Feross on TBPN: How North Korea Hijacked Axios

Socket CEO Feross Aboukhadijeh appeared on the TBPN podcast to explain how North Korean state actors compromised the Axios npm package through a sophisticated social engineering campaign. Attackers spent weeks building a fake company, Slack workspace, and staged a Microsoft Teams call to trick the lead Axios maintainer into installing malware, ultimately gaining npm publish access. Feross highlights the fundamental asymmetry between attackers and defenders in software supply chains, and discusses how AI may shift the balance by enabling continuous, scalable security analysis that was previously impractical for human teams.