The National Cybersecurity Notification Center has been closely monitoring and has discovered a recent, concentrated outbreak of multiple supply chain poisoning attacks. These attacks have targeted several key components, including the API development tool Apifox, the Python development library LiteLLM, and the JavaScript HTTP library Axios. They span two critical scenarios: open-source software repositories and commercial tools. Notably, the Axios poisoning incident, given its widespread use in numerous AI applications and plugin ecosystems, has led to risks cascading down to end-users through dependency chains.

The three incidents share several common characteristics: they are highly concealed, have a broad impact, are severe in nature, and propagate rapidly. These factors potentially lead to serious consequences, such as credential theft, remote code execution, and sensitive data leakage. A risk analysis indicates that attackers are focusing on development and operations personnel who possess high privileges. They exploit concealed attack paths that are easily disseminated, resulting in amplified harm and making detection and blocking efforts more challenging.

To enhance security precautions, it is recommended that development and operations users take the following measures: Firstly, verify installation sources by downloading tools exclusively from official channels and exercising caution when dealing with third-party resources. Secondly, strengthen development environment management by establishing independent environments for different projects to prevent direct exposure to the internet. Thirdly, reinforce risk prevention and response by promptly paying attention to security bulletins and warning information, and implementing measures such as installing patches and upgrading versions to mitigate hazards.