The Axios supply chain attack used individually targeted social engineering (simonwillison.net)

Axios’s postmortem says the recent supply-chain incident was enabled by a tailored social-engineering campaign aimed at a specific maintainer. The attackers impersonated a cloned founder identity, drew the target into a realistic Slack and Teams setup, claimed the target’s system or Teams was outdated, and used a remote access trojan to steal credentials for publishing the malicious dependency.