Suspected DPRK state actors compromised the highly popular Axios npm package by taking over a maintainer's account and publishing malicious versions that deployed a cross-platform RAT via a phantom dependency. Concurrently, a threat group named TeamPCP conducted a cascading supply chain attack affecting Trivy, LiteLLM, and Telnyx to harvest CI/CD credentials. These incidents underscore the critical need for automated package monitoring, rapid credential rotation, and delayed dependency updates.