are highlighted within your Axon report. If you have any questions or require further assistance, please do not hesitate to reach out. Best regards, Team Axon

31 Mar 2026 15:56:55 (4 hours ago)

Identified: Dear Customers,

Team Axon is actively monitoring a recent supply chain compromise affecting the widely used NPM package axios, which introduces significant risk across enterprise environments relying on this dependency.

Axios Compromise: Malicious versions of the axios package were published to NPM, embedding a remote access trojan. These versions were capable of establishing outbound connections to attacker-controlled infrastructure, enabling remote command execution and potential data exfiltration from affected systems.

The compromise is particularly concerning due to Axios’s widespread use in both frontend and backend applications, increasing the likelihood of downstream impact across development pipelines and production environments.

This incident exposes organizations to:

Unauthorized remote access to affected systems through embedded backdoor functionality.
Execution of attacker-controlled commands within application environments.
Potential exfiltration of sensitive data, including credentials and application data.
Supply chain propagation through dependent applications and services.

Our team continues to assess the scope and technical details of this compromise. In case we identify strong indications of exposure within your environment, we will reach out directly.

For further assistance or validation, please contact us.

Sincerely, Team Axon

NPM Packages: [email protected] [email protected]

IOCS:

IPs: 142.11.206.73

Domains: sfrclak[.]com

File Hashes: 2553649f2322049666871cea80a5d0d6adc700ca d6f3f62fd3b9f5432f5782b62d8cfd5247d5ee71 07d889e2dadce6f3910dcbc253317d28ca61c766

31 Mar 2026 11:40:50 (8 hours ago)

See all updates

Rapid Response Status

Real-time updates of Rapid Response issues and outages

Rapid Response status is Operational

Rapid Response

You're checking on Rapid Response - but is your own site converting?

Active Incidents

Recently Resolved Incidents

Rapid Response Outage Survival Guide

Rapid Response Components

Rapid Response

Rapid Response

Rapid Response Alternatives

DRACOON Cloud

Doppler

FTAPI

Wallarm

Qualys

IBM MaaS360

LockSelf

Foxpass

Commonly Used Together

Alloy

Vouched

ID.me

Login.gov

Bloom

Ekata

IDnow GmbH