A software supply chain compromise impacted the Axios npm package, injecting a malicious dependency ([email protected]) into versions 1.14.1 and 0.30.4. This dependency downloads multi-stage payloads, including a Remote Access Trojan (RAT), which communicates with a known malicious C2 domain.