my photo

John Z Black

Brunswick, ME • (207) 245-1010 • contact@johnzblack.com

Blog / #javascript

Axios Was Backdoored to Install a RAT. And It Left No Traces.

John Z Black Mar 31, 2026

Threat Intelligence #npm #supply-chain #axios #rat #malware #javascript #maintainer-compromise

Read More

North Korea Behind Polyfill.io? Supply Chain Poisoning Just Got a State Sponsor

John Z Black Mar 13, 2026

Supply Chain Security #supply-chain #north-korea #polyfill #npm #simple-git #javascript #cve

Forensic research links the Polyfill.io supply chain attack to a North Korean operative. The same week, a CVSS 9.8 RCE hits the simple-git npm library. Your dependency graph is your attack surface.

Read More