Product
Axios Prototype Pollution Leads to Man-in-the-Middle Vulnerability
3 rules 7 TTPsAxios is vulnerable to a Prototype Pollution attack that can be escalated into a full Man-in-the-Middle (MITM) attack by injecting a malicious proxy configuration via `Object.prototype.proxy`, allowing attackers to intercept, read, and modify all HTTP traffic, including authentication credentials.
ESET APT Activity Report Q4 2025–Q1 2026 Highlights Various Threat Actor Campaigns
2 rules 3 TTPsESET's APT Activity Report for Q4 2025 and Q1 2026 highlights diverse campaigns by China, Iran, North Korea, and Russia-aligned threat actors, including espionage, supply chain compromise, and destructive attacks.
ClearFake, ACR Stealer, and GraphRunner Emerge as Significant Threats
2 rules 4 TTPs 2 IOCsThe Red Canary Intelligence Insights report for May 2026 highlights the rise of ClearFake, ACR Stealer, and GraphRunner, with ClearFake using JavaScript injection to deliver malware like ACR Stealer, and GraphRunner being abused for reconnaissance and data exfiltration via the Microsoft Graph API.
Supply Chain Compromises via Npm, PyPI Packages and Teams Phishing Campaigns
3 rules 3 TTPsThe April 2026 Red Canary Intelligence Insights highlights the axios npm compromise, TeamPCP's LiteLLM compromise via PyPI, and a surge in Microsoft Teams phishing, leading to RAT deployment, credential harvesting, ransomware deployment, or data theft.
Axios Prototype Pollution Vulnerability Leads to Request Hijacking and Data Exfiltration
2 rules 1 TTPAxios versions 0.19.0 through 1.13.6 are vulnerable to prototype pollution, allowing attackers to intercept and modify JSON responses, hijack HTTP requests, and exfiltrate sensitive data by polluting the Object.prototype with keys like `parseReviver` and `transport`.