Loading...

Axios npm Supply Chain Compromise – Guidance for Azure Pipelines Customers

Axios npm Supply Chain Compromise – Guidance for Azure Pipelines Customers

On March 31, 2026, malicious versions of the widely used JavaScript HTTP client library Axios were briefly published to the npm registry as part of a supply chain attack. The affected versions — 1.14.1 and 0.30.4 — included a hidden malicious dependency that executed during installation and connected to attacker-controlled command-and-control (C2) infrastructure to retrieve […]

The post Axios npm Supply Chain Compromise – Guidance for Azure Pipelines Customers appeared first on Azure DevOps Blog.

Published on: April 24, 2026

Azure DevOps Blog

Azure DevOps Blog

DevOps, Git, and Agile updates from the team building Azure DevOps

Share post:

Related posts

Azure MCP Server now available as an MCP Bundle (.mcpb)

Azure MCP Server is now available as an MCP Bundle (.mcpb), enabling one-click installation into Claude Desktop and other MCP-compatible clien...

16 hours ago

7 tips to optimize Azure Cosmos DB costs for AI and agentic workloads

AI apps and agentic workloads expose inefficiencies in your data layer faster than any previous generation of apps. You’re storing embeddings,...

1 day ago

Voice of the MVP - Oracle AI Database@Azure

1 day ago

Public Preview: Actual Result for Manual Tests in Azure Test Plans

We’re excited to announce the public preview of the highly anticipated Actual Result (AR) feature for manual testing in Azure Test Plans...

1 day ago

Azure SDK Release (April 2026)

Azure SDK releases every month. In this post, you'll find this month's highlights and release notes. The post Azure SDK Release (April 2026) a...

2 days ago

Blog image

Azure DevOps Blog

DevOps, Git, and Agile updates from the team building Azure DevOps

Learn more

More from this blog

Optimizing Git policy management at scale

With just a single improvement in the REST API of Azure DevOps, we achieved a massive reduction in C...

Public Preview: Actual Result for Manual Tests in Azure Test Plans

We’re excited to announce the public preview of the highly anticipated Actual Result (AR) feat...

Azure DevOps MCP Server April Update

This update brings a set of improvements and changes across both local and remote Azure DevOps MCP S...

One-click security scanning and org-wide alert triage come to Advanced Security

We’re shipping two major capabilities that change how security teams enable and act on applica...

April Patches for Azure DevOps Server

We are releasing patches for our self‑hosted product, Azure DevOps Server. We strongly recommend tha...

Improving the Markdown Editor for Work Items

We introduced the Markdown editor in July 2025 to bring Markdown support to large text fields in wor...

Remote MCP Server preview in Microsoft Foundry

Earlier this week we release the public preview for our Azure DevOps MCP Server. Today we are excite...

Authentication Tokens Are Not a Data Contract

Authentication tokens exist to answer one question: is this caller authorized to do this? They are n...

Azure DevOps Remote MCP Server (public preview)

When we released the local Azure DevOps MCP Server, it gave customers a way to connect Azure DevOps ...

Relevant topics:

Azure

Stay up to date with latest Microsoft Dynamics 365 and Power Platform news!

* Yes, I agree to the privacy policy