The same threat actor that compromised Axios published three additional NPM packages within 18 hours. Unfortunately, these packages are still alive on NPM and compromising victims.