Titan Security

Insights on application security, vulnerability research, and building secure software at scale.

Axios Compromised on npm: Cross-Platform RAT Dropped via Hijacked Maintainer Account

A technical breakdown of the Axios npm supply chain attack — how a compromised maintainer account, a staged fake dependency, and self-destructing payloads delivered a cross-platform RAT to one of JavaScript's most critical packages.

Ananay Arora·March 31, 2026

Threat Intelligence14 min read

The LiteLLM PyPI Compromise: Full Technical Teardown

A deep technical teardown of the LiteLLM supply chain attack — how a poisoned Trivy release led to credential theft, a three-stage payload, and Kubernetes lateral movement across the AI ecosystem.

Ananay Arora·March 25, 2026