Cyber Threat Intelligence Report

This week, we briefed our clients on recent supply chain attacks to raise awareness and help organizations identify whether they have been attacked.

 KEY TAKEAWAYS 

• Software supply chain attacks are here to stay. Learn about the latest compromises and how you can protect your organization.

• Critical and high severity vulnerabilities in Cisco, Fortinet, and Progress, plus updates to CISA KEV, patch now!

The New Normal: Supply Chain Compromise

Software supply chain attacks are rapidly becoming one of the biggest cybersecurity threats of 2026. What was once a rare occurrence (think Solarwinds) is now almost a weekly story. In the most recent attacks, threat actors have leveraged these compromises to deploy infostealer malware, steal additional tokens and secrets to enable further attacks, and deploy additional malware such as remote access trojans (RATs). This article will review these recent attacks in an effort to spread awareness so organizations can identify if they have been impacted, and help protect against future attacks. 

Axios Supply Chain Attack

On March 30, the popular HTTP client known as Axios was compromised. Two versions of the npm package, version 1.14.1 and 0.30.4, were found to inject a fake dependency: "plain-crypto-js" version 4.2.1. This fake dependency was used to execute a postinstall script that effectively acts as a RAT dropper which targeted Windows, Linux, and MacOS. Any user who installed these versions of Axios should assume compromise, and ensure they rotate secrets and credentials immediately, as well as downgrade to a safe version of the library, such as 1.14.0 or 0.30.3.

The Axios library averages 83 million weekly downloads and is present in approximately 80% of cloud and code environments, creating a massive potential blast radius for this attack. The attack is attributed to North Korea, with Microsoft linking the attack to Sapphire Sleet (APT38, Stardust Cholima) and Google Threat Intelligence linking the attack to UNC1069.

Details of how the compromise happened have recently emerged. The lead Axios maintainer, @jasonsaayman, was targeted by a sophisticated social engineering attack. The threat actor cloned the identity of a legitimate, well-known company founder and created a fake Slack workspace imitating a corporate CI/CD environment. Saayman was then invited to a Microsoft Teams meeting under the guise of a collaboration opportunity, which triggered a fabricated "system error" message, prompting him to download a RAT disguised as a fix for the fake problem. This RAT enabled the threat actors to steal session cookies from his browser, bypassing MFA protections. This chain of events resulted in the threat actor's ability to compromise the npm registry trust model without arising any suspicion.

The recent Axios CTI report from Google includes several steps organizations can take to secure their environment from this threat:

• Pin Axios to a known safe version in package-lock.json to prevent accidental upgrades.
• Inspect project lockfiles specifically for the 'plain-crypto-js' package (versions 4.2.0 or 4.2.1).
• Slow down - pause CI/CD pipeline deployments for any package relying on Axios. Validate that builds are not pulling "latest" versions before deploying with pinned, safe versions.
• If 'plain-crypto-js' is detected in the environment, assume the host environment is compromised, revert the environment to a known-good state, and rotate all credentials or secrets present on that machine.
• Block all network traffic to/from sfrclak[.]com and the C2 IP address: 142.11.206[.]73.
  • http.host:(sfrclak.com) OR \*.ip:(142.11.206.73)
• Ensure EDR solutions are deployed even in developer environments.

Isolate developer environments in containers or sandboxes to restrict host filesystem access. Migrate plaintext secrets to the OS keychain using aws-vault. This will ensure malicious packages cannot programmatically scrape credentials or execute malicious scripts directly on the host machine. 

Other Notable Supply Chain Attacks

• Threat actors known as TeamPCP compromised the Trivy vulnerability scanner. Trivy, which is used to identify vulnerabilities, misconfigurations, and exposed secrets across containers, Kubernetes environments, code repositories, and cloud infrastructure, is widely popular among developers and security teams. TeamPCP was able to compromise Trivy version 0.69.4 with credential-stealing malware. The malicious code targeted a variety of secrets, including SSH keys, cloud configs, environment files, database credentials, CI/CD configurations, VPN Configurations, system files, and more. Aqua Security, the maintainers of Trivy, confirmed that this compromise was the result of a previous compromise that was not fully remediated. A list of Trivy components, their affected versions, and their exposure windows can be found here. Per the advisory, any host running a compromised version should treat all pipeline secrets as compromised and rotate them immediately. It is also highly recommended to block the infostealer C2 infrastructure at the perimeter firewall: scan[.]aquasecurtiy[.]org and 45.148.10[.]212.
  • http.host:(scan.aquasecurtiy.org) OR \*.ip:(45.148.10.212)
• TeamPCP also compromised the LiteLLM python library. The group successfully infected LiteLLM versions 1.82.7 and 1.82.8 with infostealer malware. LiteLLM is a popular Python library that acts as a gateway to multiple large language models via a single API, and averages 3.4 million downloads a day. The infostealer malware is similar to what was observed in the Trivy compromise, and it targets similar host secrets. Any host that installed these versions of LiteLLM should be treated as compromised, and all secrets on the host should be rotated. It is also strongly recommended to block the C2 domains at the external firewall: models.litellm[.]cloud and checkmarx[.]zone.
  • http.host(checkmarx.zone OR models.litellm.cloud)

Conclusion

Software supply chain attacks are here to stay. The secrets harvested from one supply chain attack feed the next attack, and on it goes. Organizations and developers can no longer trust "legitimate" software libraries and code dependencies. Steps must be taken to ensure development environments are isolated and credentials and secrets are secure. It is more important than ever for organizations to know what libraries and dependencies are running in the software on their systems (SBOMs). Automatically upgrading to the latest version of any software package now involves a large amount of risk. Developers and maintainers of code packages must also acknowledge that they are targets and take steps to protect themselves. In an age where everyone is vibe coding and developing applications at a breakneck pace, we need to slow down and ensure our software is being developed securely.

Resources

• https://cloud.google.com/blog/topics/threat-intelligence/north-korea-threat-actor-targets-axios-npm-package
  

• https://www.microsoft.com/en-us/security/blog/2026/04/01/mitigating-the-axios-npm-supply-chain-compromise/
  

• https://labs.cloudsecurityalliance.org/research/csa-research-note-unc1069-axios-npm-supply-chain-20260403-cs/
  

• https://www.wiz.io/blog/axios-npm-compromised-in-supply-chain-attack
  

• https://www.stepsecurity.io/blog/axios-compromised-on-npm-malicious-versions-drop-remote-access-trojan
  

• https://thehackernews.com/2026/03/axios-supply-chain-attack-pushes-cross.html
  

• https://www.bleepingcomputer.com/news/security/trivy-vulnerability-scanner-breach-pushed-infostealer-via-github-actions/

• https://github.com/aquasecurity/trivy/discussions/10425

• https://thehackernews.com/2026/03/trivy-hack-spreads-infostealer-via.html

• https://www.bleepingcomputer.com/news/security/popular-litellm-pypi-package-compromised-in-teampcp-supply-chain-attack/

• https://www.endorlabs.com/learn/teampcp-isnt-done

• https://www.cisa.gov/topics/cyber-threats-and-advisories/sbom/sbomresourceslibrary

Vulnerability Roundup

Critical Vulnerabilities in Cisco IMC and SSM

Cisco recently disclosed two critical vulnerabilities, one for their Integrated Management Controller (IMC), and the other for their Smart Software Manager On-Prem (SSM On-Prem). The first flaw, CVE-2026-20093, is a critical vulnerability in IMC due to its incorrect handling of password change requests. Per the Cisco advisory, a threat actor can exploit this vulnerability by simply sending a crafted HTTP request to a vulnerable device. Successful exploitation can allow an attacker to bypass authentication, alter passwords of any user on the system, and gain access to the system as that user. The following products are affected:

• 5000 Series Enterprise Network Compute Systems (ENCS) - Fixed in 4.15.5
• Catalyst 8300 Series Edge uCPE - Fixed in 4.18.3
• UCS C-Series M5 and M6 Rack Servers in standalone mode - Fixed in 4.3(2.260007), 4.3(6.260017), and 6.0(1.250174)
• UCS E-Series Servers M3 - Fixed in 3.2.17
• UCS E-Series Servers M6 - Fixed in 4.15.3

The second critical vulnerability Cisco disclosed is tracked as CVE-2026-20160, and affects Cisco SSM On-Prem. The flaw is a result of an unintentional exposure of an internal service, whereby the threat actor can achieve remote code execution with root privileges by sending a crafted request to the API of the exposed service. This issue was patched in Cisco SSM On-Prem version 9-202601. Administrators are urged to apply these fixes as soon as possible.

• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-auth-bypass-AgG2BxTn
  

• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssm-cli-execution-cHUcWuNr
  

• https://thehackernews.com/2026/04/cisco-patches-98-cvss-imc-and-ssm-flaws.html
  

• https://www.cvedetails.com/cve/CVE-2026-20093
  

• https://www.cvedetails.com/cve/CVE-2026-20160

Multiple Critical Vulnerabilities in Fortinet FortiClient EMS

A critical SQL injection vulnerability in Fortinet FortiClient Endpoint Management Server (EMS), tracked as CVE-2026-21643 and originally disclosed on February 6, has recently been observed being exploited in the wild. The issue affects FortiClient EMS 7.4.4 and is fixed in versions 7.4.5 and above.

Over the weekend, Fortinet released an out-of-band fix for a separate vulnerability in FortiClient EMS that is also being actively exploited. Tracked as CVE-2026-35616, Fortinet says this is an Improper Access Control vulnerability that may allow an unauthenticated attacker to execute unauthorized code or commands via crafted messages. The issue affects versions 7.4.5 through 7.4.6, and will be addressed in version 7.4.7. Administrators are urged to apply these fixes as soon as possible.

• https://fortiguard.fortinet.com/psirt/FG-IR-25-1142
  

• https://fortiguard.fortinet.com/psirt/FG-IR-26-099
  

• https://x.com/defusedcyber/status/2037912573274636781
  

• https://nvd.nist.gov/vuln/detail/CVE-2026-21643
  

• https://nvd.nist.gov/vuln/detail/CVE-2026-35616
  

• https://thehackernews.com/2026/04/fortinet-patches-actively-exploited-cve.html
  

• https://www.bleepingcomputer.com/news/security/critical-fortinet-forticlient-ems-flaw-now-exploited-in-attacks/  

Multiple Vulnerabilities in Progress ShareFile

Details of an authentication bypass flaw (CVE-2026-2699) and a remote execution flaw (CVE-2026-2701) were recently disclosed for Progress ShareFile, an enterprise file transfer solution. These vulnerabilities specifically reside in the Storage Zone Controller, which is a customer-managed gateway that allows companies to store files in their own storage on-prem while still using the ShareFile SaaS interface. By chaining these exploits together, threat actors can achieve unauthenticated file exfiltration. The vulnerabilities affect branch 5.x of Progress Sharefile and were patched in version 5.12.4, released on March 10. Due to the exploitation details released by security researchers at watchTowr last week, risk of exploitation has increased. Vulnerabilities in public-facing file transfer solutions are frequently targeted by ransomware groups. Administrators are urged to patch as soon as possible.

• https://docs.sharefile.com/en-us/storage-zones-controller/5-0/security-vulnerability-feb26.html
  

• https://www.bleepingcomputer.com/news/security/new-progress-sharefile-flaws-can-be-chained-in-pre-auth-rce-attacks/
  

• https://labs.watchtowr.com/youre-not-supposed-to-sharefile-with-everyone-progress-sharefile-pre-auth-rce-chain-cve-2026-2699-cve-2026-2701/ 

CISA KEV Additions

The following vulnerabilities were added to CISA's Known Exploited Vulnerabilities Catalog in the last 2 weeks:

• CVE-2026-3502 - TrueConf Client Download of Code Without Integrity Check Vulnerability
• CVE-2026-5281 - Google Dawn Use-After-Free Vulnerability
• CVE-2026-3055 - Citrix NetScaler Out-of-Bounds Read Vulnerability
• CVE-2025-53521 - F5 BIG-IP Stack-Based Buffer Overflow Vulnerability
• CVE-2026-33634 - Aquasecurity Trivy Embedded Malicious Code Vulnerability
• CVE-2026-33017 - Langflow Code Injection Vulnerability

This report is provided FREE to the cybersecurity community.

Visit our Cyber Threat Intelligence Blog for additional reports.

Subscribe to be notified of future Reports:

NOTE
We have enhanced our report with data from SOCRadar. You may need to register to view their threat intelligence content.

DISCLAIMER
Kindly be advised that the information contained in this article is presented with no final evaluation and should be considered raw data. The sole purpose of this information is to provide situational awareness based on the currently available knowledge. We recommend exercising caution and conducting further research as necessary before making any decisions based on this information.