In March 2026, researchers identified significant supply chain compromises involving widely used development tools. The axios npm package suffered an account takeover, leading to the distribution of malicious versions containing a remote access trojan (RAT) dropper targeting macOS, Windows, and Linux. Similarly, the threat group TeamPCP targeted the Python Package Index (PyPI) by compromising the LiteLLM project through its CI/CD pipeline, highlighting a growing trend of attackers exploiting maintainer credentials to inject malicious dependencies.
Beyond supply chain attacks, there has been a notable surge in Microsoft Teams phishing paired with email bombing. Attackers flood a victim's inbox to create a sense of urgency, then pose as IT support via Teams to guide users into installing remote monitoring and management (RMM) tools like Quick Assist. These intrusions often lead to the deployment of Havoc C2 and potential ransomware, emphasizing the need for strict external access policies in collaboration platforms and monitoring of the ProgramData directory for unauthorized binary execution.
Top comments (0)