03 Apr 2026

Axios NPM Supply Chain Compromise: Malicious Packages Deliver Remote Access Trojan - PDF-XChange Unaffected

Security Bulletin Apr 3,  2026

On March 31, 2026, attackers compromised the official Axios package on the Node Package Manager (npm) registry. Axios is one of the most widely used open-source libraries for making web requests, with over 100 million downloads per week. It is embedded in web applications, mobile apps, backend services, and automated build pipelines across virtually every industry.
https://www.sans.org/blog/axios-npm-supply-chain-compromise-malicious-packages-remote-access-trojan

PDF-XChange uses Axios libraries on our website but we'd not yet approved or implemented the release that was compromised. 

We have thoroughly reviewed our servers and no malware was detected as expected, and our systems are unaffected in any way.

Best regards,
PDF-XChange Co.
Security Team
 

Back to all News, Press & Events
We serve cookies.

Cookies are necessary in order to enable you to move around the website and use its features, including making purchases through our online store.
We need cookies in order to determine the number of unique users who visit the site, and to provide certain features, such as the login functionality.
We do not use cookies for advertising purposes.
By clicking Accept (or continuing to use the site) you are agreeing to our use of these tools. Learn More

Need more information? Get in touch.

You can contact us by phone, email or our social media accounts — we are here to assist you.

Contact Us