The Good, the Bad and the Ugly in Cybersecurity – Week 14

This week's threat landscape highlights critical supply chain compromises and active zero-day exploitation. Attackers targeted popular software libraries, injecting malicious code into LiteLLM via PyPi and Axios via npm to deploy data stealers and cross-platform Remote Access Trojans (RATs). The Axios compromise, linked to North Korean group UNC1069, utilized stolen credentials to bypass CI/CD safeguards, affecting Windows, macOS, and Linux systems. Simultaneously, Google Chrome users face active exploitation of CVE-2026-5281, a high-severity use-after-free vulnerability in the Dawn component allowing remote code execution. These incidents underscore the risk of ungoverned AI agents and dependency chains. Immediate mitigation includes downgrading Axios to safe versions, rotating credentials, applying Chrome patches, and employing autonomous, behavior-based endpoint detection to counter fast-moving attacks that evade traditional signature-based defenses.

SentinelOne stops LiteLLM supply chain attack in real time, attackers weaponize Axios to deploy RAT, and Chrome zero-day enables RCE.

This week's threat landscape highlights critical supply chain compromises and active zero-day exploitation. Attackers targeted popular software libraries, injecting malicious code into LiteLLM via PyPi and Axios via npm to deploy data stealers and cross-platform Remote Access Trojans (RATs). The Axios compromise, linked to North Korean group UNC1069, utilized stolen credentials to bypass CI/CD safeguards, affecting Windows, macOS, and Linux systems. Simultaneously, Google Chrome users face active exploitation of CVE-2026-5281, a high-severity use-after-free vulnerability in the Dawn component allowing remote code execution. These incidents underscore the risk of ungoverned AI agents and dependency chains. Immediate mitigation includes downgrading Axios to safe versions, rotating credentials, applying Chrome patches, and employing autonomous, behavior-based endpoint detection to counter fast-moving attacks that evade traditional signature-based defenses. SentinelOne stops LiteLLM supply chain attack in real time, attackers weaponize Axios to deploy RAT, and Chrome zero-day enables RCE. The Good | SentinelOne AI EDR Stops LiteLLM Supply Chain Attack in Real Time This week, SentinelOne demonstrated how autonomous, AI-driven endpoint protection can detect and stop sophisticated supply chain attacks in real time, without human intervention . On the same day the attack was launched, Singularity Platform identified and blocked a trojanized version of LiteLLM, an increasingly popular proxy for LLM API calls, before it could execute across multiple customer environments. The compromise had occurred only hours earlier, yet the platform prevented execution instantly, without requiring analyst input, signatures, or manual triage. Catching the Payload in the Act The attack itself followed a multi-stage, fast-moving, pattern that is designed to evade traditional detection and manual workflows. Originating from a compromised security tool, attackers obtained PyPi credentials to publish malicious LiteLLM versions that deployed a cross-platform payload. In one case, SentinelOne observed an AI coding assistant with unrestricted permissions unknowingly installing the infected package, highlighting a new and largely ungoverned attack surface. Once triggered, the malware attempted to execute obfuscated Python code, deploy a data stealer, establish persistence, move laterally into Kubernetes clusters, and exfiltrate encrypted data. SentinelOne’s behavioral AI detected the malicious activity at runtime, specifically identifying suspicious execution patterns like base64-decoded payloads, and terminated the process chain in under 44 seconds while preserving full forensic visibility. Critically, detection did not depend on knowing the compromised package. Instead, it relied on observing behavior across processes, allowing the platform to stop the attack regardless of how it entered the environment – whether via a developer, CI/CD pipeline, or autonomous agent. This incident underscores a growing trend: AI-driven attacks are operating at speeds that outpace human response. Effective defense now requires autonomous, behavior-based systems capable of acting instantly, closing the gap between detection and compromise before damage can occur. The Bad | Attackers Compromise Axios to Deliver Cross-Platform RAT via Compromised npm For JavaScript HTTP client Axios, a major supply chain attack compromised its systems after malicious versions of an npm package introduced a hidden dependency that deploys a cross-platform remote access trojan (RAT) . Specifically, Axios versions 1.14.1 and 0.30.4 were found to include a rogue package called “[email protected],” inserted using stolen npm credentials that belonged to a core maintainer. This allowed attackers to bypass normal CI/CD safeguards and publish poisoned releases directly to npm. Source: Socket The malicious dependency exists solely to execute a post-install script that downloads and runs platform-specific malware on macOS, Windows, and Linux systems. Once executed, the malware connects to a command and control (C2) server, retrieves a second-stage payload, and then deletes itself while restoring clean-looking package files to evade detection. Notably, no malicious code exists within Axios itself, making the attack harder to detect through traditional code review . The operation was highly coordinated, with staged payloads prepared in advance and both affected Axios branches compromised within minutes. Each platform-specific variant – C++ for macOS, PowerShell for Windows, and Python for Linux – shares the same functionality, enabling system reconnaissance , command execution, and data exfiltration. While macOS and Linux variants lack persistence, the Windows version establishes ongoing access via registry modifications. Researchers believe the attacker leveraged a long-lived npm access token to gain control of the maintainer account . There are also indications linking the malware...