๐ก๏ธ Daily Security Research Brief
๐ด Supply Chain Attacks
Axios npm Package Compromised โ Cross-Platform RAT Deployed
Critical supply-chain npm ratThe Axios HTTP client (100M+ weekly downloads) suffered a targeted supply chain attack. Attacker compromised maintainer Jason Saayman's npm account and published malicious versions 1.14.1 and 0.30.4 injecting a fake dependency plain-crypto-js that delivers platform-specific RATs to Windows, macOS, and Linux.
- Malicious dependency was staged 18 hours in advance โ this was premeditated
- RAT supports shell command execution, directory enumeration, and base64-encoded binary payloads
- Dropper self-destructs and replaces package.json with clean copy to hinder forensics
- Published without OIDC package origin, no matching GitHub commit
Action: Check lockfiles for axios@1.14.1 or axios@0.30.4 immediately. Pin to known-good versions. Audit CI/CD for unexpected dependency changes.
Cisco Breached via Trivy Supply Chain Attack โ Source Code Stolen
Critical supply-chain breach TeamPCPCisco's internal development environment was breached using credentials stolen from the Trivy vulnerability scanner supply chain attack. Threat actors cloned 300+ GitHub repositories including source code for AI Assistants, AI Defense, and unreleased products.
- Multiple AWS keys stolen and used for unauthorized activities across Cisco AWS accounts
- Stolen repos include code belonging to banks, BPOs, and US government agencies
- Multiple threat actors involved with varying activity levels
- Attack attributed to TeamPCP threat group โ same actors behind Trivy, LiteLLM, and Checkmarx compromises
- Cisco has isolated affected systems and begun credential rotation
๐ฏ Active Exploitation & Zero-Days
TrueConf Zero-Day (CVE-2026-3502) Exploited Against SE Asian Governments
High โ CVSS 7.8 zero-day apt china-nexusA zero-day in TrueConf video conferencing client was exploited in the wild in a campaign dubbed TrueChaos targeting government entities in Southeast Asia. The flaw allows attackers who control an on-premises TrueConf server to distribute tampered updates to all connected endpoints.
- Exploited to deploy Havoc C2 framework via DLL side-loading
- Attributed with moderate confidence to a Chinese-nexus threat actor
- Uses Alibaba Cloud and Tencent infrastructure for C2
- Same victims targeted with ShadowPad in the same timeframe
- Patched in TrueConf Windows client version 8.5.3
Citrix NetScaler Critical Flaw (CVE-2026-3055) Under Active Exploitation
Critical โ CVSS 9.3 active-exploitation citrixA critical vulnerability in Citrix NetScaler ADC and NetScaler Gateway is being actively exploited since March 27. The flaw involves insufficient input validation leading to memory overread, leaking potentially sensitive information. Exploitation requires the appliance to be configured as a SAML Identity Provider.
Action: Patch immediately. Check SAML IDP configurations for indicators of compromise.
Fortinet FortiClient EMS SQL Injection โ Exploitation Begins
Critical active-exploitation fortinetA critical SQL injection vulnerability in Fortinet FortiClient EMS allows unauthenticated attackers to execute arbitrary code remotely via crafted HTTP requests. Exploitation has been observed in the wild.
๐ฌ Vulnerabilities & CVEs
Vim & Emacs RCE Bugs Discovered by Claude AI
High rce ai-discovered vim emacsResearcher Hung Nguyen used Claude to discover RCE vulnerabilities in both Vim and GNU Emacs triggered simply by opening a file.
- Vim: Modeline handling bypass allows sandbox escape and arbitrary command execution. Affects all versions โค9.2.0271. Patched in 9.2.0272.
- Emacs: vc-git integration reads attacker-controlled
.git/configand executescore.fsmonitorprograms. Emacs maintainers consider this Git's responsibility โ unpatched.
GIGABYTE Control Center โ Arbitrary File Write Flaw
High arbitrary-write gigabyteGIGABYTE Control Center is vulnerable to an arbitrary file-write flaw allowing remote, unauthenticated attackers to access files on vulnerable hosts.
StrongSwan Integer Underflow โ VPN Crash (15 Years of Releases)
High vpn dosA remotely exploitable integer underflow vulnerability in StrongSwan allows unauthenticated attackers to crash VPN connections. The flaw spans 15 years of releases.
Vertex AI Permission Model Abuse โ Google Cloud Data Exposure
High cloud google aiPalo Alto Unit 42 disclosed a security blind spot in Google Cloud's Vertex AI platform where AI agents can be weaponized to gain unauthorized access to sensitive data and compromise cloud environments through permission model misuse.
CrewAI Vulnerabilities โ Sandbox Escape via Prompt Injection
High ai-agents sandbox-escapeVulnerabilities in the CrewAI framework allow attackers to exploit prompt injection to chain bugs together, escape the sandbox, and execute arbitrary code on host devices.
OpenAI Codex / ChatGPT Vulnerabilities Patched
High openai data-exfiltrationOpenAI patched two vulnerabilities: a ChatGPT data exfiltration flaw allowing covert extraction of conversation data via a single malicious prompt, and a Codex vulnerability enabling GitHub token compromise.
๐ Data Breaches & Incidents
Lloyds Banking Group โ 450,000 Users' Transactions Exposed
High breach bankingA faulty software update at Lloyds Banking Group led to mobile banking users' transaction data being exposed to other users of the application, impacting approximately 450,000 individuals.
CareCloud Healthcare Platform โ Potential Data Breach
Medium healthcare breachHealthcare IT platform CareCloud disclosed a cybersecurity incident involving one of its electronic health record environments. Investigation is ongoing.
Anthropic Claude Code Source Leak
Medium leak aiAnthropic accidentally leaked the source code for Claude Code (closed source) via an npm package. The company says no customer data or credentials were exposed.
๐ฆ Malware & Threat Actors
Silver Fox / AtlasCross RAT Campaign โ Asia-Wide Typosquatting
apt rat typosquattingChinese cybercrime group Silver Fox is running an active campaign using 11+ typosquatted domains impersonating Surfshark VPN, Signal, Telegram, Zoom, Microsoft Teams, and others to deliver the newly documented AtlasCross RAT. This represents an evolution from their previous Gh0st RAT derivatives.
Venom Stealer โ Continuous Credential Harvesting
infostealer maasVenom Stealer, a licensed malware-as-a-service with built-in persistence and automation, enables attackers to continuously siphon credentials, session data, and cryptocurrency assets from compromised systems.
TeamPCP Moves from OSS to AWS Environments
cloud aws lateral-movementAfter validating stolen credentials using TruffleHog, the TeamPCP hacking group has been observed starting AWS services enumeration and lateral movement activities โ expanding from open-source supply chain attacks into cloud infrastructure compromise.
๐ก Emerging Trends
AI Agent Security Becomes a Critical Concern
Multiple stories this cycle highlight the growing attack surface around AI agents:
- CrewAI sandbox escape via prompt injection chains
- Vertex AI permission abuse for cloud data access
- OpenAI Codex GitHub token compromise
- LLMs silently breaking access control โ writing Rego/Cedar policies with missing conditions
- Growing consensus that AI agents need zero-trust verification, not implicit trust
Supply Chain Attack Industrialization
The TeamPCP group's simultaneous compromise of Trivy, LiteLLM, Checkmarx, and now Axios demonstrates supply chain attacks are being industrialized at scale. Key pattern: compromise maintainer accounts โ inject dependencies โ steal CI/CD credentials โ pivot to cloud infrastructure.
Quantum Computing Threat Acceleration
Google researchers demonstrated that breaking Bitcoin and Ethereum encryption requires 20ร fewer qubits than previously estimated. While not immediately practical, this significantly accelerates the timeline for post-quantum cryptography migration urgency.
๐ ๏ธ Tools & Releases
Proton Meet โ Privacy-Focused Video Conferencing
Proton launched Meet, a privacy-focused video conferencing platform positioned as an alternative to Google Meet, Zoom, and Microsoft Teams. End-to-end encrypted by default.
Censys Raises $70M for Internet Intelligence Platform
Censys raised $70M (total: $149M) to expand its internet intelligence platform for attack surface management and threat hunting.