Axios hack tied to North Korea followed weeks of contact

April 7, 2026

Summary

Maintainer Jason Saayman said suspected North Korean hackers spent weeks building trust before compromising Axios on March 31.

Why this matters

The breach showed how social engineering against a single open-source maintainer can put widely used software and downstream systems at risk. It also highlighted how cyber operations tied to North Korea can have broad effects beyond their initial target.

A cyberattack that briefly compromised the widely used open-source project Axios on March 31 followed weeks of contact with one of its maintainers, according to an analysis from project maintainer Jason Saayman.

Saayman said the suspected North Korean hackers began targeting him about two weeks before they gained control of his computer and published malicious code to the project.

According to Saayman, the attackers posed as a real company, created a realistic Slack workspace, and used fake employee profiles to build credibility. He said they later invited him to a web meeting that prompted him to download malware disguised as an update needed to join the call.

Saayman said the tactic resembled methods previously linked to North Korean hackers by Google security researchers, including attacks used to gain remote access and steal cryptocurrency.

After gaining remote access to Saayman’s computer, the attackers published two malicious Axios packages, he said. The packages were removed about three hours after they were first published on March 31, but they may have infected thousands of systems during that time. The full scope of the incident was not yet clear.

Systems that installed a malicious version of the software may have exposed private keys, credentials, and passwords, potentially leading to additional breaches.

The incident underscored the risks facing maintainers of widely used open-source software, which can serve as entry points to large numbers of devices and networks.

North Korean hackers remain one of the most active cyber threats online and were blamed for stealing at least $2 billion in cryptocurrency in 2025 alone.

North Korea remains under international sanctions over its nuclear weapons program and outside the global financial network. The country has long been accused of using cyberattacks and cryptocurrency theft to generate revenue.

More top news

Tech & Artificial Intelligence

Toyota, truck makers expand hydrogen fuel-cell push

Hydrogen’s future in trucking still depended on refueling availability. Europe was investing in that network, with plans for significant expansion by 2030.

Full story +

Toyota Motor Corp. planned to join Daimler Truck and Volvo Group as equal partners in Cellcentric, a venture focused on fuel-cell systems for heavy-duty trucks and industrial vehicles.

The companies said the partnership aimed to improve hydrogen systems, scale production, and support zero-emissions trucking. Their move reflected a broader strategy in which automakers pursued multiple low-emissions technologies rather than relying only on battery-powered vehicles.

Battery-electric vehicles remained a major focus for passenger cars and shorter truck routes. For long-haul freight, however, heavier batteries can reduce payload capacity, and charging can take longer than refueling. Fuel-cell trucks offered a different trade-off, with faster refueling and longer range without very large battery packs.

Toyota had invested in hydrogen technology since the early 1990s. It launched the Toyota Mirai in 2014 as one of the first mass-produced hydrogen cars, but sales remained limited, largely because hydrogen refueling stations were scarce. In the United States, regular use was largely limited to California.

Toyota continued developing hydrogen applications in commercial vehicles, including testing heavy-duty trucks in Europe and integrating fuel-cell systems into truck platforms.

The Cellcentric alliance combined Toyota’s fuel-cell research and manufacturing experience with Daimler Truck’s commercial vehicle and logistics expertise and Volvo Group’s global scale. The companies sought to share costs, speed development, and benefit from expected hydrogen infrastructure growth.
Science

NASA chief says U.S. is back in moon race with China

China has said it aims to land astronauts on the moon by 2030.

Full story +

NASA Administrator Jared Isaacman said Saturday that the U.S. was on track to return astronauts to the moon and build a long-term presence there as part of the Artemis program.

“We are absolutely on an achievable path now,” Isaacman said.

In an interview on “Saturday in America,” Isaacman credited President Donald Trump with backing the current lunar effort during his first term.

“There is no question… President Trump gave us the Artemis program that’s currently underway right now during his first term… he gave us the resources to actually execute on an achievable plan through the Working Family Tax Cut Act and the mandate not just to go back to the moon with the national space policy, but to go back, to stay, to build the moon base,” he said.

Isaacman said Trump had also told him that NASA should “figure out what we need to do to go to Mars.”

“That’s exactly why you build the moon base to master the skills that we can send American astronauts to plant the Stars and Stripes on Mars someday,” he added.

Isaacman said NASA was “getting underway building the moon base essentially right now” and that the public would be able to follow progress as early as 2027, when the agency planned a near-monthly cadence of robotic missions to the moon’s South Pole.

He said those missions would support a sustained U.S. presence beyond Earth and help prepare for future Mars missions.

“[We’re going to be] test[ing] out mobility, crewed mobility, uncrewed mobility, power, navigation and the In-Situ resource manufacturing, which is going be paramount for future missions to Mars,” he said.
Middle East

Israel says it found Hezbollah arms in Lebanon hospital

Images shared with multiple media outlets showed weapons, ammunition, and explosives that Israel said were found in a hospital there.

Full story +

Israeli forces said they found a Hezbollah weapons cache inside a hospital in Lebanon over the weekend.

The Israel Defense Forces said it carried out the operation in the municipality of Bint Jbeil. Images shared with multiple media outlets showed weapons, ammunition, and explosives that Israel said were found in a hospital there.

The military said it killed about 20 militants inside the hospital compound after detecting Hezbollah surveillance activity and receiving fire from a hospital window.

“The Hezbollah terrorist organization systematically and repeatedly used the hospital compound and its immediate surroundings for military purposes, constituting a serious violation of international law,” the Israel Defense Forces said in a statement.

“The IDF operates in accordance with international law, and clarified prior to the operation to the relevant Lebanese authorities that all military activity within hospitals in Lebanon must cease, and disseminated these warnings through various channels. Despite this, Hezbollah continued to use the hospital for military activity,” the military said.
US Politics

Appeals court lets White House ballroom work continue

Government lawyers said the project included security measures meant to protect against threats including drones, ballistic missiles, and biohazards, and argued that delaying construction “would imperil the president and others who live and work in the White House.”

Full story +

A federal appeals court said Saturday that construction on President Donald Trump’s planned $400 million White House ballroom could continue until Friday, April 17, while a lower-court judge reconsidered whether his order properly accounted for the administration’s security concerns.

A three-judge panel of the U.S. Court of Appeals for the District of Columbia Circuit instructed U.S. District Judge Richard Leon to clarify whether, and how, his injunction interfered with the administration’s claims about safety and security.

Government lawyers said the project included security measures meant to protect against threats including drones, ballistic missiles, and biohazards, and argued that delaying construction “would imperil the president and others who live and work in the White House.” Trump also said the U.S. military was installing a “heavily fortified” facility beneath the ballroom, including bomb shelters and a medical facility.

The National Trust for Historic Preservation sued in December, a week after the White House completed demolition of the East Wing for the planned 90,000-square-foot ballroom. The group said Trump exceeded his authority by demolishing the East Wing, which was built in 1902 during President Theodore Roosevelt’s administration and expanded in 1942, and argued that congressional authorization was required.

Trump said presidents have historically had authority over White House remodeling and noted that Congress did not have to pay for the privately funded ballroom. Public money, however, is paying for underground bunkers and other security upgrades.

Leon issued an injunction March 31 halting ballroom construction, but paused it to allow an appeal. He exempted work needed to ensure White House safety and security, and said he reviewed materials submitted privately by the government before concluding that a halt would not jeopardize national security.

In its ruling, the appeals court said it could not determine “on this hurried record” whether Leon’s exception for work “necessary for safety and security” addressed the administration’s claims of irreparable harm. The panel said the White House had earlier argued that below-ground security work was distinct from ballroom construction and could move forward independently, but was now arguing the work was “inseparable” from the project.
\top\

U.S., Iran talks end without agreement; Trump orders Hormuz blockade

Trump said the U.S. military would begin removing mines that he said Iran had laid in the strait. He also said the Navy would “seek and interdict every vessel in International Waters that has paid a toll to Iran.”

Full story +

The United States and Iran ended direct talks Sunday without an agreement, leaving a two-week ceasefire set to expire April 22 in doubt.

President Donald Trump and U.S. officials said the talks, which lasted roughly 20 hours, reached agreement on most issues but broke down over what they described as Iran’s refusal to commit to abandoning a path to a nuclear weapon. Iranian officials blamed the United States for the breakdown, but did not specify the sticking points. Neither side said what would happen after the ceasefire expires. Pakistani mediators urged all parties to maintain it.

“There is only one thing that matters — IRAN IS UNWILLING TO GIVE UP ITS NUCLEAR AMBITIONS!” Trump wrote. “As I have always said, right from the beginning, and many years ago, IRAN WILL NEVER HAVE A NUCLEAR WEAPON!”

Iranian Parliament Speaker Mohammad Bagher Qalibaf, who led Iran’s delegation, said on X that Iran entered the talks in “good faith,” but that the U.S. “failed to gain the trust of the Iranian delegation in this round of negotiations.” He added: “America has understood our logic and principles, and now it’s time for it to decide whether it can earn our trust or not.”

Tehran has long said its nuclear program is for civilian purposes. Iran signed the 2015 nuclear deal, which limited its enrichment activities in exchange for sanctions relief, before the U.S. withdrew during Trump’s first term.

After talks broke down, Trump announced that the U.S. would blockade the Strait of Hormuz.

“Effective immediately, the United States Navy, the Finest in the World, will begin the process of BLOCKADING any and all Ships trying to enter, or leave, the Strait of Hormuz,” Trump wrote in posts on Truth Social.

Trump said the U.S. military would begin removing mines that he said Iran had laid in the strait. He also said the Navy would “seek and interdict every vessel in International Waters that has paid a toll to Iran.”

The Strait of Hormuz is a key global oil chokepoint. About 20% of the world’s oil and liquefied natural gas supplies pass through the waterway off Iran’s southern coast each day. The war has already pushed energy prices higher and raised concern about fuel supplies in Europe, Asia, and elsewhere. European airports warned last week that a “systemic jet fuel shortage” could hit within three weeks if the strait remained closed.

Trump said he had been briefed by Vice President JD Vance, special envoy Steve Witkoff, and Jared Kushner on the Islamabad talks, which Pakistani Prime Minister Shehbaz Sharif and Army Chief Asim Munir facilitated.

“We need to see an affirmative commitment that they will not seek a nuclear weapon, and they will not seek the tools that would enable them to quickly achieve a nuclear weapon,” Vance said after the talks.
US

Multiple injured in shooting at New Jersey Chick-fil-A

A man who said his girlfriend works at the restaurant told CBS New York that she said a group of men entered the store, went behind the counter, and allegedly fired multiple shots.

Full story +

Police investigated a shooting at a Chick-fil-A in Union, New Jersey, that left multiple people injured Saturday evening, according to reports.

The shooting took place at the restaurant on Route 22 near Gelb Avenue. Officers responded to a reported shooting shortly after 8:45 p.m.

It was not immediately clear how many people were shot or the extent of their injuries. RLS Media reported that at least six people were shot.

“This is an active and ongoing investigation,” a spokesperson for the Union County Prosecutor’s Office told NJ.com. “More information will be released as it becomes available.”
US

CFTC wins pause in Arizona case against Kalshi

A temporary restraining order halted Arizona’s criminal case against prediction market Kalshi, the CFTC said Friday.

Full story +

Arizona Attorney General Kris Mayes’ criminal case against prediction market Kalshi was temporarily halted after the Commodity Futures Trading Commission said Friday that it won a temporary restraining order blocking the state from pursuing the case.

Arizona charged Kalshi with operating an illegal gambling business in the state without a license.

The restraining order was announced days after a federal judge allowed Arizona’s case to move forward, according to Bloomberg.

“Arizona’s decision to weaponize state criminal law against companies that comply with federal law sets a dangerous precedent, and the court’s order today sends a clear message that intimidation is not an acceptable tactic to circumvent federal law,” Commodity Futures Trading Commission Chairman Michael S. Selig said in a statement.

The commission typically has five commissioners, but Selig is currently its only member after his confirmation in December and the departure of former acting Chairman Caroline Pham, who left to join crypto company MoonPay.

The Commodity Futures Trading Commission also filed suits seeking to stop similar cases in Connecticut and Illinois.
Virginia

Spanberger signs Virginia public safety bills

Spanberger still has until April 13 to act on assault-style weapons bills and hundreds of other measures. She could sign them, seek amendments, or veto them.

Full story +

Gov. Abigail Spanberger signed a package of public safety bills Friday, including measures on firearms, support for first responders, and victim protections.

“Whether you’re a first responder or a survivor seeking justice, these laws reflect a simple commitment: The Commonwealth of Virginia will always have your back,” she said in a statement.

Some of the measures had bipartisan support, and some had previously been vetoed by former Gov. Glenn Youngkin, a Republican.

Among the firearm measures, House Bill 19 by Del. Adele McClure, D-Alexandria, and Senate Bill 160 by Sen. Russet Perry, D-Loudoun, barred intimate partners convicted of domestic violence from obtaining or possessing firearms. HB93 by Del. Elizabeth Bennett-Parker, D-Alexandria, and SB38 by Sen. Barbara Favola, D-Arlington, set age and residence requirements for people who may receive firearms transferred from people under protective orders or convicted of misdemeanor domestic violence crimes.

Spanberger also signed “ghost gun” bills by Del. Marcus Simon, D-Fairfax, and Sen. Adam Ebbin, D-Alexandria, banning the manufacture, sale, and possession of untraceable firearms without serial numbers. HB21 by Del. Dan Helmer, D-Fairfax, and SB27 by Sen. Jennifer Carroll Foy, D-Prince William, allowed firearm manufacturers and dealers to face liability when negligent business practices contribute to gun violence.

Other signed bills included HB1313 by Del. Katrina Callsen, D-Charlottesville, expanding workers’ compensation for law enforcement officers and firefighters with post-traumatic stress disorder, and HB248 by Del. Vivian Watts, D-Fairfax, and SB317 by Perry, allowing professionals from multiple agencies to jointly respond to behavioral health calls.

Spanberger also signed SB100 by Sen. Bill Stanley, R-Franklin, protecting volunteer emergency responders from workplace retaliation, and HB1300 by Del. Mitchell Cornett, R-Grayson, and SB86 by Stanley, allowing an immediate survivor of a State Police officer to buy the officer’s service handgun for $1.

She also approved bills strengthening cyberstalking penalties, revoking teaching licenses for convicted sex offenders, restricting sex offenders’ access to children in certain settings, updating driver education to emphasize speeding and reckless driving, expanding extortion and nonconsensual-image offenses, increasing penalties for showing obscene material to young children, funding prosecution and victim services in sexual and domestic violence cases, adding human trafficking information to interstate rest area signs, and requiring localities to have automated external defibrillators at sporting events and facilities.
Business

IBM to pay $17 million in U.S. DEI settlement

Last year, the Trump administration moved to restrict diversity, equity, and inclusion practices in the public and private sectors, including federal hiring and contracting. Four days into President Donald Trump’s second term, federal agencies were directed to terminate all diversity, equity, and inclusion offices and positions.

Full story +

IBM reached a settlement with the federal government Friday, agreeing to pay about $17 million to resolve allegations tied to diversity, equity, and inclusion practices.

The Justice Department alleged that the New York-based technology company “knowingly” made “false claims” about its hiring and employment practices in federal contracts, according to the settlement. IBM allegedly identified “diverse” candidates for hiring or promotion while developing race- and sex-based demographic goals.

IBM denied it had discriminatory or illegal diversity, equity, and inclusion practices. The settlement said the agreement was “neither an admission of liability by IBM nor a concession by the United States that its claims are not well founded.”

“IBM is pleased to have resolved this matter,” an IBM spokesperson told CNN in an email. “Our workforce strategy is driven by a single principle: having the right people with the right skills that our clients depend on.”

The Justice Department said in May 2025 that it began using the False Claims Act to challenge diversity initiatives at colleges and alleged that IBM, as a contractor, violated the law by maintaining “practices that the United States contends were discriminatory employment practices,” according to Friday’s announcement.

“Racial discrimination is illegal, and government contractors cannot evade the law by repackaging it as DEI,” Blanche said in Friday’s press release. “The Department launched the Civil Rights Fraud Initiative to root out this misconduct, hold offenders accountable, and end this practice for good.”

The False Claims Act dates to the Civil War era and allows the government to recover up to three times its damages, plus penalties, according to the Justice Department. The law also allows private citizens to sue on the government’s behalf and keep a share of any recovery.
Middle East

Israel rules out Hezbollah ceasefire in Lebanon talks

Israel has carried out repeated strikes since a ceasefire began in November 2024, and it has been violated hundreds of times. Lebanese authorities said nearly 2,000 people had been killed in recent weeks, including more than 350 on Wednesday alone.

Full story +

Israel said it would not discuss a ceasefire with Hezbollah when Israeli and Lebanese officials meet at the State Department on Tuesday, even as Israeli strikes in Lebanon continued.

Israeli and Lebanese ambassadors held late-night talks Friday to finalize arrangements for the meeting in Washington.

Israel’s ambassador, Yechiel Leiter, said the session would begin formal negotiations with the Lebanese government despite the lack of diplomatic relations between the countries.

“Israel agreed to begin formal peace negotiations” with Lebanon, he said.

He said Hezbollah would not be part of the talks.

“Israel refused to discuss a ceasefire with the Hezbollah terrorist organisation, which continues to attack Israel and is the main obstacle to peace between the two countries,” he added.

The diplomatic effort came as Israeli strikes continued across Lebanon. Lebanon’s National News Agency reported that three people were killed Saturday when an airstrike destroyed a residential building in Mayfadoun in Nabatieh district.

Trump said he had asked Israeli Prime Minister Benjamin Netanyahu to scale back the bombardment, warning that continued strikes could undermine the ceasefire between the United States and Iran. Talks between U.S. and Iranian representatives were set to begin in Pakistan on Saturday.

Tehran said the two-week pause in hostilities agreed earlier in the week with Washington included an end to fighting between Israel and Hezbollah. Israel rejected that interpretation and continued its military campaign, including a large assault Wednesday that killed and wounded more than 1,000 people.