+1 CPE

State of Cybercrime:

The Axios Supply Chain Attack

Wednesday, April 08, 2026 12 p.m. ET | 5 p.m. BST Matt Radolec, David Gibson

The Axios supply chain attack proves attackers don’t need vulnerabilities if they can hit the assembly line. By compromising a single npm maintainer account, they were able to slip a trojan into Axios updates that executed automatically inside developer machines and CI/CD pipelines long before security tools could intervene.

On this episode of State of Cybercrime, Matt and David examine how the Axios incident marks a shift toward supply chain abuse and what Google’s attribution to a North Korean-linked group reveals about the blurred lines between developer infrastructure, cybercrime, and geopolitics.
Your seat is saved!
You’ll receive a confirmation email from Zoom shortly. Contact us if you do not receive it within 24 hours.

Add to calendar (.ics)

About the series

In today's digital landscape, no industry is safe from cybercrime. Hackers continue to exploit vulnerabilities across sectors, leading to highly destructive breaches.

Our State of Cybercrime series sheds light on the latest high-profile attacks while providing actionable insights across every industry.

This episode's segments include...

  • Is there any good news?
  • AI Vey — because we can't not talk about AI
  • The latest Vulnerable Vulnerabilities 
  • The highway to the Danger Zone
  • Live Q&A

Show hosts:

Headshot_MattRadolec_Square_202007-(3)

Matt Radolec

VP of Incident Response, Cloud Operations & SE, Varonis

david-gibson

David Gibson

Senior VP of Strategic Programs, Varonis

ABOUT STATE OF CYBERCRIME

Watch Matt Radolec and David Gibson as they review the latest cybersecurity news and show you what you can do to mitigate risk.

The LockBit Bluff | Episode 25

Snowflake Security Check | Episode 24

Inside China's APT Network | Episode 23

TRY VARONIS FOR FREE.

We’d love to show you around, answer your questions, and help you see if Varonis is right for you.
Show me around!