Hackers compromise the Axios npm maintainer account to deliver platform-specific RATs to millions of JavaScript projects. Silver Fox APT launches AtlasCross RAT through typosquatted domains impersonating Surfshark, Signal, and Zoom. A new AI agent risk framework categorizes enterprise agents by access and autonomy. The Dutch Finance Ministry takes its treasury banking portal offline after a breach. A Maryland man is charged with stealing $53 million from the Uranium Finance crypto exchange.
Two malicious versions of the Axios npm package (1.14.1 and 0.30.4) were published on March 31, 2026 using compromised maintainer credentials. Immediate action required: downgrade to 1.14.0 or 0.30.3 and rotate all secrets.
In one of the most impactful supply chain attacks of 2026, hackers compromised the npm account of Jason Saayman, the primary maintainer of the Axios HTTP client library, and published two malicious versions that inject a cross-platform remote access trojan (RAT) targeting Windows, macOS, and Linux systems.
Axios is one of the most widely used packages in the JavaScript ecosystem with over 83 million weekly downloads and more than 400 million monthly downloads. The attack was carefully staged:
plain-crypto-js@4.2.0 was published as coveraxios@1.14.1 published via compromised credentialsaxios@0.30.4 published, hitting both release branches within 39 minutesThe malware delivers platform-specific payloads from the C2 server:
/Library/Caches/com.apple.act.mond%PROGRAMDATA%\wt.exe disguised as Windows Terminal, executes VBScript-delivered RAT/tmp/ld.py and executed via nohupAccording to StepSecurity, Endor Labs, Socket, and Aikido, this was "not opportunistic" — the staging, multi-platform targeting, and forensic evasion indicate a sophisticated, premeditated attack. The npm account's email was changed to a Proton Mail address under attacker control.
This attack demonstrates why supply chain security can't be an afterthought. KENSAI's continuous dependency monitoring detects anomalous package updates — new dependencies, changed maintainers, and suspicious post-install scripts — before they reach production.
The Chinese cybercrime group Silver Fox (also tracked as SwimSnake, Valley Thief, UTG-Q-1000, Void Arachne) has expanded its campaign with a previously undocumented RAT named AtlasCross, distributed through 11 confirmed typosquatted domains impersonating popular software brands.
The fake domains target Chinese-speaking users and impersonate:
| Domain | Impersonated Brand | Category |
|---|---|---|
www-surfshark.com | Surfshark VPN | VPN |
signal-signal.com | Signal | Encrypted Messaging |
telegrtam.com.cn | Telegram | Encrypted Messaging |
app-zoom.com | Zoom | Video Conferencing |
www-teams.com | Microsoft Teams | Video Conferencing |
trezor-trezor.com | Trezor | Crypto Wallet |
quickq-quickq.com | QuickQ VPN | VPN |
AtlasCross RAT represents a significant capability upgrade from Silver Fox's previous tools (ValleyRAT, Gh0st RAT derivatives):
Typosquatting attacks targeting security-conscious users seeking VPNs and encrypted messengers is particularly insidious. KENSAI's domain monitoring and phishing detection capabilities help organizations identify and block typosquatted domains before employees fall victim.
Key Insight: AI agent risk scales with two factors: access (what systems it can reach) and autonomy (how independently it acts). CISOs should prioritize security based on this matrix.
As enterprises move beyond chatbots to autonomous AI agents that reason, plan, and act across systems, a new risk taxonomy has emerged that categorizes agents into three tiers:
Operate inside managed platforms for internal support, HR, and customer service. Limited autonomy but risk comes from overly permissive API connectors and embedded credentials that create privileged gateways to critical resources.
Run on employee endpoints, integrating with development environments, terminals, and productivity tools. They inherit user permissions and can access GitHub, Slack, internal APIs, and cloud environments — often without centralized identity governance. Security teams frequently have zero visibility into what these agents can access.
Autonomous agents operating in production environments with direct access to business-critical services, infrastructure, and customer data. These require the highest security scrutiny — dedicated service identities, audit trails, and continuous monitoring.
The framework emphasizes that the biggest governance gap is in Tier 2 (local agents), where rapid adoption outpaces security controls. Employees are connecting AI agents to enterprise systems via personal credentials with no centralized oversight.
This taxonomy aligns with what we see in the field. Organizations deploying AI agents need the same rigor they apply to microservices: dedicated identities, least-privilege access, and continuous security testing. KENSAI identifies exposed APIs, misconfigured credentials, and unsanctioned agent access paths across your infrastructure.
The Dutch Ministry of Finance has taken its digital treasury banking portal and related systems offline while investigating a cyberattack detected two weeks ago.
The Dutch Ministry of Finance confirmed it has taken several systems offline, including its digital portal for treasury banking, following the detection of a cyberattack approximately two weeks prior to the March 31 disclosure.
Key details:
This incident follows the broader pattern of European government institutions being targeted in 2026, including the EU Commission breach disclosed earlier this week where 350GB of data was reportedly stolen by ShinyHunters. The Netherlands has been particularly active in cyber defense — Dutch police recently made high-profile arrests in other cybercrime investigations.
Government financial portals face nation-state-grade threats. The two-week gap between detection and disclosure highlights the complexity of forensic investigation in these environments. KENSAI's continuous monitoring reduces detection-to-response time by flagging anomalous access patterns in real-time.
U.S. prosecutors have charged a Maryland man with stealing more than $53 million after hacking the Uranium Finance decentralized cryptocurrency exchange — not once, but twice — and laundering the proceeds through a cryptocurrency mixer.
Key details from the indictment:
The case is significant as it demonstrates U.S. law enforcement's increasing capability to de-anonymize cryptocurrency transactions and trace funds through mixing services. DeFi protocol exploits remain one of the most lucrative attack vectors in 2026, with billions lost to smart contract vulnerabilities across the ecosystem.
Smart contract vulnerabilities remain the Achilles' heel of DeFi. While traditional web application security has matured, blockchain application security is still catching up. KENSAI's application security testing extends to API endpoints and web interfaces that interact with blockchain protocols, identifying vulnerabilities before they become $53M incidents.
| Story | Category | Impact | Action |
|---|---|---|---|
| Axios npm Supply Chain Attack | Supply Chain | 83M+ weekly downloads exposed | Downgrade immediately, rotate secrets |
| Silver Fox AtlasCross RAT | APT / Malware | 11 typosquatted domains active | Block domains, monitor for IOCs |
| AI Agent Risk Taxonomy | Governance | Enterprise-wide | Audit local agent access and credentials |
| Dutch Finance Ministry Breach | Government | Treasury portal offline | Review financial system access controls |
| Uranium Finance $53M Hack | DeFi / Crypto | $53M stolen | Audit smart contract interactions |
KENSAI continuously monitors your dependencies and infrastructure against supply chain threats, typosquatting, and emerging attack vectors.
Start Your Free Security Scan →Published by KENSAI Research · March 31, 2026