%term

Poisoned Axios: npm Account Takeover, 50 Million Downloads, and a RAT That Vanishes After Install

Mar 31, 2026 By Tom Abai In Mend

On March 30-31, 2026, threat actors published two malicious versions of the popular HTTP library axios (versions 1.14.1 and 0.30.4) to the npm registry. Both versions included a new dependency named plain-crypto-js which, in its 4.2.1 release, contained a fully-featured cross-platform dropper that silently installed a Remote Access Trojan (RAT) on developer machines.

Read Post

Mend

Read more about Poisoned Axios: npm Account Takeover, 50 Million Downloads, and a RAT That Vanishes After Install

Introducing Programmable Flow Protection: custom DDoS mitigation logic for Magic Transit customers

Mar 31, 2026 By Anita Tenjarla In Cloudflare

We're proud to introduce Programmable Flow Protection: a system designed to let Magic Transit customers implement their own custom DDoS mitigation logic and deploy it across Cloudflare’s global network. This enables precise, stateful mitigation for custom and proprietary protocols built on UDP. It is engineered to provide the highest possible level of customization and flexibility to mitigate DDoS attacks of any scale.

Read Post

Cloudflare

Read more about Introducing Programmable Flow Protection: custom DDoS mitigation logic for Magic Transit customers

Supply Chain Attack Impacts Widely Used Axios npm Package

Mar 31, 2026 By Andres Ramos In Arctic Wolf

The widely used Axios npm package, a JavaScript library that enables applications to make HTTP/S requests and is included as a dependency in millions of applications, was compromised in a supply chain attack on March 31, 2026 (UTC).

Read Post

Arctic Wolf

Read more about Supply Chain Attack Impacts Widely Used Axios npm Package

From Shai-Hulud to LiteLLM: Supply Chain Attackers Are Coming for Your Agents

Mar 30, 2026 By Yuval Fernbach In JFrog

The LiteLLM supply chain compromise of March 24, 2026, is not an isolated incident. It is the latest and perhaps most dangerous chapter in an evolving attacker playbook that JFrog Security Research has been tracking for years. The target has shifted from developers to the AI agents that developers now rely on to build software.

Read Post

JFrog

Read more about From Shai-Hulud to LiteLLM: Supply Chain Attackers Are Coming for Your Agents

Famous Telnyx Pypi Package compromised by TeamPCP

Mar 27, 2026 By Tom Abai In Mend

Part 1 covered CanisterWorm, the self-spreading npm worm. Part 2 covered the malicious LiteLLM package and its.pth persistence. This post covers the third wave: a compromised telnyxPyPI package that hides its payload inside audio files and delivers entirely different malware depending on the victim’s operating system.

Read Post

Mend

Read more about Famous Telnyx Pypi Package compromised by TeamPCP

The Team PCP Snowball Effect: A Quantitative Analysis

Mar 27, 2026 By Gaetan Ferry In GitGuardian

Supply chain attacks cascade through ecosystems in ways traditional metrics hardly capture. GitGuardian evaluates the PCP Team incidents and finds damage spread to thousands of public targets.

Read Post

GitGuardian

Read more about The Team PCP Snowball Effect: A Quantitative Analysis

What the Stryker Cyber Incident Reveals About Todays Risk, Visibility, and Hardening

Mar 27, 2026 By Liz Sujka In Sedara

In March 2026, Stryker Corporation experienced a global cyber incident that disrupted operations across its environment. Manufacturing slowed, internal systems went offline, and employees were instructed to disconnect devices. At first glance, it looked like another large-scale cyberattack. It wasn’t. This incident exposed a much more important reality about modern cybersecurity risk: organizations are no longer being breached in traditional ways.

Read Post

Sedara

Read more about What the Stryker Cyber Incident Reveals About Todays Risk, Visibility, and Hardening

What is a zero-day attack and how can you defend against one?

Mar 27, 2026 By Acronis In Acronis

Zero-day vulnerability: A security flaw in software, hardware, or firmware that is unknown to the vendor responsible for fixing it. Because no patch exists, the flaw is exploitable from the moment it is discovered by an attacker. Zero-day exploit: The specific technique, code, or method an attacker uses to take advantage of a zero-day vulnerability. A single vulnerability may have multiple exploits.

Read Post

Acronis

Read more about What is a zero-day attack and how can you defend against one?

Why Every Industry Now Needs Cybersecurity Leaders

Mar 27, 2026 By SecuritySenses In SecuritySenses

Cyberattacks are no longer rare events that only affect large tech firms. Many businesses today face constant attempts to access their systems, steal data, or disrupt operations. Even in growing cities like Wilmington, NC, where small businesses, startups, and universities are expanding their digital presence, this risk is becoming part of everyday business reality. Many organizations still rely only on technical teams to handle security, but that approach often falls short. Decisions about risk, spending, and response need leadership involvement.

Read Post

SecuritySenses

Read more about Why Every Industry Now Needs Cybersecurity Leaders

The NotPetya attack: What it teaches us about cyber survival

Mar 25, 2026 By Sharon Natasha Francis In ManageEngine

In June 2017, the world witnessed one of the most destructive cyberattacks in history: the NotPetya attack. Unlike traditional ransomware, NotPetya was a wiper. Once it infected a system, recovery was impossible. The ransom demand was a ruse because no decryption keys were ever made available. The true intent of the attackers was to cause disruption and damage. Nearly a decade later, NotPetya is considered a turning point in how organizations approach backup and recovery. The threat has only grown.

Read Post