TrendingTopic

Supply chain attacks via compromised packages and maintainers

March 30, 2026CrowdStrike, blackorbird, Gameel Ali

CrowdStrike describes stolen maintainer credentials used to compromise Axios on npm. blackorbird ties a Lazarus campaign to a single npm package, and Unit 42 and Gameel Ali discuss TeamPCP supply chain compromises and tooling used after a package compromise.

Open in PulseSee the full expert discussion →

QUOTES

used stolen maintainer credentials to compromise the widely used HTTP client library Axios

A single NPM package that led us to the Lazarus Groups latest campaign

#TeamPCP was caught using #AdaptixC2 after compromising a package.

TeamPCP’s supply chain attacks continue

VOICES

CrowdStrike

blackorbird

Gameel Ali

Unit 42

RELATED TERMS

supply-chainnpmapt

OTHER FINDINGS IN TRENDING

LiteLLM PyPI supply chain compromise Dark web breach and ransomware incident reporting Axios NPM supply chain compromise attributed to DPRK UNC1069

AMYGDALA PULSE

See what experts are saying right now

This finding is one of many signals tracked across Cyber Security. The live feed updates every few hours with new expert voices, debates, and emerging ideas.

Open Cyber Security Pulse Browse all topics

← Back to Cyber Security