{"id":24106,"date":"2026-04-10T10:53:20","date_gmt":"2026-04-10T13:53:20","guid":{"rendered":"https:\/\/www.ethicalhacker.com.br\/site\/?p=24106"},"modified":"2026-04-10T10:55:02","modified_gmt":"2026-04-10T13:55:02","slug":"ataque-de-engenharia-social-compromete-axios-e-npm","status":"publish","type":"post","link":"https:\/\/www.ethicalhacker.com.br\/site\/2026\/04\/exploits\/ataque-de-engenharia-social-compromete-axios-e-npm\/","title":{"rendered":"Ataque de engenharia social compromete Axios e NPM"},"content":{"rendered":"\n<section class=\"text-token-text-primary w-full focus:outline-none [--shadow-height:45px] has-data-writing-block:pointer-events-none has-data-writing-block:-mt-(--shadow-height) has-data-writing-block:pt-(--shadow-height) [&amp;:has([data-writing-block])&gt;*]:pointer-events-auto R6Vx5W_threadScrollVars scroll-mb-[calc(var(--scroll-root-safe-area-inset-bottom,0px)+var(--thread-response-height))] scroll-mt-(--header-height)\" dir=\"auto\" data-turn-id=\"bbb2160f-a4f4-49da-832d-55bd5e824b9c\" data-testid=\"conversation-turn-1\" data-scroll-anchor=\"false\" data-turn=\"user\"><\/section>\n<section class=\"text-token-text-primary w-full focus:outline-none [--shadow-height:45px] has-data-writing-block:pointer-events-none has-data-writing-block:-mt-(--shadow-height) has-data-writing-block:pt-(--shadow-height) [&amp;:has([data-writing-block])&gt;*]:pointer-events-auto R6Vx5W_threadScrollVars scroll-mb-[calc(var(--scroll-root-safe-area-inset-bottom,0px)+var(--thread-response-height))] scroll-mt-[calc(var(--header-height)+min(200px,max(70px,20svh)))]\" dir=\"auto\" data-turn-id=\"9acab369-ca9a-434f-bdb7-aed886a4b2ef\" data-testid=\"conversation-turn-2\" data-scroll-anchor=\"false\" data-turn=\"assistant\">\n<div class=\"text-base my-auto mx-auto [--thread-content-margin:var(--thread-content-margin-xs,calc(var(--spacing)*4))] @w-sm\/main:[--thread-content-margin:var(--thread-content-margin-sm,calc(var(--spacing)*6))] @w-lg\/main:[--thread-content-margin:var(--thread-content-margin-lg,calc(var(--spacing)*16))] px-(--thread-content-margin)\">\n<div class=\"[--thread-content-max-width:40rem] @w-lg\/main:[--thread-content-max-width:48rem] mx-auto max-w-(--thread-content-max-width) flex-1 group\/turn-messages focus-visible:outline-hidden relative flex w-full min-w-0 flex-col agent-turn\">\n<div class=\"flex max-w-full flex-col gap-4 grow\">\n<div class=\"min-h-8 text-message relative flex w-full flex-col items-end gap-2 text-start break-words whitespace-normal outline-none keyboard-focused:focus-ring [.text-message+&amp;]:mt-1\" dir=\"auto\" data-message-author-role=\"assistant\" data-message-id=\"570b2e0b-df48-47df-957b-67f4009c7bda\" data-message-model-slug=\"gpt-5-3\">\n<div class=\"flex w-full flex-col gap-1 empty:hidden\">\n<div class=\"markdown prose dark:prose-invert w-full wrap-break-word light markdown-new-styling\">\n<p style=\"text-align: justify;\" data-section-id=\"xjc3jj\" data-start=\"0\" data-end=\"115\"><strong>Ataque de engenharia social e Supply Chain: Como hackers norte-coreanos comprometeram o Axios e o ecossistema NPM<\/strong><\/p>\n<p style=\"text-align: justify;\" data-start=\"132\" data-end=\"624\">O cen\u00e1rio contempor\u00e2neo da ciberseguran\u00e7a tem demonstrado uma mudan\u00e7a significativa no vetor de ataques: a explora\u00e7\u00e3o do fator humano. Um exemplo recente e alarmante foi o comprometimento da biblioteca JavaScript Axios \u2014 amplamente utilizada no desenvolvimento moderno \u2014 por hackers ligados \u00e0 Coreia do Norte. O incidente, relatado pelo portal TecMundo, evidencia como uma \u00fanica v\u00edtima pode ser suficiente para desencadear um ataque em larga escala, afetando milhares de sistemas globalmente.<\/p>\n<p style=\"text-align: justify;\" data-start=\"626\" data-end=\"763\">Este artigo analisa tecnicamente o ataque, seus m\u00e9todos, impactos e as li\u00e7\u00f5es estrat\u00e9gicas para profissionais de seguran\u00e7a da informa\u00e7\u00e3o.<\/p>\n<p data-start=\"626\" data-end=\"763\">\u00a0<\/p>\n<p style=\"text-align: justify;\" data-section-id=\"1hwdtgf\" data-start=\"770\" data-end=\"806\"><strong>O alvo: Axios e o ecossistema NPM<\/strong><\/p>\n<p style=\"text-align: justify;\" data-start=\"808\" data-end=\"1068\">O Axios \u00e9 uma das bibliotecas mais populares do ecossistema Node.js, utilizada para requisi\u00e7\u00f5es HTTP em aplica\u00e7\u00f5es web e sistemas distribu\u00eddos. Sua ampla ado\u00e7\u00e3o o torna um alvo altamente estrat\u00e9gico para ataques de cadeia de suprimentos (supply chain attacks).<\/p>\n<p style=\"text-align: justify;\" data-start=\"1070\" data-end=\"1328\">O reposit\u00f3rio NPM (Node Package Manager), por sua vez, funciona como um hub central de distribui\u00e7\u00e3o de pacotes, com bilh\u00f5es de downloads semanais. Comprometer um pacote nesse ambiente significa potencialmente atingir milhares de organiza\u00e7\u00f5es simultaneamente.<\/p>\n<p data-start=\"1070\" data-end=\"1328\">\u00a0<\/p>\n<p style=\"text-align: justify;\" data-section-id=\"1ykwak5\" data-start=\"1335\" data-end=\"1389\"><strong>Vetor de ataque: Engenharia social de alta precis\u00e3o<\/strong><\/p>\n<p style=\"text-align: justify;\" data-start=\"1391\" data-end=\"1557\">Diferente de ataques tradicionais que exploram vulnerabilidades t\u00e9cnicas, este incidente teve como ponto de entrada uma \u00fanica pessoa: o mantenedor principal do Axios.<\/p>\n<p style=\"text-align: justify;\" data-start=\"1559\" data-end=\"1662\">Os atacantes conduziram uma campanha sofisticada de engenharia social, baseada nos seguintes elementos:<\/p>\n<ul style=\"text-align: justify;\" data-start=\"1664\" data-end=\"1909\">\n<li data-section-id=\"19yroo6\" data-start=\"1664\" data-end=\"1730\">\n<p>Cria\u00e7\u00e3o de uma empresa falsa com identidade visual convincente<\/p>\n<\/li>\n<li data-section-id=\"1c6rbis\" data-start=\"1731\" data-end=\"1790\">\n<p>Constru\u00e7\u00e3o de um ambiente corporativo fict\u00edcio no Slack<\/p>\n<\/li>\n<li data-section-id=\"1yjx0nr\" data-start=\"1791\" data-end=\"1856\">\n<p>Perfis falsos de funcion\u00e1rios e presen\u00e7a simulada no LinkedIn<\/p>\n<\/li>\n<li data-section-id=\"1rs6jvc\" data-start=\"1857\" data-end=\"1909\">\n<p>Agendamento de reuni\u00e3o profissional com a v\u00edtima<\/p>\n<\/li>\n<\/ul>\n<p style=\"text-align: justify;\" data-start=\"1911\" data-end=\"2081\">Essa encena\u00e7\u00e3o foi suficiente para ganhar a confian\u00e7a do desenvolvedor, demonstrando o n\u00edvel avan\u00e7ado de planejamento dos atacantes.<\/p>\n<p data-start=\"1911\" data-end=\"2081\">\u00a0<\/p>\n<p style=\"text-align: justify;\" data-section-id=\"1cc749i\" data-start=\"2088\" data-end=\"2144\"><strong>Execu\u00e7\u00e3o do ataque: Malware disfar\u00e7ado de atualiza\u00e7\u00e3o<\/strong><\/p>\n<p style=\"text-align: justify;\" data-start=\"2146\" data-end=\"2345\">Durante uma reuni\u00e3o virtual, os hackers introduziram um falso alerta de erro, sugerindo a necessidade de atualiza\u00e7\u00e3o do Microsoft Teams. Na realidade, o arquivo era um <strong data-start=\"2314\" data-end=\"2344\">RAT (Remote Access Trojan)<\/strong>.<\/p>\n<p style=\"text-align: justify;\" data-start=\"2347\" data-end=\"2365\">Ap\u00f3s a instala\u00e7\u00e3o:<\/p>\n<ul style=\"text-align: justify;\" data-start=\"2367\" data-end=\"2524\">\n<li data-section-id=\"1i4c3mo\" data-start=\"2367\" data-end=\"2428\">\n<p>Os atacantes obtiveram acesso remoto ao sistema da v\u00edtima<\/p>\n<\/li>\n<li data-section-id=\"52vny2\" data-start=\"2429\" data-end=\"2478\">\n<p>Capturaram credenciais de autentica\u00e7\u00e3o do NPM<\/p>\n<\/li>\n<li data-section-id=\"pocqxo\" data-start=\"2479\" data-end=\"2524\">\n<p>Assumiram controle da conta do mantenedor<\/p>\n<\/li>\n<\/ul>\n<p style=\"text-align: justify;\" data-start=\"2526\" data-end=\"2685\">Esse tipo de t\u00e9cnica \u00e9 conhecido como <strong data-start=\"2564\" data-end=\"2576\">ClickFix<\/strong>, onde o usu\u00e1rio \u00e9 induzido a executar uma a\u00e7\u00e3o aparentemente leg\u00edtima.<\/p>\n<p data-start=\"2526\" data-end=\"2685\">\u00a0<\/p>\n<p style=\"text-align: justify;\" data-section-id=\"1su9pp\" data-start=\"2692\" data-end=\"2735\"><strong>Comprometimento da cadeia de suprimentos<\/strong><\/p>\n<p style=\"text-align: justify;\" data-start=\"2737\" data-end=\"2821\">Com acesso privilegiado, os invasores publicaram vers\u00f5es maliciosas do Axios no NPM:<\/p>\n<ul style=\"text-align: justify;\" data-start=\"2823\" data-end=\"2981\">\n<li data-section-id=\"9tk4yz\" data-start=\"2823\" data-end=\"2865\">\n<p>Vers\u00f5es comprometidas: 1.14.1 e 0.30.4<\/p>\n<\/li>\n<li data-section-id=\"2fv2yc\" data-start=\"2866\" data-end=\"2922\">\n<p>Inser\u00e7\u00e3o de depend\u00eancia maliciosa: <em data-start=\"2903\" data-end=\"2920\">plain-crypto-js<\/em><\/p>\n<\/li>\n<li data-section-id=\"w2myts\" data-start=\"2923\" data-end=\"2981\">\n<p>Instala\u00e7\u00e3o autom\u00e1tica do malware em ambientes afetados<\/p>\n<\/li>\n<\/ul>\n<p style=\"text-align: justify;\" data-start=\"2983\" data-end=\"3039\">Esse modelo de ataque \u00e9 particularmente perigoso porque:<\/p>\n<ul style=\"text-align: justify;\" data-start=\"3041\" data-end=\"3167\">\n<li data-section-id=\"165akb7\" data-start=\"3041\" data-end=\"3082\">\n<p>N\u00e3o altera o c\u00f3digo principal vis\u00edvel<\/p>\n<\/li>\n<li data-section-id=\"1h3k8gt\" data-start=\"3083\" data-end=\"3119\">\n<p>Explora depend\u00eancias transitivas<\/p>\n<\/li>\n<li data-section-id=\"1t9rds4\" data-start=\"3120\" data-end=\"3167\">\n<p>Passa despercebido em revis\u00f5es superficiais<\/p>\n<\/li>\n<\/ul>\n<p style=\"text-align: justify;\" data-start=\"3169\" data-end=\"3322\">As vers\u00f5es ficaram dispon\u00edveis por aproximadamente tr\u00eas horas \u2014 tempo suficiente para causar impacto significativo.<\/p>\n<p data-start=\"3169\" data-end=\"3322\">\u00a0<\/p>\n<p style=\"text-align: justify;\" data-section-id=\"60fq7m\" data-start=\"3329\" data-end=\"3363\"><strong>Malware utilizado e capacidades<\/strong><\/p>\n<p style=\"text-align: justify;\" data-start=\"3365\" data-end=\"3459\">O ataque implantou um backdoor avan\u00e7ado, associado ao grupo UNC1069, com caracter\u00edsticas como:<\/p>\n<ul style=\"text-align: justify;\" data-start=\"3461\" data-end=\"3619\">\n<li data-section-id=\"q41xkq\" data-start=\"3461\" data-end=\"3492\">\n<p>Execu\u00e7\u00e3o remota de comandos<\/p>\n<\/li>\n<li data-section-id=\"bse99g\" data-start=\"3493\" data-end=\"3536\">\n<p>Coleta de credenciais e dados sens\u00edveis<\/p>\n<\/li>\n<li data-section-id=\"g3hwrr\" data-start=\"3537\" data-end=\"3576\">\n<p>Persist\u00eancia no sistema operacional<\/p>\n<\/li>\n<li data-section-id=\"1kheek7\" data-start=\"3577\" data-end=\"3619\">\n<p>Comunica\u00e7\u00e3o cont\u00ednua com servidores C2<\/p>\n<\/li>\n<\/ul>\n<p style=\"text-align: justify;\" data-start=\"3621\" data-end=\"3791\">Esse tipo de malware permite controle total do sistema comprometido, transformando m\u00e1quinas em pontos de apoio para ataques futuros.<\/p>\n<p data-start=\"3621\" data-end=\"3791\">\u00a0<\/p>\n<p style=\"text-align: justify;\" data-section-id=\"757nud\" data-start=\"3798\" data-end=\"3846\"><strong>Atribui\u00e7\u00e3o: Amea\u00e7a Persistente Avan\u00e7ada (APT)<\/strong><\/p>\n<p style=\"text-align: justify;\" data-start=\"3848\" data-end=\"3993\">A autoria foi atribu\u00edda ao grupo UNC1069, associado \u00e0 Coreia do Norte \u2014 um ator conhecido por opera\u00e7\u00f5es sofisticadas e financeiramente motivadas.<\/p>\n<p style=\"text-align: justify;\" data-start=\"3995\" data-end=\"4119\">Grupos desse perfil, como o Lazarus Group, s\u00e3o classificados como <strong data-start=\"4061\" data-end=\"4098\">APT (Advanced Persistent Threats)<\/strong>, caracterizados por:<\/p>\n<ul style=\"text-align: justify;\" data-start=\"4121\" data-end=\"4230\">\n<li data-section-id=\"1ttjlwh\" data-start=\"4121\" data-end=\"4150\">\n<p>Longo tempo de prepara\u00e7\u00e3o<\/p>\n<\/li>\n<li data-section-id=\"z3sy2f\" data-start=\"4151\" data-end=\"4173\">\n<p>Alto n\u00edvel t\u00e9cnico<\/p>\n<\/li>\n<li data-section-id=\"121lnvp\" data-start=\"4174\" data-end=\"4230\">\n<p>Objetivos estrat\u00e9gicos (financeiros ou geopol\u00edticos)<\/p>\n<\/li>\n<\/ul>\n<p style=\"text-align: justify;\" data-start=\"4232\" data-end=\"4332\">Esses grupos frequentemente utilizam engenharia social combinada com t\u00e9cnicas avan\u00e7adas de intrus\u00e3o.<\/p>\n<p data-start=\"4232\" data-end=\"4332\">\u00a0<\/p>\n<p style=\"text-align: justify;\" data-section-id=\"jkvbvh\" data-start=\"4339\" data-end=\"4376\"><strong>Impacto global e riscos sist\u00eamicos<\/strong><\/p>\n<p style=\"text-align: justify;\" data-start=\"4378\" data-end=\"4465\">Apesar da r\u00e1pida remo\u00e7\u00e3o das vers\u00f5es maliciosas, o impacto potencial foi significativo:<\/p>\n<ul style=\"text-align: justify;\" data-start=\"4467\" data-end=\"4650\">\n<li data-section-id=\"1afkx7p\" data-start=\"4467\" data-end=\"4509\">\n<p>Milh\u00f5es de downloads semanais do Axios<\/p>\n<\/li>\n<li data-section-id=\"hf4ovf\" data-start=\"4510\" data-end=\"4564\">\n<p>Poss\u00edvel comprometimento de ambientes corporativos<\/p>\n<\/li>\n<li data-section-id=\"5mxdq7\" data-start=\"4565\" data-end=\"4611\">\n<p>Risco de infiltra\u00e7\u00e3o em pipelines de CI\/CD<\/p>\n<\/li>\n<li data-section-id=\"1i48agv\" data-start=\"4612\" data-end=\"4650\">\n<p>Exposi\u00e7\u00e3o de credenciais sens\u00edveis<\/p>\n<\/li>\n<\/ul>\n<p style=\"text-align: justify;\" data-start=\"4652\" data-end=\"4778\">Ataques desse tipo demonstram que a confian\u00e7a em software open source pode ser explorada como vetor de ataque em larga escala.<\/p>\n<p data-start=\"4652\" data-end=\"4778\">\u00a0<\/p>\n<p style=\"text-align: justify;\" data-section-id=\"i27oj9\" data-start=\"4785\" data-end=\"4827\"><strong>Li\u00e7\u00f5es estrat\u00e9gicas para ciberseguran\u00e7a<\/strong><\/p>\n<p style=\"text-align: justify;\" data-start=\"4829\" data-end=\"4874\">Este incidente traz importantes aprendizados:<\/p>\n<p style=\"text-align: justify;\" data-section-id=\"1o4fj3q\" data-start=\"4876\" data-end=\"4923\"><strong>1. O fator humano \u00e9 o elo mais vulner\u00e1vel<\/strong><\/p>\n<p style=\"text-align: justify;\" data-start=\"4924\" data-end=\"5003\">Mesmo profissionais experientes podem ser enganados por ataques bem elaborados.<\/p>\n<p data-start=\"4924\" data-end=\"5003\">\u00a0<\/p>\n<p style=\"text-align: justify;\" data-section-id=\"m90ylt\" data-start=\"5005\" data-end=\"5047\"><strong>2. Seguran\u00e7a de identidade \u00e9 cr\u00edtica<\/strong><\/p>\n<p style=\"text-align: justify;\" data-start=\"5048\" data-end=\"5090\">Contas com privil\u00e9gios elevados devem ter:<\/p>\n<ul style=\"text-align: justify;\" data-start=\"5092\" data-end=\"5185\">\n<li data-section-id=\"7kmpx7\" data-start=\"5092\" data-end=\"5125\">\n<p>Autentica\u00e7\u00e3o multifator (MFA)<\/p>\n<\/li>\n<li data-section-id=\"i4tftj\" data-start=\"5126\" data-end=\"5152\">\n<p>Monitoramento cont\u00ednuo<\/p>\n<\/li>\n<li data-section-id=\"1cokk1v\" data-start=\"5153\" data-end=\"5185\">\n<p>Pol\u00edticas de acesso restrito<\/p>\n<\/li>\n<\/ul>\n<p>\u00a0<\/p>\n<p style=\"text-align: justify;\" data-section-id=\"1r6c3fa\" data-start=\"5187\" data-end=\"5235\"><strong>3. Verifica\u00e7\u00e3o de depend\u00eancias \u00e9 essencial<\/strong><\/p>\n<p style=\"text-align: justify;\" data-start=\"5236\" data-end=\"5253\">Ferramentas como:<\/p>\n<ul style=\"text-align: justify;\" data-start=\"5255\" data-end=\"5356\">\n<li data-section-id=\"174z4nx\" data-start=\"5255\" data-end=\"5294\">\n<p>SCA (Software Composition Analysis)<\/p>\n<\/li>\n<li data-section-id=\"bhnhow\" data-start=\"5295\" data-end=\"5323\">\n<p>Auditorias automatizadas<\/p>\n<\/li>\n<li data-section-id=\"rbjod3\" data-start=\"5324\" data-end=\"5356\">\n<p>Monitoramento de integridade<\/p>\n<\/li>\n<\/ul>\n<p style=\"text-align: justify;\" data-start=\"5358\" data-end=\"5397\">devem ser adotadas para reduzir riscos.<\/p>\n<p data-start=\"5358\" data-end=\"5397\">\u00a0<\/p>\n<p style=\"text-align: justify;\" data-section-id=\"ki7n8h\" data-start=\"5399\" data-end=\"5436\"><strong>4. Zero Trust deve ser aplicado<\/strong><\/p>\n<p style=\"text-align: justify;\" data-start=\"5437\" data-end=\"5536\">Nenhuma a\u00e7\u00e3o deve ser considerada confi\u00e1vel por padr\u00e3o, mesmo em ambientes aparentemente leg\u00edtimos.<\/p>\n<p data-start=\"5437\" data-end=\"5536\">\u00a0<\/p>\n<p style=\"text-align: justify;\" data-section-id=\"h85oci\" data-start=\"5543\" data-end=\"5555\"><strong>Conclus\u00e3o<\/strong><\/p>\n<p style=\"text-align: justify;\" data-start=\"5557\" data-end=\"5798\">O ataque ao Axios representa um marco na evolu\u00e7\u00e3o das amea\u00e7as cibern\u00e9ticas modernas. Ao comprometer apenas uma pessoa, os atacantes conseguiram explorar uma cadeia de confian\u00e7a que se estende por todo o ecossistema de desenvolvimento global.<\/p>\n<p style=\"text-align: justify;\" data-start=\"5800\" data-end=\"6006\">Esse incidente refor\u00e7a que a ciberseguran\u00e7a n\u00e3o depende apenas de tecnologias robustas, mas tamb\u00e9m da conscientiza\u00e7\u00e3o humana, da governan\u00e7a de acessos e da vigil\u00e2ncia cont\u00ednua sobre componentes de software.<\/p>\n<p style=\"text-align: justify;\" data-start=\"6008\" data-end=\"6181\">Em um mundo cada vez mais dependente de bibliotecas open source, proteger a cadeia de suprimentos digital deixou de ser uma op\u00e7\u00e3o e passou a ser uma necessidade estrat\u00e9gica.<\/p>\n<p data-start=\"6008\" data-end=\"6181\">\u00a0<\/p>\n<p style=\"text-align: justify;\" data-section-id=\"1bfeuhi\" data-start=\"6188\" data-end=\"6217\"><strong>Refer\u00eancias Bibliogr\u00e1ficas<\/strong><\/p>\n<ul data-start=\"6219\" data-end=\"6763\">\n<li data-section-id=\"11bpr88\" data-start=\"6219\" data-end=\"6498\"><strong>TecMundo.<\/strong> <em data-start=\"6232\" data-end=\"6312\">Hackers norte-coreanos atacaram apenas uma pessoa para comprometer Axios e NPM<\/em>. Dispon\u00edvel em: <a class=\"decorated-link\" href=\"https:\/\/www.tecmundo.com.br\/seguranca\/412184-hackers-norte-coreanos-atacaram-apenas-uma-pessoa-para-comprometer-axios-e-npm.htm\" target=\"_blank\" rel=\"noopener\" data-start=\"6331\" data-end=\"6458\">https:\/\/www.tecmundo.com.br\/seguranca\/412184-hackers-norte-coreanos-atacaram-apenas-uma-pessoa-para-comprometer-axios-e-npm.htm<\/a><\/li>\n<li data-section-id=\"cjdkxb\" data-start=\"6500\" data-end=\"6763\"><strong>Canaltech.<\/strong> <em data-start=\"6514\" data-end=\"6592\">Hackers norte-coreanos atacam biblioteca JavaScript com milh\u00f5es de downloads<\/em>. Dispon\u00edvel em: <a class=\"decorated-link\" href=\"https:\/\/canaltech.com.br\/seguranca\/hackers-norte-coreanos-atacam-biblioteca-javascript-com-milhoes-de-downloads\/\" target=\"_blank\" rel=\"noopener\" data-start=\"6611\" data-end=\"6723\">https:\/\/canaltech.com.br\/seguranca\/hackers-norte-coreanos-atacam-biblioteca-javascript-com-milhoes-de-downloads\/<\/a><\/li>\n<\/ul>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/section>\n\n\n","protected":false},"excerpt":{"rendered":"<p>Ataque de engenharia social e Supply Chain: Como hackers norte-coreanos comprometeram o Axios e o ecossistema NPM O cen\u00e1rio contempor\u00e2neo da ciberseguran\u00e7a tem demonstrado uma mudan\u00e7a significativa no vetor de ataques: a explora\u00e7\u00e3o do fator humano. Um exemplo recente e alarmante foi o comprometimento da biblioteca JavaScript Axios \u2014 amplamente utilizada no desenvolvimento moderno \u2014 [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":24108,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[89,100,21,105],"tags":[],"class_list":["post-24106","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-basico","category-diversos","category-exploits","category-noticias"],"_links":{"self":[{"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/posts\/24106","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/comments?post=24106"}],"version-history":[{"count":2,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/posts\/24106\/revisions"}],"predecessor-version":[{"id":24110,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/posts\/24106\/revisions\/24110"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/media\/24108"}],"wp:attachment":[{"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/media?parent=24106"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/categories?post=24106"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ethicalhacker.com.br\/site\/wp-json\/wp\/v2\/tags?post=24106"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}