Navigate Select ESC Close

the WORST hack of 2026

2026-03-31 Science & Technology
121.0k
8.6k
797
NetworkChuck
NetworkChuck
5.3m subscribers

Unlock all features

FREE: Get instant access to 10 AI summaries, chats, or transcripts per day.

Get My 10 Free Today

Related videos

I'll never use n8n the same......
17:25

I'll never use n8n the same......

NetworkChuck

75.9k views

THIS Is Where the Internet Lives
18:04

THIS Is Where the Internet Lives

NetworkChuck

753.6k views

I'm done with the AI hype
20:18

I'm done with the AI hype

NetworkChuck

200.5k views

I went to the LARGEST networking event in the world!
12:16

I went to the LARGEST networking event in the world!

NetworkChuck

90.8k views

You're going to get Hacked in 2025
32:13

You're going to get Hacked in 2025

NetworkChuck

405.2k views

the ONLY way to run Deepseek...
11:59

the ONLY way to run Deepseek...

NetworkChuck

1.2m views

the hacker’s roadmap (how to get started in IT in 2025)
33:50

the hacker’s roadmap (how to get started in IT in 2025)

NetworkChuck

1.2m views

Cisco has a Hacking Cert?!?
1:00:58

Cisco has a Hacking Cert?!?

NetworkChuck

65.6k views

he hacked my websites
34:24

he hacked my websites

NetworkChuck

389.3k views

What is DNS? (and how it makes the Internet work)
24:22

What is DNS? (and how it makes the Internet work)

NetworkChuck

619.5k views

Description

Axios, the most popular HTTP library with over 100 million weekly downloads, was just hijacked in one of the most sophisticated supply chain attacks in history. A hacker took over the lead maintainer's npm account, injected a phantom dependency that deploys a cross-platform remote access trojan in 1.1 seconds, and the malware erases itself leaving no trace. I break down exactly how it happened, explain what a supply chain attack is, and show you how to check if YOUR system is affected. npm supply chain attack, axios hacked, axios npm compromised, supply chain attack explained, npm install malware, remote access trojan, axios 1.14.1, plain-crypto-js, npm security, javascript security, open source security, postinstall script attack, supply chain hack 2026 TIMESTAMPS: 0:00 - npm install just became DANGEROUS 0:41 - How the attack happened 0:52 - What is Axios? (and why you probably have it) 1:39 - The account takeover 2:20 - The ONE line of code that did it all 3:06 - How it was discovered 3:32 - The postinstall dropper 4:08 - The RAT payload (Mac, Windows, Linux) 4:28 - The self-destruct (no evidence left) 4:40 - What IS a supply chain attack? 4:55 - The coffee analogy 5:51 - Are YOU affected? Let's check together 6:34 - Checking for the RAT on your system 6:51 - What to do if you're compromised 7:50 - Prayer 9:19 - BONUS: Pikachu explains supply chain attacks ALL COMMANDS, DETECTION SCRIPTS, IOCs, AND REMEDIATION: https://github.com/theNetworkChuck/axios-attack-guide Quick check: npm list axios npm list -g axios BAD VERSIONS: 1.14.1 and 0.30.4 SAFE VERSIONS: 1.14.0 and 0.30.3 One command that would have BLOCKED this attack: npm config set min-release-age 3 RESOURCES: Socket.dev (first to detect): https://socket.dev/blog/axios-npm-package-compromised StepSecurity deep dive: https://www.stepsecurity.io/blog/axios-compromised-on-npm-malicious-versions-drop-remote-access-trojan GitHub Issue: https://github.com/axios/axios/issues/10604 Huntress Blog: https://www.huntress.com/blog/supply-chain-compromise-axios-npm-package John Hammond Video: https://youtu.be/A58cV17avpM John Hammond Livestream: https://www.youtube.com/watch?v=A-KpP-6Dt8E SUPPORT NETWORKCHUCK: NetworkChuck Academy: https://academy.networkchuck.com FOLLOW ME EVERYWHERE: Twitter: https://twitter.com/networkchuck Instagram: https://www.instagram.com/networkchuck TikTok: https://www.tiktok.com/@networkchuck Discord: https://discord.gg/networkchuck READY TO LEARN?? NetworkChuck Academy: https://academy.networkchuck.com YouTube Membership: https://www.youtube.com/networkchuck/join #npm #supplychain #cybersecurity

Top Comments (10)

@jdpierce2359 2026-03-31

BRO you just solidified my subscription permanently. Thanks for the prayer. 💥

660 27 replies
@merihkaner 2026-03-31

Thanks Pikachu! 😊

453 8 replies
@Brocksqd 2026-03-31

just installed openclaw after finishing your openclaw video, and noticed another upload, Oh Fun ... Oh wait......

402 11 replies
@Akuzaah 2026-03-31

Crazy sitting on the toilet pull

124 6 replies
@pittgikera 2026-03-31

Glad I stayed on to the end, cutest thing ever, thanks pikachu 😄

119 1 replies
@Godilla1993 2026-03-31

Really appreciate the prayer. Confirmed affected by this thanks to your awareness video <3

63
@rboylee 2026-03-31

Great Job, Chuck! It was special having your daughter help you. Very sweet to involve her and make little moments that will make an impact further than this video. True man of God! 🤜🏻💥🤛🏻

27
@andrews5069 2026-04-01

I tell people that aren't into tech that the whole system of computers and the Internet (to simplify it for them) relies on thousands of unpaid people that can wake up on the wrong side of the bed one day and bring half the system down crashing. All of them think I'm bullshitting them.

18
@tommy8716 2026-03-31

I was confused until it was so clearly explained at 9:42. Chuck might not have too much longer before he's replaced

13
@itxzzhd 2026-04-01

5:20 Making coffee in front off your laptop is crazy

11

Unlock the Data Inside
Turn Videos into Knowledge

  • Get FREE 10/day: transcripts, summaries, chats
  • Chat with videos, export text & PDF
  • $1 free API credit for RAG, chatbots & research
Try it free

Free forever plan • All features unlocked

App screenshot