Weekly Security Intelligence Briefing — Week of 2026-04-06

Executive Summary

The week of April 6, 2026 presents an exceptionally high-density threat landscape dominated by a coordinated software supply chain campaign (TeamPCP) that compromised multiple widely-deployed security and developer tools, including Aqua Security Trivy, LiteLLM, Checkmarx KICS, and the Axios npm package, resulting in confirmed breaches of European Commission AWS accounts and exposure of Cisco source code. Simultaneously, North Korean threat actors (UNC1069/Lazarus Group) trojanized the Axios npm library — which serves over 300 million weekly downloads — with a cross-platform NukeSped RAT, confirmed with high-confidence IOCs including file hashes and C2 infrastructure. Identity infrastructure faced unprecedented pressure from a 37-fold surge in device code phishing attacks targeting Microsoft 365 and Entra ID tenants, while a separate campaign exploited Microsoft Entra ID and Intune to conduct mass device wipes across 79 countries, degrading CISA operational capacity. Ransomware activity expanded with Qilin targeting a German political party and Marquis Fintech exposing 672,000 bank customer records. Iran-aligned hacktivist groups escalated DDoS and defacement campaigns against banks, telecoms, and critical infrastructure across 16+ countries, compounding geopolitical cyber risk. Germany’s formal attribution of REvil operator Daniil Shchukin signals continued law enforcement pressure on ransomware-as-a-service ecosystems. This week the SCC pipeline processed 57 intelligence items across campaigns, data breaches, CVEs, governance developments, and security stories. No formal CISA emergency directives were confirmed this week; one claimed directive (SCC-STY-2026-0047) was flagged as unverified and should not be treated as a compliance obligation.

Critical Action Items

1. Axios npm Supply Chain — Lazarus Group RAT (axios v1.14.1, v0.30.4): Audit all package-lock.json and yarn.lock files across repositories, CI/CD pipelines, and deployed environments for Axios versions 1.14.1 or 0.30.4. Block installation of these versions at your artifact proxy. Isolate any system that resolved either version during the March 31, 2026 window (00:21–03:29 UTC). Rotate all credentials accessible from affected developer and pipeline environments. No CISA KEV deadline published at time of writing; treat as P1.
2. Trivy / KICS GitHub Actions Supply Chain (TeamPCP): Immediately pin all GitHub Actions workflow references to verified commit SHAs — replace all mutable tag references to aquasecurity/trivy-action, aquasecurity/setup-trivy, and checkmarx/kics-github-action. Rotate all secrets, tokens, and cloud credentials (AWS IAM keys, GitHub tokens) accessible to any pipeline that invoked these Actions during the exposure window (~March 19, 2026 onward). Reference Aqua Security incident discussion at https://github.com/aquasecurity/trivy/discussions/10425.
3. Mass Entra ID / Intune Device Wipe Campaign: Audit all Entra ID accounts with Intune Device Administrator or Intune Administrator roles immediately. Remove standing privileged access and implement Privileged Identity Management (PIM) just-in-time activation. Enforce phishing-resistant MFA (FIDO2/certificate-based) on all accounts with Intune management rights. Block legacy authentication protocols via Conditional Access. Alert on any single account initiating wipe actions against more than five devices per hour.
4. Device Code Phishing (37x Surge — Microsoft 365, Entra ID, Okta): Restrict or disable the OAuth 2.0 Device Authorization Grant flow for your tenant unless operationally required for headless devices. In Microsoft Entra ID, implement a Conditional Access policy blocking the Device Code Flow authentication flow (requires Entra ID P1/P2). Query SigninLogs for AuthenticationProtocol == ‘deviceCode’ and investigate any non-headless-device user authenticating via this method. Revoke all active refresh tokens for any confirmed compromised accounts.
5. Cisco IMC Authentication Bypass (CVSS 9.8, cisco-sa-cimc-auth-bypass-AgG2BxTn): Restrict network access to all IMC management interfaces immediately. Identify affected Cisco server hardware via CMDB cross-reference against Cisco Advisory cisco-sa-cimc-auth-bypass-AgG2BxTn at sec.cloudapps.cisco.com. Apply firmware updates per advisory — OS-level patching is insufficient; this requires BMC firmware update. If IMC interfaces are internet-exposed, escalate to P1 for immediate containment.
6. LiteLLM PyPI Supply Chain Compromise (TeamPCP / AI Toolchain): Audit all environments for the litellm PyPI package. Consult the Datadog Security Labs advisory (https://securitylabs.datadoghq.com/articles/litellm-compromised-pypi-teampcp-supply-chain-campaign/) for affected version range. Rotate all API keys and credentials accessible to processes running LiteLLM. Rebuild affected containers from verified base images. Implement pip hash-checking for all PyPI dependencies.
7. Google Chrome Zero-Day (Actively Exploited, CVSS 8.8): Deploy the patched Chrome version to all endpoints via software distribution platform immediately. Verify installed version matches or exceeds the patched build published at https://chromereleases.googleblog.com. Prioritize internet-facing workstations, developer machines, and privileged-access endpoints. Enable Chrome auto-update policies for all managed endpoints and validate compliance. Check CISA KEV at cisa.gov for any associated deadline.
8. ShinyHunters / Okta SSO Exploitation (Zendesk, Multiple SaaS Tenants): Revoke suspicious sessions via Okta Admin Console immediately. Enforce MFA on all Okta accounts with access to Zendesk and other connected SaaS platforms. Restrict Zendesk access to known office IP ranges using Okta network zone policies. Rotate all Zendesk API tokens and audit the Zendesk Audit Log for bulk ticket exports, API token generation, or role changes outside change-control windows.

Key Security Stories

TeamPCP Supply Chain Campaign: Security Scanners Weaponized, European Commission AWS Breached, 71 EU Entities Exposed

The TeamPCP threat actor executed one of the most operationally significant supply chain campaigns of 2026, compromising Aqua Security’s Trivy vulnerability scanner GitHub Action, the LiteLLM PyPI package, and Checkmarx KICS. The attack chain leveraged compromised GitHub maintainer accounts to publish malicious Action tags and PyPI packages, enabling arbitrary code execution in CI/CD pipelines consuming these tools. The European Commission’s AWS accounts were among confirmed victims, with Cisco source code and AWS credentials exfiltrated in a separate but related intrusion that also exposed 71 EU entities.

The campaign’s technical sophistication is notable: attackers used hijacked GitHub accounts (T1586.003) to stage malicious releases, then harvested credentials stored in pipeline environment variables (T1552.001) and accessed cloud infrastructure via stolen tokens (T1528, T1552.004). A secondary malicious Trivy release (v0.69.4) was published after initial containment — a re-compromise that demonstrates the attacker’s awareness of incident response timelines and willingness to exploit the window between detection and full remediation. Datadog Security Labs published the primary technical analysis of the LiteLLM component at https://securitylabs.datadoghq.com/articles/litellm-compromised-pypi-teampcp-supply-chain-campaign/. Attribution remains publicly disputed, with conflicting claims from ShinyHunters and Lapsus$, which complicates breach scoping for affected organizations.

The immediate actions for all organizations consuming these tools are: pin GitHub Actions to verified commit SHAs, audit LiteLLM installations against the affected version matrix in the Datadog advisory, rotate all cloud credentials accessible to affected pipelines, and implement OIDC-based short-lived credential federation for CI/CD to eliminate static API key exposure. This campaign directly maps to NIST SP 800-53 SR-3 (Supply Chain Controls), SI-7 (Software Integrity), and CM-3 (Configuration Change Control). Source: Datadog Security Labs, Wiz, StepSecurity, Aqua Security.

Lazarus Group (UNC1069) Trojanizes Axios npm Package — 300 Million Weekly Downloads, Cross-Platform NukeSped RAT Deployed

North Korean threat actors operating as UNC1069/Lazarus Group compromised the npm maintainer account for Axios — the most widely used HTTP client library in the JavaScript ecosystem — and published malicious versions 1.14.1 and 0.30.4 containing a cross-platform NukeSped remote access trojan. The trojanized versions were live on npm for approximately three hours on March 31, 2026 (00:21–03:29 UTC). The attack introduced a malicious dependency, plain-crypto-js, as a dropper. Confirmed IOCs include SHA-256 hashes for the malicious tarballs and the NukeSped macOS and Windows payloads, as well as the C2 domain sfrclak[.]com on port 8000 (IP: 142.11.206.73, ASN 54290, Hostwinds LLC, Seattle WA — same /18 CIDR as previously confirmed Lazarus infrastructure).

The RAT supports all three major platforms (Windows, macOS, Linux), establishing persistence via Registry Run Keys on Windows (T1547.001), Launch Daemons on macOS (T1543.004), and cron/systemd on Linux. It communicates via HTTP POST to the C2 and supports remote command execution, process and file discovery, and credential access. This attack follows the same ClickFix-assisted maintainer account compromise playbook seen in the broader UNC1069 campaign, where spearphishing links targeting high-impact open-source maintainers (T1566.002) enabled account takeover and malicious package publication. Microsoft’s Security Blog (April 1, 2026) provided early coverage.

All organizations consuming Axios in Node.js applications must audit for these specific versions immediately. Given Axios’s presence as a transitive dependency in thousands of npm packages, indirect exposure is possible even where Axios is not a direct dependency. Rotate all credentials accessible from any environment that resolved either malicious version. Confirmed SHA-256 hashes: axios-1.14.1.tgz: 5bb67e88846096f1f8d42a0f0350c9c46260591567612ff9af46f98d1b7571cd; axios-0.30.4.tgz: 59336a964f110c25c112bcc5adca7090296b54ab33fa95c0744b94f8a0d80c0f.

Device Code Phishing Surges 37x — PhaaS Maturity Threatens Identity Infrastructure Across Microsoft 365, Entra ID, and Okta

A 37-fold increase in device code phishing attacks was documented this week, signaling the maturation of Phishing-as-a-Service platforms delivering this technique at scale. The attack exploits the legitimate OAuth 2.0 Device Authorization Grant flow: victims receive a lure (via Teams, email, or document services) prompting them to enter a device code at login.microsoftonline.com/common/oauth2/deviceauth. When the victim authenticates, the attacker’s application receives a fully valid refresh token, bypassing MFA entirely without phishing credentials directly. Platforms affected include Microsoft 365, Entra ID, Teams, SharePoint, Citrix ShareFile, Okta, Adobe document services, and DocuSign.

This technique is particularly dangerous because the authentication occurs on a legitimate Microsoft endpoint — no malicious URL is visited, making URL-based detection ineffective. The attacker gains a refresh token that can persist for weeks, surviving password resets unless token revocation is explicitly performed. Detection requires querying Entra ID SigninLogs for AuthenticationProtocol == ‘deviceCode’ and correlating against the known inventory of legitimate headless devices in the organization. Any device code authentication from a standard user workstation is a high-confidence anomaly warranting investigation. Key MITRE techniques: T1528 (Steal Application Access Token), T1550.001 (Application Access Token), T1111 (MFA Interception).

The primary remediation is a Conditional Access policy in Entra ID (requires P1/P2) that blocks the Device Code Flow authentication method for all users, with exceptions only for confirmed headless device use cases. Organizations not yet on Entra ID P1/P2 should evaluate this as a forcing function for licensing. For compromised accounts, password reset alone is insufficient — refresh token revocation via Revoke-MgUserSignInSession (PowerShell) or the Entra admin portal is required. Source: SCC pipeline item SCC-CAM-2026-0148.

Mass Entra ID / Intune Device Wipe Campaign Compromises Organizations Across 79 Countries, Degrades CISA Operational Capacity

A critical campaign exploiting Microsoft Entra ID and Intune administrative roles executed mass device wipes against organizations across 79 countries, with confirmed victims including Stryker Corporation and U.S. government organizations including CISA. The attack leveraged compromised cloud accounts with Intune Device Administrator or Intune Administrator role assignments to issue wipe commands at scale (T1485). The initial CISA alert was published March 18, 2026. Specific attack vectors (initial account compromise method) have not been publicly confirmed at the time of this briefing.

The campaign underscores a fundamental design risk: Intune’s device management capabilities allow a single compromised identity with administrator roles to irreversibly destroy data across an entire managed endpoint fleet. Standing privileged access — rather than just-in-time activation via Privileged Identity Management — was the enabling condition. Organizations that had not implemented detection rules for bulk wipe operations in their SIEM were likely unaware until operational disruption began. The key MITRE techniques are T1485 (Data Destruction), T1078.004 (Cloud Accounts), and T1530 (Data from Cloud Storage).

Immediate controls: restrict Intune Device Administrator and Intune Administrator roles to PIM-activated access, enforce FIDO2/certificate-based MFA on all accounts with these roles, and create a SIEM alert for any single account initiating wipe actions against more than five devices within a one-hour window. Query Intune audit events for ‘wipeDevice’ operations from accounts authenticating from unfamiliar ASNs or without phishing-resistant MFA. Source: SCC-CAM-2026-0133; CISA alert 2026-03-18.

ShinyHunters Exploits Okta SSO to Breach Zendesk Instances; European Commission AWS Breach Claims 350GB Exfiltration

ShinyHunters continued active SaaS-targeting operations this week on two distinct fronts. In the first, the group exploited Okta SSO credentials to access Zendesk customer service instances at Hims & Hers Health, ManoMano, and Crunchyroll, extracting support ticket data containing customer PII. In the second, ShinyHunters claimed responsibility for a 350GB exfiltration from the European Commission’s Europa.eu AWS-hosted cloud infrastructure, asserting access via compromised Okta, Microsoft, and Google SSO integrations. The European Commission breach claim is unverified by primary sources as of this briefing, but the attack vector is consistent with the group’s documented TTPs and the parallel TeamPCP supply chain activity documented this week.

ShinyHunters’ persistent focus on SSO-connected SaaS reflects a tactical evolution: rather than targeting on-premises infrastructure, the group harvests credentials from one SSO provider and systematically accesses every SaaS application in the federated trust chain. The absence of separate MFA enforcement on downstream SaaS applications (relying solely on SSO authentication) is the critical control gap. In the Zendesk campaign, no malware was deployed — the attack relied entirely on valid stolen credentials (T1078, T1078.004), making it invisible to traditional endpoint detection. MITRE techniques observed: T1530, T1550.001, T1114.003 (Email Forwarding Rule), T1213 (Data from Information Repositories).

For organizations using Okta as an identity provider for Zendesk or other SaaS platforms: review the Okta System Log for device code authentication events and anomalous token grants correlated with Zendesk activity, enforce MFA on all Okta accounts (hardware key or passkey preferred), and audit Zendesk for bulk ticket exports and unauthorized API token generation. Sources: SCC-CAM-2026-0145; SCC-DBR-2026-0070.

Iran-Aligned Hacktivist Campaign Escalates Against US, Israeli, and Allied Critical Infrastructure Across 16+ Countries

Iran-aligned hacktivist groups significantly escalated operations against banks, telecommunications providers, government agencies, and critical infrastructure operators across at least 16 countries, with US, Israeli, and allied nation targets as the primary focus. The campaign employs DDoS (T1498, T1499), website defacement (T1491.002), spear phishing (T1566), and hack-and-leak operations (T1567). The escalation is directly tied to the ongoing Iran-Israel-US military conflict context documented in SCC-GOV-2026-0010, which also includes reports of Iranian internet shutdowns and information controls affecting civilian communications infrastructure. Unit 42’s threat brief at https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/ is the primary IOC source for this campaign; organizations should monitor this URL for updated indicator releases.

For critical infrastructure operators and financial sector organizations, the immediate priority is DDoS mitigation validation: confirm cloud scrubbing capacity, ISP-level traffic baseline agreements, and rate limiting configurations on all public-facing portals. The Canadian Centre for Cyber Security (CCCS) published a February 2026 bulletin on Iranian cyber threat response patterns (https://www.cyber.gc.ca/en/guidance/cyber-threat-bulletin-iranian-cyber-threat-response-usisrael-strikes-february-2026) that provides additional TTP context. Separately, CISA’s Iran threat overview at https://www.cisa.gov/topics/cyber-threats-and-advisories/advanced-persistent-threats/iran should be reviewed for current IOC sets. The BGP route change and T1583 (infrastructure acquisition) indicators described in SCC-GOV-2026-0010 suggest pre-positioning for additional capability deployment.

Detection priority areas: volumetric traffic anomalies against perimeter infrastructure (150% above 7-day rolling baseline as a threshold trigger), file integrity monitoring for web server document roots flagging unauthorized modification, and phishing filter review for Iran-themed lures targeting financial sector staff. Source: SCC-CAM-2026-0147; SCC-GOV-2026-0010.

Apple Issues Rare Backport Patch for iOS 18 Against DarkSword Mobile Exploitation Tool

Apple issued an unusual backport security patch for iOS 18 and iPadOS 18 in response to active exploitation of the DarkSword mobile exploitation framework. Apple’s decision to backport a patch rather than require an upgrade to iOS 19 signals that the vulnerability is significant enough to warrant protecting users on the current major version — a relatively rare occurrence in Apple’s patching cadence. DarkSword maps to multiple MITRE ATT&CK for Mobile techniques including T1404 (Exploitation for Privilege Escalation), T1417 (Input Capture), T1629 (Impair Defenses), and T1437 (Application Layer Protocol for C2). No CVE has been confirmed in available sources at time of writing; consult the Apple Support advisory for updates.

Enterprise mobile device management teams should treat this as a priority deployment, not a standard patch window item. The MDM action is immediate: query your MDM console for enrolled iOS/iPadOS 18 devices with patch level below the backport release and push the update as a priority deployment. Devices policy-locked to iOS 18 due to app compatibility holds should have those holds re-evaluated urgently. For organizations using Mobile Threat Defense solutions, verify that MTD detection rules cover DarkSword behavioral patterns: privilege escalation attempts, anomalous inter-process communication, and unexpected network connections from device-resident apps. Source: SCC-STY-2026-0045.

Strapi Plugin Impersonation Campaign Deploys 8-Stage Attack Chain via npm Supply Chain — Cryptocurrency Platforms Targeted

A sophisticated supply chain campaign published 36 malicious npm packages impersonating Strapi CMS plugins, deploying an eight-stage attack chain targeting cryptocurrency platforms. The campaign specifically targeted environments running Strapi CMS with Redis, PostgreSQL, Docker, Kubernetes, and GitHub Actions integrations. Confirmed targeted platforms for credential extraction include Polymarket and bittensor-wallet. The attack chain progresses from initial package installation through container escape (T1611), persistence via cron job creation (T1053.003) and web shell deployment (T1505.003), credential harvesting from database configurations and environment variables (T1552.001, T1552.007), to exfiltration via C2 channel (T1041). A hard-coded target hostname, prod-strapi, was found in malicious payloads, indicating pre-identified victim environments.

SafeDep published the primary research report at https://safedep.io/malicious-npm-strapi-plugin-events-c2-agent, which contains the full list of 36 malicious package names. Organizations should cross-reference all installed Strapi-adjacent npm packages against this list immediately. Any environment with a hostname matching prod-strapi should be treated as a high-priority investigation target. The attack’s breadth — spanning npm to Docker to Kubernetes to GitHub Actions to PyPI — reflects a threat actor with deep familiarity with modern cloud-native development environments. The CVSS base score for this campaign item is reported as 9.5.

Immediate containment: audit npm packages in all Strapi deployments for packages from non-@strapi npm publisher accounts, isolate any host matching the prod-strapi hostname from network egress, and rotate all database credentials (Redis, PostgreSQL) and API keys accessible from Strapi application environments. Post-incident, implement npm package allowlisting or private registry mirroring to prevent unauthorized package installation. Source: SCC-CAM-2026-0150.

Qilin Ransomware Targets Die Linke German Parliamentary Party; Hasbro SEC Disclosure Signals Multi-Week Enterprise Breach

Qilin ransomware operators breached Die Linke, a German parliamentary party, in an attack framed within the broader context of hybrid warfare targeting European political institutions. The attack employed standard double-extortion TTPs: phishing for initial access (T1566), lateral movement via remote services (T1021), data staging and exfiltration (T1074, T1041), and ransomware deployment (T1486). No confirmed IOCs have been published by BSI, CERT-EU, or CISA at time of this briefing. The incident is significant as a signal of ransomware operators expanding targeting to political entities, likely for both financial and intelligence value. The BSI (Germany’s Federal Office for Information Security) and CERT-EU should be monitored for indicator releases.

Separately, Hasbro filed SEC disclosures confirming a multi-week cybersecurity breach causing operational disruptions to orders and shipping systems. The multi-week recovery timeline and system takedowns are consistent with ransomware or destructive malware activity, though no threat actor has claimed responsibility and no attack vector has been publicly confirmed. The SEC disclosure (8-K filing, available via SEC EDGAR) is the primary authoritative source; organizations with supply chain or vendor relationships with Hasbro should treat those integration points as potentially exposed and audit inbound data feeds and shared credentials accordingly.

For all organizations, these incidents provide current-week validation for ransomware readiness fundamentals: offline/immutable backup integrity testing, network segmentation effectiveness between backup and production infrastructure, VSS deletion detection rules (vssadmin delete shadows, wmic shadowcopy delete in EDR telemetry), and MFA enforcement on all remote access and administrative accounts. Sources: SCC-CAM-2026-0144; SCC-DBR-2026-0074; SCC-DBR-2026-0072.

Germany Formally Names REvil/GandCrab Operator Daniil Shchukin (UNKN) — Attribution Signal for Active Ransomware Defense Review

Germany’s Federal Criminal Police Office (BKA) formally named Daniil Maksimovich Shchukin as the threat actor known as UNKN — a senior operator in both the GandCrab and REvil ransomware-as-a-service ecosystems, responsible for 130+ confirmed incidents globally. The BKA wanted notice is available at https://www.bka.de/DE/IhreSicherheit/Fahndungen/Personen/BekanntePersonen/CC_BW/DMS/Sachverhalt.html. This is an attribution event, not a new attack. No new IOCs were published alongside the attribution. The historical REvil leak site happy-blog[.]su is confirmed offline since 2021 and should not be treated as an active indicator.

The operational value of this attribution for security teams is as a pressure test signal: organizations should use this as a trigger to validate ransomware controls against documented REvil TTPs. Key control gaps to assess include: MFA coverage on remote access and administrative accounts (T1078), supply chain vendor security review processes (T1195), immutable backup enforcement and VSS protection (T1490), and RMM tool access restriction policies (T1219). Detection guidance for REvil behavioral patterns remains valid: PowerShell with encoded commands, vssadmin.exe delete shadows, bcdedit.exe /set recoveryenabled no, rapid file extension changes across directories, and ransom note files in pattern [random]-readme.txt. Organizations that experienced GandCrab or REvil incidents and have not conducted post-incident reviews should consider whether this attribution surfaces new forensic context worth revisiting. Source: SCC-TAC-2026-0004.

Mercor AI Startup Breached via LiteLLM Open-Source Supply Chain Attack — AI/ML Toolchain Under Active Threat

AI startup Mercor confirmed a breach of its production environment via a supply chain attack on the LiteLLM open-source AI LLM proxy tool. This incident occurred in the same campaign cluster as the TeamPCP European Commission breach, establishing LiteLLM as a confirmed high-value supply chain target for attackers targeting AI infrastructure. The LiteLLM GitHub repository (https://github.com/BerriAI/litellm) should be monitored for maintainer incident disclosure, affected version range confirmation, and remediation commits. No confirmed file hashes or C2 infrastructure are available from primary sources at time of writing.

This incident is significant beyond the individual victim: it demonstrates that AI/ML toolchain components are now being actively targeted as supply chain entry points into production environments. Organizations integrating open-source AI tooling — including LiteLLM, LangChain, and similar frameworks — should apply the same supply chain risk controls used for production application dependencies. The critical actions are: run ‘pip show litellm’ across all environments, cross-reference installed versions against the Datadog Security Labs advisory, rotate all LLM provider API keys (OpenAI, Anthropic, etc.) configured in affected LiteLLM instances, and implement SBOM generation for all production AI/ML deployments. Source: SCC-CAM-2026-0146.

CISA KEV & Critical CVE Table

CVE	Product	CVSS	EPSS	Status	KEV Deadline	Description
Unconfirmed (see chromereleases.googleblog.com)	Google Chrome (all pre-patch versions, ~3.5B users)	8.8	Not published	Actively Exploited — In the Wild	Check CISA KEV; not confirmed at time of writing	Zero-day vulnerability in Google Chrome exploited in active attacks. Drive-by compromise vector (T1189). Patch via Chrome Releases blog.
cisco-sa-cimc-auth-bypass-AgG2BxTn (CVE unconfirmed in source data)	Cisco Integrated Management Controller (IMC) — multiple platform models	9.8	Not published	Patch Available — Active exploitation status not confirmed at time of writing	Check CISA KEV at cisa.gov/known-exploited-vulnerabilities-catalog	Authentication bypass in Cisco IMC grants unauthenticated admin access to out-of-band management interface. Requires BMC firmware update. See Cisco Advisory at sec.cloudapps.cisco.com.
Unconfirmed (TrueConf zero-day, no CVE published)	TrueConf Video Conferencing Software	8.8	Not published	Zero-Day — Active Campaign (TrueChaos), no patch confirmed at time of writing	Not applicable — no KEV entry confirmed	Zero-day in TrueConf exploited by TrueChaos campaign targeting Southeast Asian governments. No confirmed IOCs. Monitor TrueConf official advisory portal directly.
Multiple (VMware ESXi — specific CVE IDs require CISA KEV verification)	VMware ESXi	Per individual CVE	Per individual CVE	Actively Exploited (per SCC-STY-2026-0044 weekly roundup)	Cross-reference against CISA KEV at cisa.gov/known-exploited-vulnerabilities-catalog	Active exploitation of VMware ESXi vulnerabilities documented in weekly CVE roundup of 1,452 CVEs. Prioritize via EPSS score cross-reference at first.org/epss.
Multiple Cisco (9 advisories, 2 SD-WAN reported as actively exploited)	Cisco Firewall Products (ASA, FTD, FMC), SD-WAN, Enterprise Networking	Up to 10.0 (CVSS 10.0 reported for one firewall flaw)	Not published	Active exploitation reported for SD-WAN components — verify at Cisco Security Advisory portal	Check CISA KEV; CVE IDs require primary Cisco advisory confirmation	Cisco released 9 advisories this patch cycle. SD-WAN flaws reported as actively exploited. Restrict management interface access immediately. Source: SCC-STY-2026-0042.

Note: Several CVE IDs could not be confirmed from available source data for this briefing period. CVE IDs should be verified directly at nvd.nist.gov and CISA KEV before operational action. The absence of a formal CVE ID does not reduce the urgency of remediation for actively exploited vulnerabilities.

Supply Chain & Developer Tool Threats

This week’s supply chain threat landscape is defined by the convergence of multiple simultaneous attacks against the developer tool ecosystem, representing the most concentrated supply chain assault since the SolarWinds and 3CX incidents.

TeamPCP — Trivy, KICS, LiteLLM, and CI/CD Pipeline Compromise

TeamPCP compromised Aqua Security’s trivy-action GitHub Action, aquasecurity/setup-trivy, and Checkmarx’s KICS GitHub Action by hijacking maintainer accounts and publishing malicious tags. A second malicious Trivy release (v0.69.4) was published after initial containment, demonstrating attacker persistence. LiteLLM on PyPI was simultaneously compromised in the same campaign. All CI/CD pipelines consuming these tools via mutable version tags during the exposure window (approximately March 19, 2026 onward) should be treated as compromised. The authoritative remediation: pin all GitHub Actions to verified commit SHAs and verify LiteLLM package integrity against the Datadog Security Labs advisory.

Lazarus Group — Axios npm Package (v1.14.1, v0.30.4)

North Korean-attributed UNC1069 compromised the npm Axios maintainer account via a ClickFix-style spearphishing attack and published two malicious package versions containing the NukeSped cross-platform RAT. With 300+ million weekly downloads, Axios is a transitive dependency in a vast proportion of the JavaScript ecosystem. Both direct and transitive consumers are potentially affected. Confirmed malicious package hashes are provided in the IOC section of this briefing. The dependency dropper, plain-crypto-js, should be treated as a high-confidence compromise indicator in any node_modules directory.

Strapi Plugin Impersonation (npm) — Cryptocurrency Platform Targeting

Thirty-six malicious npm packages impersonating Strapi CMS plugins were published with a pre-identified victim hostname (prod-strapi) hard-coded in payloads. The eight-stage attack chain progresses through container escape to full environment compromise, with explicit targeting of Polymarket and bittensor-wallet cryptocurrency integrations. The SafeDep research report (https://safedep.io/malicious-npm-strapi-plugin-events-c2-agent) contains the full malicious package list.

Claude Code npm Source Map Exposure (Anthropic)

Anthropic inadvertently published @anthropic-ai/claude-code v2.1.88 with embedded TypeScript source maps (~60MB, ~512,000 lines), exposing internal source architecture. This is an intellectual property and security posture risk — the package does not contain a RAT. However, the exposure coincided with UNC1069 weaponizing the Claude Code narrative to distribute Vidar infostealer via SEO-poisoned GitHub repositories (github.com/idbzoomh) impersonating leaked Claude source. Developers who downloaded content from repositories claiming to contain leaked Claude source material during this window should treat their workstations as potentially compromised.

Google Vertex AI Default Permissions — AI Agent Credential Theft Path

Unit 42 documented that Google Cloud Vertex AI Agent Engine’s default Platform Service Account (P4SA) grants overly broad permissions to Cloud Storage and Artifact Registry, creating a credential theft and supply chain exposure path if an attacker gains code execution within an agent workload. Organizations using Vertex AI Agent Engine should replace the default P4SA with a Bring Your Own Service Account (BYOSA) configured with minimum required permissions. Review the IAM Recommender in Google Cloud Console for scoping guidance.

RoadK1ll — Node.js WebSocket Proxy Implant

Blackpoint Cyber documented RoadK1ll, a Node.js-based implant that converts compromised hosts into network relay points via WebSocket tunneling (T1572, T1090). The implant requires no registry-based persistence — process termination and file removal eliminate it, but it relies on the attacker’s ability to re-execute from the C2 if not fully evicted. Detection focus: outbound HTTP Upgrade (WebSocket) requests from internal hosts where WebSocket has no business justification.

AI-Generated Code as Supply Chain Risk

CSET and OpenSSF research this week formally quantified AI-generated code as a supply chain risk vector, with documented patterns of CWE-20 (input validation), CWE-284 (access control), and CWE-829 (insecure dependency inclusion) vulnerabilities in AI-generated output. Security teams should ensure SAST and SCA tooling runs at PR creation (not only at build time), and that AI-suggested package dependencies receive the same vetting as manually selected ones. This maps to NIST SP 800-218 SSDF practice PS.1.

Nation-State & APT Activity Summary

North Korea (Lazarus Group / UNC1069)

• Targeted Sectors: Software development (npm ecosystem), cryptocurrency platforms, AI toolchain consumers, high-impact open-source maintainers
• TTPs: ClickFix social engineering to compromise npm maintainer accounts (T1566.002); supply chain compromise via trojanized package publication (T1195.002); NukeSped cross-platform RAT delivery; spearphishing targeting open-source maintainers via Teams-themed lure pages; credential harvesting from developer workstations (T1555, T1539)
• IOCs (high confidence): C2 domain: sfrclak[.]com port 8000; C2 IP: 142.11.206.73 (ASN 54290); axios-1.14.1.tgz SHA-256: 5bb67e88846096f1f8d42a0f0350c9c46260591567612ff9af46f98d1b7571cd; axios-0.30.4.tgz SHA-256: 59336a964f110c25c112bcc5adca7090296b54ab33fa95c0744b94f8a0d80c0f; macOS RAT (com.apple.act.mond) SHA-256: 92ff08773995ebc8d55ec4b8e1a225d0d1e51efa4ef88b8849d0071230c9645a; Windows PowerShell Stage 2 RAT SHA-256: 617b67a8e1210e4fc87c92d1d1da45a2f311c08d26e89b12307cf583c900d101
• Status: Active campaign. Npm packages removed. Monitor for additional maintainer account compromises in the Node.js ecosystem.

China (Salt Typhoon — FBI Surveillance System Breach)

• Targeted Sectors: US federal law enforcement, surveillance infrastructure
• TTPs: Valid account abuse (T1078), automated collection from sensitive data repositories (T1119, T1213), exfiltration over web services (T1567). Federal investigators confirmed a “major” Chinese-linked hack of FBI internal systems supporting surveillance operations. Specific attack vector not publicly disclosed.
• IOCs: None publicly released. Behavioral detection against T1078 and T1119 patterns is the primary available approach.
• Status: Confirmed by federal investigators. No public technical disclosure. Source: SCC-DBR-2026-0077.

Iran (APT Groups and Iran-Aligned Hacktivists)

• Targeted Sectors: Banking, telecommunications, government, critical infrastructure across US, Israel, and allies (16+ countries confirmed)
• TTPs: DDoS (T1498, T1499), website defacement (T1491.002), spear phishing (T1566), hack-and-leak operations (T1567), infrastructure acquisition for pre-positioning (T1583), internal internet shutdowns and information controls (T1562.001)
• Attribution context: Escalation directly tied to ongoing Iran-Israel-US military conflict. Iran simultaneously imposing domestic internet shutdowns, suggesting defensive posturing alongside offensive operations. CCCS bulletin (February 2026) documents post-US/Israel-strikes Iranian cyber threat response patterns.
• IOCs: Monitor Unit 42 Threat Brief at https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/ for current indicators. CISA Iran overview: https://www.cisa.gov/topics/cyber-threats-and-advisories/advanced-persistent-threats/iran
• Status: Active, escalating. Priority for critical infrastructure, financial sector, and energy sector organizations.

Russia (REvil Attribution — Signal Event)

• Context: Germany’s BKA formally named Daniil Maksimovich Shchukin (UNKN) as a senior REvil/GandCrab operator. This is an attribution event, not a new attack. BKA wanted notice: https://www.bka.de/DE/IhreSicherheit/Fahndungen/Personen/BekanntePersonen/CC_BW/DMS/Sachverhalt.html
• Operational significance: Use as a trigger to validate ransomware controls against documented REvil TTPs. No new IOCs published.

Ukraine-Targeting (UAC-0255)

• Targeted Sectors: Ukrainian government, healthcare, finance, education, and security sector organizations
• TTPs: Impersonation of CERT-UA (T1036.005) via ukr.net email platform; spearphishing with malicious attachments delivering AGEWHEEZE RAT (T1566.001); Go-compiled RAT with scheduled task (T1053.005) and registry Run key (T1547.001) persistence; payload delivered via files.fm hosting infrastructure; screen capture (T1113) and clipboard collection (T1115)
• IOCs: Delivery platform domains: files.fm (payload hosting), ukr.net (phishing sender). Malicious emails use CERT-UA display name impersonation with non-cert.gov.ua sending domains.
• Status: Active multi-sector campaign. Organizations with Ukrainian government or healthcare partner relationships should apply CERT-UA impersonation detection rules immediately.

Phishing & Social Engineering Alert

ClickFix Social Engineering — Mainstream MaaS Deployment via Venom Stealer and DeepLoad

ClickFix social engineering has reached Malware-as-a-Service maturity with the documented Venom Stealer MaaS platform automating continuous credential harvesting campaigns. The attack flow: a malicious or compromised web page presents a fake CAPTCHA, browser error, or document verification dialog instructing the user to open the Windows Run dialog (Win+R) and paste a PowerShell command placed in the clipboard by the page. When executed, the payload downloads and executes a credential stealer targeting browser-stored passwords, session cookies, and cryptocurrency wallet keys. Apple’s macOS Tahoe 26.4 introduced a native terminal paste warning to address this vector on macOS. No equivalent Windows-native control exists at this time; detection and user training are the primary defenses.

DeepLoad — Advanced ClickFix with WMI Reinfection Persistence

DeepLoad represents a technical evolution of the ClickFix pattern, adding APC injection into LockAppHost.exe (a legitimate Windows process), WMI event subscription persistence (T1546.003) for autonomous reinfection approximately 72 hours post-remediation, and mshta.exe-based execution chain (T1218.005). The 72-hour reinfection delay is specifically designed to outlast standard incident response timelines that declare recovery after initial cleanup. Any incident response for suspected DeepLoad infections must include explicit WMI subscription auditing (root\subscription namespace) at 24, 48, and 96 hours post-remediation before declaring recovery complete.

Device Code Phishing — High-Confidence Microsoft Ecosystem Targeting

As detailed in the Key Security Stories section, device code phishing volume increased 37x this week. Lures are delivered via Microsoft Teams messages, email, SharePoint links, Adobe document pages, and DocuSign notifications. The common element is a request to navigate to login.microsoftonline.com/common/oauth2/deviceauth and enter a displayed code — a page and URL that are entirely legitimate, making user training to “avoid suspicious URLs” ineffective for this attack type. Training must specifically address the concept of device code authentication and instruct users to never enter a device code unless they personally initiated a device authentication workflow on a specific hardware device they are currently setting up.

CERT-UA Impersonation (UAC-0255) — Government and Healthcare Targeting

Organizations with connections to Ukrainian government or health sector networks should alert staff immediately that CERT-UA branding is being actively spoofed. Legitimate CERT-UA communications originate from @cert.gov.ua addresses. Any inbound communication claiming to be from CERT-UA with a sender address on ukr.net or any other commercial domain should be treated as a phishing attempt. Attachments should not be opened without out-of-band verification via official CERT-UA contact channels.

Vidar Infostealer — SEO-Poisoned GitHub Repos Exploiting AI Model Leak Narrative

Threat actors leveraged the Anthropic Claude Code source exposure narrative to seed SEO-poisoned GitHub repositories (attributed to account github.com/idbzoomh by Zscaler) impersonating leaked Claude source code. Developers searching for Claude Code leaked material who downloaded content from these repositories received a Rust-compiled dropper delivering Vidar infostealer and the GhostSocks SOCKS5 proxy implant. This pattern — fake repo lure following major AI news events — is a recurring and expanding delivery mechanism. Developer teams should be briefed that any GitHub repository claiming to contain leaked AI model source code or proprietary tooling should be treated as a high-confidence social engineering lure. Source: SCC-CAM-2026-0140; Zscaler Threat Intel; BleepingComputer.

Indicators of Compromise

Type	Indicator	Confidence	Campaign / Story	Context / Behavioral Note
Domain	sfrclak[.]com (defanged)	High	Axios npm / Lazarus NukeSped RAT	C2 domain; all three platform variants beacon via HTTP POST on port 8000. Block at DNS and perimeter.
IP	142.11.206.73	High	Axios npm / Lazarus NukeSped RAT	C2 server IP, ASN 54290 (Hostwinds LLC, Seattle WA). Same /18 CIDR as confirmed Lazarus infrastructure. Block at perimeter.
SHA-256	5bb67e88846096f1f8d42a0f0350c9c46260591567612ff9af46f98d1b7571cd	High	Axios npm / Lazarus NukeSped RAT	axios-1.14.1.tgz — confirmed malicious tarball. Do not install.
SHA-256	59336a964f110c25c112bcc5adca7090296b54ab33fa95c0744b94f8a0d80c0f	High	Axios npm / Lazarus NukeSped RAT	axios-0.30.4.tgz — confirmed malicious tarball. Do not install.
SHA-256	92ff08773995ebc8d55ec4b8e1a225d0d1e51efa4ef88b8849d0071230c9645a	High	Axios npm / Lazarus NukeSped RAT	macOS RAT binary (com.apple.act.mond) — NukeSped family. Masquerades as Apple system process.
SHA-256	617b67a8e1210e4fc87c92d1d1da45a2f311c08d26e89b12307cf583c900d101	High	Axios npm / Lazarus NukeSped RAT	Windows PowerShell Stage 2 RAT payload.
SHA-256	e10b1fa84f1d6481625f741b69892780140d4e0e7769e7491e5f4d894c2e0e09	High	Axios npm / Lazarus NukeSped RAT	SHA-256 of setup.js dropper (self-deleting postinstall hook) in plain-crypto-js package.
SHA-256	58401c195fe0a6204b42f5f90995ece5fab74ce7c69c67a24c61a057325af668	High	Axios npm / Lazarus NukeSped RAT	plain-crypto-js-4.2.1.tgz — malicious npm tarball used as RAT dropper.
Package	plain-crypto-js (any version)	High	Axios npm / Lazarus NukeSped RAT (also UNC1069 / SCC-CAM-2026-0149)	Malicious npm dependency introduced by trojanized Axios versions. Presence in node_modules or lock files is a high-confidence compromise indicator.
Package	@anthropic-ai/claude-code v2.1.88	High	Claude Code / Anthropic Source Map Exposure	Contains inadvertently embedded TypeScript source maps. No RAT. IP/security posture risk, not active malware.
URL (GitHub)	https://github.com/aquasecurity/trivy/releases/tag/v0.69.4	High	TeamPCP / Trivy Supply Chain	Confirmed malicious Trivy release. Do not use. Pin workflows to verified SHA instead.
URL (npm)	https://registry.npmjs.org/axios/-/axios-1.14.1.tgz	High	Axios npm / Lazarus NukeSped RAT	Reference URL for SCA rule creation. Do not install.
URL (npm)	https://registry.npmjs.org/axios/-/axios-0.30.4.tgz	High	Axios npm / Lazarus NukeSped RAT	Reference URL for SCA rule creation. Do not install.
Domain	files.fm	Medium	UAC-0255 / AGEWHEEZE RAT	Cloud hosting platform used for AGEWHEEZE payload delivery. Flag downloads from this service in email and proxy logs in Ukrainian-sector-adjacent environments.
Domain	ukr.net	Medium	UAC-0255 / CERT-UA Impersonation	Email platform used to distribute CERT-UA impersonation phishing. Flag emails from this domain claiming CERT-UA display names.
GitHub Account	github.com/idbzoomh	Medium	Vidar Infostealer / SEO-Poisoned Repos	GitHub account identified by Zscaler as hosting malicious repositories impersonating Claude Code leaked source. Check git clone logs for this account origin.
Hostname	prod-strapi	High	Strapi Plugin Impersonation / npm Supply Chain	Hard-coded target hostname found in malicious Strapi plugin payloads. Any internal infrastructure matching this hostname warrants immediate investigation for compromise.
Behavioral (Process)	LockAppHost.exe with outbound network connections or child processes	Medium	DeepLoad Multi-Stage Loader	Legitimate Windows process targeted for APC injection. Any network activity or child process spawning from LockAppHost.exe is anomalous.
Behavioral (WMI)	Unauthorized WMI event subscriptions in root\subscription namespace	High	DeepLoad Multi-Stage Loader	DeepLoad uses WMI subscriptions for autonomous reinfection ~72 hours post-remediation. Audit __EventFilter, __EventConsumer, __FilterToConsumerBinding at recovery intervals.
Behavioral (LOLBin)	mshta.exe spawned by unexpected parent process	Medium	DeepLoad Multi-Stage Loader / ClickFix campaigns	mshta.exe leveraged as living-off-the-land binary in DeepLoad execution chain. Alert on non-administrative parent processes.
Behavioral (Entra ID)	SigninLogs: AuthenticationProtocol == ‘deviceCode’ from standard user workstations	High	Device Code Phishing / EvilTokens PhaaS	Device code authentication from non-headless-device users is the primary behavioral IOC for this campaign. No static network IOCs confirmed.
Behavioral (PowerShell)	PowerShell spawned as child of browser process (chrome.exe, msedge.exe, firefox.exe)	High	ClickFix campaigns (Venom Stealer, DeepLoad, UNC1069)	Core ClickFix execution indicator. High-fidelity detection rule: ParentImage contains browser executable AND ChildImage = powershell.exe or cmd.exe.
Domain (historical, offline)	happy-blog[.]su (defanged)	Low	REvil Attribution (SCC-TAC-2026-0004)	Historical REvil double-extortion leak site. Confirmed offline since 2021 law enforcement disruption. Reference only — do not use for active blocking.

Note on unconfirmed IOCs: Several items this week (TeamPCP C2 infrastructure, Venom Stealer domains, NoVoice/Android rootkit package names) lack confirmed primary-source IOC data. Behavioral detection is the appropriate posture for these campaigns until authoritative indicators are published by vendors or CISA. Do not populate operational blocklists from unverified secondary-source claims.

Helpful 5: High-Value Low-Effort Mitigations

1. Pin All GitHub Actions Workflow References to Commit SHAs

Why: The TeamPCP campaign demonstrated this week that mutable version tags in GitHub Actions allow supply chain substitution without consumer awareness. At least three widely-used security scanning Actions (Trivy, KICS, setup-trivy) were compromised via this mechanism, resulting in confirmed AWS credential theft and source code exfiltration from the European Commission and Cisco.

How:

1. Audit all .github/workflows/*.yml files in your repositories for Action references using mutable tags (e.g., uses: aquasecurity/trivy-action@v0.x.x).
2. Replace each mutable tag with the specific verified commit SHA of a known-clean release (e.g., uses: aquasecurity/trivy-action@sha256:abcdef…).
3. Implement a policy enforcement gate (OPA policy or GitHub required workflow) that rejects PR merges containing mutable Action tag references.
4. Consider adopting StepSecurity Harden-Runner for runtime monitoring of GitHub Actions execution context.

Framework alignment: NIST CSF GV.SC-01 (Supply Chain Risk Management), NIST 800-53 SR-3, SR-4; CIS v8 Controls 2.5 (Allowlist Authorized Software), 2.6 (Allowlist Authorized Libraries), 15.1 (Service Provider Inventory).

2. Block Device Code Authentication Flow in Entra ID Conditional Access

Why: Device code phishing volume increased 37x this week. This attack bypasses MFA entirely by abusing a legitimate OAuth 2.0 flow, making it invisible to most identity threat detection tools that focus on credential-based anomalies. The control is a single Conditional Access policy that requires no new tooling and prevents token theft at the authentication layer.

How:

1. In Microsoft Entra ID admin portal, navigate to Security > Conditional Access > Policies.
2. Create a new policy targeting All Users and All Cloud Apps.
3. Under Conditions > Authentication flows, select Device Code Flow and set the policy to Block.
4. Create exceptions only for confirmed headless device use cases (Azure CLI on headless servers, Teams Rooms devices) with documented business justification.
5. Enable the policy in report-only mode for 48 hours to identify legitimate device code users before enforcement.

Framework alignment: NIST 800-53 IA-2, IA-5, AC-17; CIS v8 Controls 6.3 (MFA for External Apps), 6.4 (MFA for Remote Access), 6.5 (MFA for Administrative Access); NIST CSF PR.AC-1.

3. Implement WMI Event Subscription Monitoring Baseline

Why: DeepLoad and multiple other malware families (including Empire, PowerSploit-derived toolkits) use WMI event subscriptions for fileless persistence. Because this persistence mechanism doesn’t use registry run keys, startup folders, or scheduled tasks, it evades many standard persistence detection rules. DeepLoad specifically uses a 72-hour delayed reinfection trigger designed to outlast incident response timelines.

How:

1. On all Windows endpoints, run: Get-WMIObject -Namespace root\subscription -Class __EventFilter to establish a baseline of authorized subscriptions.
2. Document all legitimate WMI subscriptions in your environment (antivirus, monitoring tools, management agents) and create a known-good allowlist.
3. Deploy a SIEM/EDR rule that alerts on any new or modified __EventFilter, __EventConsumer, or __FilterToConsumerBinding object in the root\subscription namespace not matching the authorized baseline.
4. For Sysmon environments, Event ID 19, 20, and 21 capture WMI activity and should be included in SIEM ingestion.
5. Include WMI subscription audit in all incident response close-out checklists — do not declare recovery without verifying the WMI baseline is clean at 96 hours post-remediation.

Framework alignment: NIST 800-53 SI-4 (System Monitoring), CA-7 (Continuous Monitoring), CM-3 (Configuration Change Control); CIS v8 Controls 8.2 (Audit Log Collection), 10.1 (Deploy Anti-Malware Software); MITRE ATT&CK T1546.003.

4. Enforce MFA on All Okta Accounts and Revoke Unused OAuth Application Grants

Why: ShinyHunters breached Zendesk instances at multiple organizations this week by exploiting Okta SSO credentials. The attack used valid stolen credentials with no malware and no exploit — making it invisible to endpoint detection. Two additional control failures were observed: excessive OAuth application permissions granted to third-party applications, and insufficient detection coverage for bulk data operations in downstream SaaS platforms.

How:

1. In the Okta Admin Console, verify that the Sign On Policy for every application enforces MFA, including for applications accessed via SSO federation. Applications that inherit SSO authentication without an additional Okta MFA challenge are exposed.
2. Navigate to Okta Admin > Applications and audit OAuth application consent grants: revoke any third-party application grant that is not actively used or cannot be attributed to a known business integration.
3. Enable Okta ThreatInsight and review System Log for: user.session.start with MFA skipped, app.oauth2.token.grant to applications not in your approved inventory, and impossible travel alerts on Zendesk or other SaaS-connected applications.
4. For Zendesk specifically: in Zendesk Admin Center > Security, restrict bulk export functionality to authorized roles only and enable audit log alerting for mass ticket access events.

Framework alignment: NIST 800-53 IA-2, IA-5, AC-2, AC-6; CIS v8 Controls 6.3, 6.5; SOC 2 TSC CC6.1, CC9.2; NIST CSF PR.AC-1, PR.AC-6.

5. Run Secrets Scanning Across All Repositories and Rotate All Findings Immediately

Why: GitGuardian reported 29 million new hardcoded credentials in public repositories in 2025, with 64% remaining valid long-term. This week’s TeamPCP campaign succeeded in part because CI/CD pipeline environments stored cloud credentials in accessible environment variables. The LiteLLM and Trivy compromises demonstrated that credentials accessible to any compromised toolchain component are effectively exposed. Internal repositories have 6x higher secrets exposure rates than public repos.

How:

1. Run TruffleHog (https://github.com/trufflesecurity/trufflehog) or Gitleaks across all repositories, including git history (not just current HEAD): trufflehog git –repo /path/to/repo –since-commit HEAD~100.
2. For GitHub-hosted repositories, enable GitHub Advanced Security Secret Scanning and review all existing alerts, prioritizing high-entropy tokens and cloud provider API key patterns.
3. For every confirmed finding: rotate the credential immediately (do not simply remove the code and commit), confirm the credential is no longer valid at the provider, and audit the provider’s access logs for unauthorized use since the exposure date.
4. Implement pre-commit hooks using detect-secrets or git-secrets to block future commits containing credential patterns before they reach the remote repository.
5. Add AI service API keys (OpenAI, Anthropic, Supabase, LiteLLM) to your secrets scanning pattern library — these are explicitly targeted by adversaries and are commonly missed by default pattern sets.

Framework alignment: NIST 800-53 IA-5 (Authenticator Management), CM-3 (Configuration Change Control), SA-9 (External System Services); CIS v8 Controls 5.2 (Unique Passwords), 16.10 (Secure Design Principles); NIST CSF PR.AC-1, PR.DS-1; ISO/IEC 27001:2022 A.8.28 (Secure Coding).

Framework Alignment Matrix

Threat / Campaign	MITRE Tactic	MITRE Technique(s)	NIST 800-53 Rev 5	CIS v8
Lazarus / Axios npm RAT	Initial Access, Execution, C2	T1195.002, T1059.007, T1071.001, T1219, T1547.001	SR-3, SR-4, SI-7, CM-7, CA-7	2.5, 2.6, 15.1
TeamPCP / Trivy / KICS / LiteLLM	Initial Access, Credential Access, Exfiltration	T1195.001, T1552.001, T1552.004, T1528, T1567.002	SR-2, SR-3, SI-7, SA-9, AC-6	2.5, 2.6, 6.3, 15.1
Device Code Phishing (37x Surge)	Initial Access, Credential Access, Defense Evasion	T1566.002, T1528, T1550.001, T1111, T1078.004	IA-2, IA-5, AC-17, CA-7, AT-2	6.3, 6.4, 6.5, 14.2
Mass Entra ID / Intune Device Wipe	Impact, Defense Evasion, Collection	T1485, T1078.004, T1078, T1530, T1190	AC-2, AC-6, IA-2, IA-5, CP-9, CP-10, SC-7	5.4, 6.1, 6.2, 6.3, 8.2
ShinyHunters / Okta SSO / Zendesk	Defense Evasion, Collection, Exfiltration	T1078, T1078.004, T1550.001, T1530, T1213, T1114.003	IA-2, IA-5, AC-2, AC-6, CA-7, SI-4	6.3, 6.5
Iran-Aligned Hacktivist DDoS / Defacement	Impact, Initial Access, Reconnaissance	T1498, T1499, T1491.002, T1566, T1589	SC-5, SC-7, CA-7, SI-3, SI-4, AT-2	12.1, 13.1, 14.2
Strapi npm Plugin Impersonation	Initial Access, Execution, Persistence, Privilege Escalation	T1195.001, T1059.007, T1059.004, T1611, T1053.003, T1505.003	SR-3, SI-7, CM-7, AC-3, AC-6	2.5, 2.6, 5.4, 6.8
DeepLoad / ClickFix / WMI Persistence	Execution, Persistence, Defense Evasion, Credential Access	T1546.003, T1218.005, T1055.004, T1059.001, T1555.003, T1539	SI-3, SI-4, CM-7, AT-2, CA-7	2.5, 5.2, 8.2, 14.2
Cisco IMC Auth Bypass (CVSS 9.8)	Persistence, Defense Evasion	T1078, T1133, T1542.001	IA-2, IA-5, AC-17, SC-7, SI-2	6.3, 6.4, 6.5, 7.3, 7.4
Chrome Zero-Day (Active Exploitation)	Initial Access, Execution	T1189, T1203	SI-2, SI-3, SI-4, SC-7	7.3, 7.4
Qilin Ransomware / Die Linke	Initial Access, Lateral Movement, Impact	T1566, T1021, T1486, T1074, T1041, T1078	AC-2, AC-6, IA-2, IA-5, CP-9, CP-10, CA-7	5.2, 6.1, 6.2, 6.3
Secrets Sprawl (29M hardcoded credentials)	Credential Access, Collection	T1552.001, T1552.004, T1552.007, T1213.003	IA-5, CM-3, SA-9, SR-3	5.2, 16.10
UAC-0255 / CERT-UA Impersonation / AGEWHEEZE	Initial Access, Execution, Persistence	T1566.001, T1036.005, T1053.005, T1547.001, T1219, T1113	SI-3, SI-4, CA-7, AT-2, SI-8	2.5, 14.2
LinkedIn Browser Fingerprinting	Reconnaissance	T1592, T1592.004, T1589, T1589.003	SC-7, AC-3, SC-28	8.2
Residential Proxy Evasion (78% IP Reputation Bypass)	Credential Access, Reconnaissance	T1110.004, T1110.003, T1090.002, T1595.002	IA-2, IA-5, AC-7, SC-7, SI-4	6.3

Upcoming Security Events & Deadlines

Patch Tuesday

• Next Patch Tuesday: April 8, 2026 (second Tuesday of the month). Expect Microsoft security updates across Windows, Office, Azure, and Edge. Given the active Entra ID/Intune campaign and Chrome zero-day this week, monitor the April release for any identity infrastructure or browser updates.

CISA KEV Remediation Deadlines (30-Day Window)

• Verify current KEV additions and deadlines directly at https://www.cisa.gov/known-exploited-vulnerabilities-catalog. Several vulnerabilities from this briefing (Chrome zero-day, Cisco IMC, Cisco SD-WAN) are candidates for KEV addition; federal agencies must remediate within 3 weeks of KEV listing under BOD 22-01. Private sector organizations should treat KEV-listed vulnerabilities as priority remediation items regardless of federal mandate.
• Note: The claimed “CISA Emergency Directive 26-34 on AI Video Surveillance” (SCC-STY-2026-0047) was flagged as unverified by the SCC pipeline. Verify any claimed emergency directive at https://www.cisa.gov/emergency-directives before treating as a compliance obligation.

Vendor EOL and Advisory Deadlines

• Cisco Firewall / SD-WAN Patch Cycle: Cisco published 9 advisories this week including actively exploited SD-WAN components. There is no announced EOL date in current data, but delay in patching actively exploited SD-WAN vulnerabilities carries immediate risk. Verify affected version strings and fixed releases at https://sec.cloudapps.cisco.com/security/center/publicationListing.x.
• Axios npm — Malicious Version Blocking: Ensure internal artifact proxies block axios v1.14.1 and v0.30.4 immediately. There is no expiration on this requirement — the malicious versions remain on npm until explicitly deprecated or blocked.
• iOS / iPadOS 18 Backport Patch: No Apple-imposed deadline. Given active exploitation by DarkSword, treat as P1 deployment within your MDM SLA. Monitor https://support.apple.com/en-us/111900 (Apple security releases page) for update confirmation.

Compliance and Regulatory Deadlines

• UK GDPR / ICO — Lloyds Banking Group incident: Organizations that use Lloyds, Halifax, or Bank of Scotland banking apps and were within the scope of the mobile app data exposure (approximately 447,000 customers) should verify breach notification obligations under UK GDPR Article 33 (72-hour notification to ICO). This deadline would have triggered at time of discovery, not this briefing date.
• HIPAA — CareCloud EHR breach: Organizations using CareCloud EHR or revenue cycle management products should verify with their CareCloud account representative whether their tenant was in the affected environment. HIPAA breach notification obligations (45 CFR Part 164 Subpart D) apply within 60 days of discovery for breaches affecting 500+ individuals.
• SEC 8-K Disclosure — Hasbro: Hasbro has filed SEC disclosures related to its cybersecurity incident. Organizations with material third-party dependencies should evaluate their own SEC disclosure obligations if Hasbro represents a material vendor relationship. Monitor SEC EDGAR for updated Hasbro filings.

Security Conference Dates

• RSA Conference 2026: Verify current dates and location at rsaconference.com — typically held in late April/early May in San Francisco.
• Law-Tech Connect 2026: Covered in this week’s governance items (SCC-GOV-2026-0009) for drone, AI, and Counter-UAS policy developments. Verify current schedule at the organizing body’s official channel.

Sources

Section 1 — Executive Summary & Section 2 — Critical Action Items

• Datadog Security Labs — LiteLLM / TeamPCP Campaign: https://securitylabs.datadoghq.com/articles/litellm-compromised-pypi-teampcp-supply-chain-campaign/
• Aqua Security — Trivy Incident Discussion: https://github.com/aquasecurity/trivy/discussions/10425
• CISA — Known Exploited Vulnerabilities Catalog: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
• Google Chrome Releases Blog: https://chromereleases.googleblog.com
• Cisco Security Advisory Portal: https://sec.cloudapps.cisco.com/security/center/publicationListing.x
• Cisco Advisory cisco-sa-cimc-auth-bypass-AgG2BxTn: https://sec.cloudapps.cisco.com (verify at source)
• Microsoft Security Blog (Axios / UNC1069): https://www.microsoft.com/en-us/security/blog/ (April 1, 2026)
• SafeDep — Malicious Strapi npm Campaign: https://safedep.io/malicious-npm-strapi-plugin-events-c2-agent
• CISA — Alert 2026-03-18 (Entra ID / Intune Wipe Campaign): https://www.cisa.gov

Section 3 — Key Security Stories

• Wiz — TeamPCP Supply Chain: https://www.wiz.io/blog/trivy-compromised-teampcp-supply-chain-attack
• StepSecurity — Trivy v0.69.4 Malicious Release: https://www.stepsecurity.io/blog/trivy-compromised-a-second-time—malicious-v0-69-4-release
• Unit 42 — Iranian Cyberattacks 2026: https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/
• BKA — Daniil Shchukin Wanted Notice: https://www.bka.de/DE/IhreSicherheit/Fahndungen/Personen/BekanntePersonen/CC_BW/DMS/Sachverhalt.html
• CCCS — Iranian Cyber Threat Bulletin (February 2026): https://www.cyber.gc.ca/en/guidance/cyber-threat-bulletin-iranian-cyber-threat-response-usisrael-strikes-february-2026
• Apple Support — iOS/iPadOS Security Content: https://support.apple.com/en-us/111900
• BleepingComputer — Claude Code Leak / Vidar Infostealer: https://www.bleepingcomputer.com/news/security/claude-code-leak-used-to-push-infostealer-malware-on-github/
• Zscaler — Vidar / idbzoomh GitHub Campaign: https://www.zscaler.com/blogs/security-research (verify current report URL at source)
• SEC EDGAR — Hasbro 8-K Filings: https://www.sec.gov/cgi-bin/browse-edgar?action=getcompany&company=hasbro&type=8-K

Section 4 — CISA KEV & Critical CVE Table

• CISA KEV: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
• NIST National Vulnerability Database: https://nvd.nist.gov
• FIRST EPSS Scoring: https://www.first.org/epss
• Google Chrome Releases: https://chromereleases.googleblog.com
• Cisco Security Advisories: https://sec.cloudapps.cisco.com

Section 5 — Supply Chain & Developer Tool Threats

• Datadog Security Labs — LiteLLM: https://securitylabs.datadoghq.com/articles/litellm-compromised-pypi-teampcp-supply-chain-campaign/
• SafeDep — Strapi npm: https://safedep.io/malicious-npm-strapi-plugin-events-c2-agent
• Aqua Security — Trivy: https://github.com/aquasecurity/trivy/discussions/10425
• LiteLLM GitHub: https://github.com/BerriAI/litellm
• Checkmarx KICS GitHub: https://github.com/Checkmarx/kics
• Unit 42 — Google Vertex AI: https://unit42.paloaltonetworks.com (verify current report URL at source)
• Blackpoint Cyber — RoadK1ll (verify current report URL at source)
• TruffleHog (secrets scanning): https://github.com/trufflesecurity/trufflehog
• SLSA Framework: https://slsa.dev
• NIST SSDF (SP 800-218): https://csrc.nist.gov/publications/detail/sp/800-218

Section 6 — Nation-State & APT Activity

• CISA — Iran APT Threat Overview: https://www.cisa.gov/topics/cyber-threats-and-advisories/advanced-persistent-threats/iran
• CCCS — Iranian Cyber Threat Bulletin: https://www.cyber.gc.ca/en/guidance/cyber-threat-bulletin-iranian-cyber-threat-response-usisrael-strikes-february-2026
• Unit 42 — Iranian Cyberattacks 2026: https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/
• BKA — Daniil Shchukin: https://www.bka.de/DE/IhreSicherheit/Fahndungen/Personen/BekanntePersonen/CC_BW/DMS/Sachverhalt.html
• MITRE ATT&CK — Lazarus Group: https://attack.mitre.org/groups/G0032/
• MITRE ATT&CK — Axiom (China): https://attack.mitre.org/groups/G0001/

Section 7 — Phishing & Social Engineering

• Apple — macOS Tahoe 26.4 Security Features: https://support.apple.com (verify current release notes)
• CERT-UA Official Domain Reference: https://cert.gov.ua
• BleepingComputer — Venom Stealer MaaS: https://www.bleepingcomputer.com (verify current report URL at source)
• Blackpoint Cyber — DeepLoad: https://blackpointcyber.com/resources/blog/ (verify current report URL at source)

Section 8 — IOCs

• SafeDep Report (Strapi/npm): https://safedep.io/malicious-npm-strapi-plugin-events-c2-agent
• Microsoft Security Blog (Axios/UNC1069): https://www.microsoft.com/en-us/security/blog/
• Zscaler (Vidar/GitHub): https://www.zscaler.com/blogs/security-research
• MITRE ATT&CK CTI Repository: https://github.com/mitre/cti

Section 9 — Helpful 5

• NIST SP 800-53 Rev 5: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r5.pdf
• NIST SP 800-161 Rev 1 (C-SCRM): https://csrc.nist.gov/publications/detail/sp/800-161/rev-1
• CIS Controls v8: https://www.cisecurity.org/controls/v8
• Microsoft Entra ID — Conditional Access: https://learn.microsoft.com/en-us/entra/identity/conditional-access/overview
• TruffleHog: https://github.com/trufflesecurity/trufflehog
• StepSecurity Harden-Runner: https://www.stepsecurity.io
• GitHub Sigstore / Cosign: https://docs.sigstore.dev

Section 10 — Framework Alignment Matrix

• MITRE ATT&CK Enterprise: https://attack.mitre.org/matrices/enterprise/
• MITRE ATT&CK for Mobile: https://attack.mitre.org/matrices/mobile/
• NIST SP 800-53 Rev 5: https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final
• CIS Controls v8: https://www.cisecurity.org/controls/v8
• NIST CSF 2.0: https://www.nist.gov/cyberframework

Section 11 — Upcoming Events & Deadlines

• CISA Emergency Directives: https://www.cisa.gov/emergency-directives
• CISA KEV Catalog: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
• Apple Security Releases: https://support.apple.com/en-us/111900
• SEC EDGAR: https://www.sec.gov/cgi-bin/browse-edgar
• ICO (UK GDPR Breach Notification): https://ico.org.uk/for-organisations/report-a-breach/
• RSA Conference: https://www.rsaconference.com
• Microsoft Security Update Guide: https://msrc.microsoft.com/update-guide

This briefing was produced by the Tech Jacks Solutions Security Command Center for the week of 2026-04-06. All IOC data should be validated against primary sources before operational use. Source URLs were verified as of the configuration date (2026-03-04); verify current resolution status before acting on any URL.