1. The Axios npm compromise used a hijacked live browser session by @matteocollina (Matteo Collina) · backlist 2026-05-05 · rubric 87.0