The Axios supply chain attack used individually targeted social engineering
BlogSimon WillisonApr 3, 2026
AI Summary
The Axios supply chain attack postmortem reveals a new threat model: attackers didn't exploit code โ they cloned a company's founder and ran a personalized social engineering campaign via Slack. Open source maintainers are now the attack surface.
From the original
Sponsored by: Honeycomb โ AI agents behave unpredictably. Get the context you need to debug what actually happened. Read the blog The Axios team have published a full postmortem on the supply chain attack which resulted in a malware dependency going out in a release the other day, and it involved aโฆ
16 more articles in this vault.
Import the full Simon Willison vault to Burn 451 and build your own knowledge base.
Content attributed to the original author (Simon Willison). Burn 451 curates publicly available writing as a reading index. For removal requests, contact @hawking520.