A DPRK-nexus threat actor, likely STARDUST CHOLLIMA, compromised the widely used Axios npm package using stolen maintainer credentials. The supply chain attack deployed updated, cross-platform variants of the ZshBucket malware capable of arbitrary command execution, payload injection, and file system enumeration, likely targeting the cryptocurrency and fintech sectors for financial gain.