Tag

Supply Chain Attack

3 briefs RSS

Axios npm Package Compromised via Social Engineering

North Korean threat actors (UNC1069) compromised the Axios npm package by socially engineering a maintainer with a fake Microsoft Teams update delivering a RAT, leading to the injection of a malicious dependency and a supply chain attack.

UNC1069 supply chain attack npm social engineering rat

2r 7t Apr 4, 2026

high threat

TrueConf Zero-Day Exploitation Leading to Arbitrary Code Execution

2 rules 3 TTPs 1 CVE 4 IOCs

Hackers exploited a zero-day vulnerability (CVE-2026-3502) in TrueConf conference servers to execute arbitrary files on connected endpoints, potentially deploying the Havoc C2 framework.

exploited TrueChaos trueconf zero-day cve-2026-3502 supply-chain attack

2r 3t 1c 4i Apr 2, 2026

critical threat

TeamPCP Backdoors Telnyx PyPI Package with Steganographic Malware

2 rules 5 TTPs

The TeamPCP threat actor compromised the Telnyx PyPI package, injecting credential-stealing malware hidden within WAV audio files to target Linux, macOS, and Windows systems.

TeamPCP supply chain attack pypi credential theft steganography

2r 5t Mar 28, 2026