← Back to Blog
Research 9 min read March 31, 2026

Axios npm Supply Chain Attack Drops Cross-Platform RAT on 83M Weekly Downloads, Silver Fox Deploys AtlasCross RAT via Fake VPN Installers, AI Agent Risk Taxonomy for CISOs, Dutch Finance Ministry Breach Takes Treasury Offline, Uranium Finance Hacker Charged for $53M Theft

Hackers compromise the Axios npm maintainer account to deliver platform-specific RATs to millions of JavaScript projects. Silver Fox APT launches AtlasCross RAT through typosquatted domains impersonating Surfshark, Signal, and Zoom. A new AI agent risk framework categorizes enterprise agents by access and autonomy. The Dutch Finance Ministry takes its treasury banking portal offline after a breach. A Maryland man is charged with stealing $53 million from the Uranium Finance crypto exchange.


1. Axios npm Supply Chain Attack — Cross-Platform RAT Hits 83 Million Weekly Downloads

⚠ CRITICAL — Active Supply Chain Compromise

Two malicious versions of the Axios npm package (1.14.1 and 0.30.4) were published on March 31, 2026 using compromised maintainer credentials. Immediate action required: downgrade to 1.14.0 or 0.30.3 and rotate all secrets.

In one of the most impactful supply chain attacks of 2026, hackers compromised the npm account of Jason Saayman, the primary maintainer of the Axios HTTP client library, and published two malicious versions that inject a cross-platform remote access trojan (RAT) targeting Windows, macOS, and Linux systems.

Axios is one of the most widely used packages in the JavaScript ecosystem with over 83 million weekly downloads and more than 400 million monthly downloads. The attack was carefully staged:

The malware delivers platform-specific payloads from the C2 server:

According to StepSecurity, Endor Labs, Socket, and Aikido, this was "not opportunistic" — the staging, multi-platform targeting, and forensic evasion indicate a sophisticated, premeditated attack. The npm account's email was changed to a Proton Mail address under attacker control.

KENSAI Perspective

This attack demonstrates why supply chain security can't be an afterthought. KENSAI's continuous dependency monitoring detects anomalous package updates — new dependencies, changed maintainers, and suspicious post-install scripts — before they reach production.


2. Silver Fox Deploys AtlasCross RAT — Typosquatting Campaign Targets VPN and Messaging Users

The Chinese cybercrime group Silver Fox (also tracked as SwimSnake, Valley Thief, UTG-Q-1000, Void Arachne) has expanded its campaign with a previously undocumented RAT named AtlasCross, distributed through 11 confirmed typosquatted domains impersonating popular software brands.

The fake domains target Chinese-speaking users and impersonate:

DomainImpersonated BrandCategory
www-surfshark.comSurfshark VPNVPN
signal-signal.comSignalEncrypted Messaging
telegrtam.com.cnTelegramEncrypted Messaging
app-zoom.comZoomVideo Conferencing
www-teams.comMicrosoft TeamsVideo Conferencing
trezor-trezor.comTrezorCrypto Wallet
quickq-quickq.comQuickQ VPNVPN

AtlasCross RAT represents a significant capability upgrade from Silver Fox's previous tools (ValleyRAT, Gh0st RAT derivatives):

KENSAI Perspective

Typosquatting attacks targeting security-conscious users seeking VPNs and encrypted messengers is particularly insidious. KENSAI's domain monitoring and phishing detection capabilities help organizations identify and block typosquatted domains before employees fall victim.


3. AI Agent Risk Taxonomy — Framework for CISOs to Categorize and Prioritize

Key Insight: AI agent risk scales with two factors: access (what systems it can reach) and autonomy (how independently it acts). CISOs should prioritize security based on this matrix.

As enterprises move beyond chatbots to autonomous AI agents that reason, plan, and act across systems, a new risk taxonomy has emerged that categorizes agents into three tiers:

Tier 1: Agentic Chatbots (Low-Medium Risk)

Operate inside managed platforms for internal support, HR, and customer service. Limited autonomy but risk comes from overly permissive API connectors and embedded credentials that create privileged gateways to critical resources.

Tier 2: Local Agents (Medium-High Risk — Fastest Growing)

Run on employee endpoints, integrating with development environments, terminals, and productivity tools. They inherit user permissions and can access GitHub, Slack, internal APIs, and cloud environments — often without centralized identity governance. Security teams frequently have zero visibility into what these agents can access.

Tier 3: Production Agents (Critical Risk)

Autonomous agents operating in production environments with direct access to business-critical services, infrastructure, and customer data. These require the highest security scrutiny — dedicated service identities, audit trails, and continuous monitoring.

The framework emphasizes that the biggest governance gap is in Tier 2 (local agents), where rapid adoption outpaces security controls. Employees are connecting AI agents to enterprise systems via personal credentials with no centralized oversight.

KENSAI Perspective

This taxonomy aligns with what we see in the field. Organizations deploying AI agents need the same rigor they apply to microservices: dedicated identities, least-privilege access, and continuous security testing. KENSAI identifies exposed APIs, misconfigured credentials, and unsanctioned agent access paths across your infrastructure.


4. Dutch Finance Ministry Takes Treasury Banking Portal Offline After Breach

🔶 HIGH — Government Financial Infrastructure Compromised

The Dutch Ministry of Finance has taken its digital treasury banking portal and related systems offline while investigating a cyberattack detected two weeks ago.

The Dutch Ministry of Finance confirmed it has taken several systems offline, including its digital portal for treasury banking, following the detection of a cyberattack approximately two weeks prior to the March 31 disclosure.

Key details:

This incident follows the broader pattern of European government institutions being targeted in 2026, including the EU Commission breach disclosed earlier this week where 350GB of data was reportedly stolen by ShinyHunters. The Netherlands has been particularly active in cyber defense — Dutch police recently made high-profile arrests in other cybercrime investigations.

KENSAI Perspective

Government financial portals face nation-state-grade threats. The two-week gap between detection and disclosure highlights the complexity of forensic investigation in these environments. KENSAI's continuous monitoring reduces detection-to-response time by flagging anomalous access patterns in real-time.


5. Uranium Finance Hacker Charged With $53 Million Cryptocurrency Theft

U.S. prosecutors have charged a Maryland man with stealing more than $53 million after hacking the Uranium Finance decentralized cryptocurrency exchange — not once, but twice — and laundering the proceeds through a cryptocurrency mixer.

Key details from the indictment:

The case is significant as it demonstrates U.S. law enforcement's increasing capability to de-anonymize cryptocurrency transactions and trace funds through mixing services. DeFi protocol exploits remain one of the most lucrative attack vectors in 2026, with billions lost to smart contract vulnerabilities across the ecosystem.

KENSAI Perspective

Smart contract vulnerabilities remain the Achilles' heel of DeFi. While traditional web application security has matured, blockchain application security is still catching up. KENSAI's application security testing extends to API endpoints and web interfaces that interact with blockchain protocols, identifying vulnerabilities before they become $53M incidents.


Research Summary

StoryCategoryImpactAction
Axios npm Supply Chain AttackSupply Chain83M+ weekly downloads exposedDowngrade immediately, rotate secrets
Silver Fox AtlasCross RATAPT / Malware11 typosquatted domains activeBlock domains, monitor for IOCs
AI Agent Risk TaxonomyGovernanceEnterprise-wideAudit local agent access and credentials
Dutch Finance Ministry BreachGovernmentTreasury portal offlineReview financial system access controls
Uranium Finance $53M HackDeFi / Crypto$53M stolenAudit smart contract interactions

Supply Chain Attacks Are Accelerating. Is Your Stack Protected?

KENSAI continuously monitors your dependencies and infrastructure against supply chain threats, typosquatting, and emerging attack vectors.

Start Your Free Security Scan →

Published by KENSAI Research · March 31, 2026

Related Articles

البرلمان الأوروبي يبسط قانون الذكاء الاصطناعي، يرفض فحص CSAM، فجوات NIS2، قواعد CVE Smart Slider WordPress touche 500K sites, TP-Link & Cisco IOS corrigent des CISA: Langflow CVE-2026-33017 सक्रिय रूप से शोषित, UK ने Xinbi $19.9B क्रिप्टो म