What is verified so far The attack chain began with social engineering. Attackers contacted an Axios npm maintainer and persuaded them to install what appeared to be a fix for a Teams error, which, ...