The big story of the week is a new a supply chain breach, which appears to be unrelated past a major supply chain breach, this time for the Axios HTTP project.
Axios was created as an easy-to-use Javascript HTTP interface to node.js, offering a promise-based API instead of a basic callback API. (Promise-based programming allows for a simpler coding workflow, where the program can wait for a promise to be fulfilled, instead of the developer having to manage the state of every request manually.) Javascript has since provided a modern Fetch API that provides similar functionality, but Axios remains one of the most popular packages in the node.js NPM repository, with 100 millions weekly downloads.
The lead developer of Axios believes that he has been compromised due to a collaboration request – a common strategy for certain phishing targets: an IDE project such as VS Code can insert code that runs on the developer’s system when the project is run. Even without a traditional IDE, common development tools such as debug scripts and makefiles can easily execute commands.
Socket.dev breaks down the attack in detail. Once the attackers had the information to publish to Axios NPM, they installed the malware as a new dependency on Axios, instead of fixing Axios itself. This may have helped the attack pass some security inspectors. dependence – plain-crypto-js – itself is just a copy of the popular encryption library, but one that executes additional code during the post-installation process found in all NPM packages.
When activated, the plain-crypto-js the package includes malware specific to Windows, macOS, and Linux. Work has begun on decoding the obfuscated malware, but it appears to be a remote access tool (RAT), a tool to allow attackers to direct remote access to any compromised system to steal information or install other malware such as keystrokes or other data-stealing tools. The full power of the malware is difficult to ascertain, because it contains the ability to download and execute arbitrary binaries from a control server. Different victims may receive different payloads, based on other data obtained from the program, the country the program was in, and more.
Like other supply chain attacks, compromising the Axios project reveals several layers:
- Developer systems. Developers who built a package using Axios while the NPM repository was vulnerable may have infected their systems; systems with access to source code, publishing information, and other services.
- Build systems in the CI/CD pipeline. Continuous integration / continuous deployment systems automate software builds and releases, and have access to source code, publishing credentials, and other proprietary credentials for building tools and resources.
- The final product. By compromising the build process, the source of a released project can be changed invisibly during the build process.
The compromised packages were only available for a few hours before they were caught, but an indirect estimate from the 100 million weekly downloads means that there could still be millions of structures affected, assuming about 500,000 downloads per hour.
Happy AI Day
The researchers at Calif.io asked Claude’s engine to detect vulnerabilities in the Vim text editor – and it did. So they asked it to find the vulnerability in Emacs – and it did (although it required git to issue commands).
Both vulnerabilities cause commands to be executed when the file is open, which is a very important consequence. In Vim, command execution occurs by using the ability to code syntax and display settings by commenting in an open file (/* vim .... */); usually these are cleared to prevent command execution but exceptions have been found. In Emacs, git hookautomatic scripts run by git based on events, are enabled to run commands.
Both vulnerabilities were verified by the Calif.io team before reporting them to the appropriate developer teams; the Vim team released a fix, and the Emacs team deferred the fix to the git maintainers.
The perception of AI bug reports is mixed to say the least within the Open Source community, with some projects completely shutting down the benefits of the bug due to the flood of AI generated false reports. But this case feels justified – AI was another tool used by bug hunters, and the results were verified as legitimate before the bugs were installed. If more AI found bugs were handled this way, the industry’s perception of AI results would likely be higher.
Bad Days for Cisco and Salesforce
Seemingly tied to last week’s compromise of Trivy’s open source scanner, where attackers were able to change the Trivy GitHub actions used by tens of thousands of security scanning projects to gain access to CI/CD pipelines, Bleeping Computer reports that Cisco had AWS keys and source code in stolen products.
At the same time, Cisco is having a bad time due to the disruption of Salesforce customer data by a large number of ransomware and data theft groups after the same breach of Microsoft, Pluto TV, Mashable, AT&T, Jaguar, Qantas Airlines, and a number of high-profile attacks. Independently of the Trivy compromise, they say they have additional git repositories for Cisco source code, AWS buckets containing customer and billing data, and more. How accurate these claims are remains to be seen, as ransomware groups often exaggerate the severity of their claims, apparently hoping for a big payout.
If they don’t attack do had the source code in Cisco products, this could be the beginning of a long chain of security problems. A common trick after a source code or internal bug database breach is apparently to use the source code to quickly find a remote bug, but only use it one mistake at a time. After weeks of constant security alerts and updates, many customers reach a point of fatigue and start skipping updates. A similar pattern occurred after the Oracle breach, which led to a year-long situation with Java runtime instances popping up every time a patch covered the previous one.
Gigabtye Vulnerability
The sky is blue, the grass is greener, and custom motherboard maker tools are often poorly written. Bleeping Computer also reports an error in the Gigabyte Control Center that allows overwriting inappropriate files.
Control Center is a piece of software that is included automatically with every installation of Windows on Gigabyte laptops and can be found on Windows desktops using Gigabyte motherboards. Control Center performs hardware monitoring, RGB lighting control, fan control, update management, and similar functions. It also supports remote pairing to manage multiple devices – and when remote pairing is enabled, CVE-2026-4415 allows writing to any file, allowing arbitrary code execution.
If you have a Windows system with Gigabyte tools, be sure to upgrade to the latest version as soon as possible! Bugs like these get worse when combined with other attacks – such as routing exploits or WiFi-based attacks on public networks.
Protecting GitHub Actions
With supply chain attacks breaking records, GitHub has announced that they are accelerating their plans to acquire repositories, actions, and publishing packages.
Directly from their blog post, GitHub recommends that all package maintainers should immediately:
- Use the CodeQL system to test GitHub workflows. This will help automatically identify known exposures to your actions.
- Never allow the workflow to run on ‘pull_request_target’. This prevents contributors from intercepting actions by accessing your GitHub secrets.
- Link specific hashes to the commits of any external workflow actions. Actions can be imported from the GitHub Action Marketplace, usually with a tagged version – but recent attackers have appeared to change the release tags on actions. Linking to a specific commit hash stops version rollback attacks.
- Make sure you don’t mix the pull request with the changes in the workflow. The workflow is stored in a repository under the ‘.github’ directory, and a malicious pull request may include changes to the workflow that steal private tokens.
Going forward, GitHub is expanding support for OpenID Connect (OIDC), a mechanism by which GitHub and other providers such as DockerHub and NPM can share authentication information without storing authentication tokens. While the OIDC configuration cannot prevent vulnerable GitHub action, it should prevent harvesting authentication tokens that can be used against packaging sites.
The GitHub Security Roadmap shows plans to harden the workflow system with locked dependencies, with the goal of detecting and preventing unexpected changes to embedded actions. GitHub also presents a fixed release, which cannot be changed, even by removing the release tag and re-releasing it.
It’s good to see what should be positive changes in the way pipelines are used and packages are built, because the need for centrally managed packages is certainly not going away.
Apache Vuls hit macOS, Others
A number of (CVE-2025-55753, CVE-2025-58098, CVE-2025-59775, CVE-2025-65082, CVE-2025-66200) vulnerabilities were discovered in the Apache web server, from the configuration of user CGI variables. poor cleanup of CGI applications, and server-side problems including performance directives. None of these bugs melt into the world, but Apache is a very common web server, and is even included in a standard macOS installation.
Node.JS Bounty Program Temporarily Suspended
Finally in a worst case scenario, Node.JS announces it is suspending its bug bounty program due to lack of funding. Although safety reports are still accepted, bonuses are no longer given.
Previously, the Node.JS bug bounty program was sponsored by the Internet Bug Bounty, supported by Microsoft, Adobe, Meta, and other major Internet companies. As of March 27, 2026, IBB announced that it was closed to new project submissions, citing an AI bug that overreacted respondents.
