Axios was infected with a Remote Access Trojan in March, undermining security in one of the most popular JavaScript libraries that has 100 million downloads weekly. The attack path was a customized social engineering attack against a lead maintainer.

AI is allowing attackers to create likenesses, generate authentic looking webpages, social profiles, and accounts on sharing tools, to convince victims to undermine their own security.

Full post-mortem: https://github.com/axios/axios/issues/10636