{"href":"https://api.simplecast.com/oembed?url=https%3A%2F%2Fsecuritytools.simplecast.com%2Fepisodes%2Faxios-supply-chain-attack-x1IUkZ2t","width":444,"version":"1.0","type":"rich","title":"The Axios Supply Chain Attack","thumbnail_width":300,"thumbnail_url":"https://image.simplecastcdn.com/images/59617cff-d258-400b-81f9-af733334da9f/c52cd99a-25d2-4ac1-ba5d-1fd490c79884/soc-podcastart.jpg","thumbnail_height":300,"provider_url":"https://simplecast.com","provider_name":"Simplecast","html":"<iframe src=\"https://player.simplecast.com/4930586e-4b5d-405e-b14b-8c9000a60886\" height=\"200\" width=\"100%\" title=\"The Axios Supply Chain Attack\" frameborder=\"0\" scrolling=\"no\"></iframe>","height":200,"description":"The Axios supply chain attack proves attackers don’t need vulnerabilities if they can hit the assembly line. By compromising a single npm maintainer account, they were able to slip a trojan into Axios updates that executed automatically inside developer machines and CI/CD pipelines long before security tools could intervene.\n\nOn this episode of State of Cybercrime, Matt and David examine how the Axios incident marks a shift toward supply chain abuse and what Google’s attribution to a North Korean-linked group reveals about the blurred lines between developer infrastructure, cybercrime, and geopolitics."}