Axios poisoned, TeamPCP details, Claude Code leaked - Cybersecurity Headlines

Summary5 min read

Cybersecurity Headlines – April 1, 2026: Axios Poisoned, TeamPCP Escalates, Claude Code Leak

Overview:
In this jam-packed episode, host Rich Straffolino delivers the day’s top cybersecurity stories, highlighting mounting threats in the open source ecosystem, the implications of high-profile data leaks, state-sponsored ransomware campaigns, and regulatory action on data privacy lapses. Today’s stories reflect increasing sophistication in software supply chain attacks, aggressive APT tactics, and the ripple effects of global policy shifts.

Key Discussion Points & Insights

1. Malicious Axios Dependency Attack

[00:21–01:30]

Incident: The npm HTTP client library Axios—downloaded around 100 million times a week—was hijacked, with threat actors injecting a remote access trojan (RAT) as a malicious dependency in two releases.
Attribution: Google’s Threat Intelligence Group, led by John Holtquist, linked the attack to North Korean APT UNC 1069.
- "Axios is downloaded roughly 100 million times a week. The attackers were able to hijack the NPM account of Axios maintainer, change the account email and then lock them out." [00:32]
Attack Method: Rather than altering Axios code directly, attackers pushed a new malicious dependency via CLI, bypassing GitHub Actions to avoid automated detection.
Sophistication: Step Security researchers noted distinct payloads for Windows, macOS, and Linux, indicating thorough planning.
Relevance: Reveals critical gaps in widely used open source projects’ supply chain security.

2. Team PCP and Supply Chain Threat Escalation

[01:31–02:15]

Latest Research: Wiz detailed activities of Team PCP, an attacker group aggressively exploiting open source supply chains.
Tactics: Rapid validation of stolen credentials, seen in malware injected into tools like Trivi.
- Upon compromise, the group swiftly pivots: "Team PCP was seen validating stolen data within hours, followed by AWS discovery operations against validated secrets in less than a day." [01:50]
Collaboration: Team PCP collaborates with extortion and ransomware crews such as Lapsus, acting as an "initial access broker clearinghouse."
Industry Impact: Ongoing threat to open source trustworthiness and collaboration norms.

3. Claude Code Source Leak

[02:16–03:02]

Event: Intern Chofan Sho at Solaire Labs shared on X (Twitter) that AI firm Anthropic accidentally published a JavaScript source map for its Claude code on the public npm registry.
- "Anthropic acknowledged the leak, saying it was the result of human error, not malicious activity." [02:35]
Contents Exposed:
- Details on context entropy limits via three-layer memory architecture.
- Information on a background daemon (Kairos), internal model roadmap, and development milestones.
- Prompts for an "undercover mode" to use Claude code in stealthy open source contributions.
Industry Implications: Shows how quickly sensitive AI assets can spread; prompts questions about proprietary vs. open collaboration.

4. Securing the Quantum Computing Supply Chain

[03:03–03:44]

Update: The US government, as reported by the Financial Times, aims to secure the quantum computing supply chain—ensuring access to rare earths and addressing looming material constraints.
- CTO Ethan Klein: "Hopes to align on policy with European allies on these initiatives." [03:29]
Backdrop: Follows the suspension of the US-UK Technology Prosperity deal, underscoring geopolitical complexities in emerging tech cooperation.
Significance: Emphasizes the foresight required to future-proof technological progress against supply disruptions and nation-state competition.

5. Italy’s Largest Finance Giant Fined for Data Security Failures

[04:23–05:00]

Incident: Italian Data Protection Authority fined Intesa San Paolo Spa €31.8 million for inadequate data security controls.
Findings:
- Employees accessed customer data inappropriately—mainly high-risk accounts of public figures—and internal controls failed to trigger.
- Breach notifications were incomplete and delayed.
Notable Quote:
- "This follows a three year investigation... which discovered employees improperly accessing customer information without triggering internal control systems." [04:40]
Takeaway: Highlights persistent weaknesses in financial sector data governance and regulatory expectations.

6. Iran’s “Pay2Key” Ransomware Operation Revived

[05:01–05:46]

Research: Kela’s Cyber Intelligence Center reports Iranian state-backed Pay2Key ransomware has resumed, recruiting affiliates from Russian cybercrime forums.
Tactics:
- Outsourcing "pseudo ransomware" attacks (often designed to inflict chaos, leave systems encrypted, or deploy wipers).
- Acting as initial access brokers for other threat actors.
Quote:
- Chris Krebs: "Iran seems to be throwing everything against the wall when it comes to cyber operations." [05:02]
Significance: Illustrates the blend of geopolitical and criminal motivations in modern ransomware operations.

7. Chinese “Silver Fox” Group and Atlas Cross RAT Campaign

[05:47–06:16]

Campaign: Silver Fox—also called Swimsnake, The Great Thief of the Valley, Void Arachne—runs sophisticated typo-squatting campaigns to deliver the new Atlas Cross RAT throughout Asia.
Methods:
- Imitate trusted software brands (Surfshark, Telegram, Zoom, Signal).
- Lure victims to spoof domains, prompting ZIP downloads that embed RAT via an Autodesk binary and shellcode loader.
Insight: Coordinated approach and the emergence of a new tool (Atlas Cross) suggest a surge in group sophistication.

8. Dutch Finance Ministry Data Breach

[06:17–07:11]

Incident: Data breach at the Dutch Ministry of Finance (March 19), leading to some employee data exposure, but not impacting tax or import/export systems.
Response:
- Forced shutdown of systems, affecting over 1,600 institutions' access to account balances and loan application portals.
- Alternative channels (conventional banking) available, but no return date for affected portals.
No Attribution Yet:
- No threat group has claimed responsibility.

Notable Quotes & Memorable Moments

Rich Straffolino (on Axios attack):
“Axios is downloaded roughly 100 million times a week... Rather than change the Axios code directly, they added a malicious dependency manually pushing through NPM CLI rather than through the project's GitHub Actions pipeline to avoid detection.” [00:32–01:10]
On Iran’s evolving tactics:
"Iran seems to be throwing everything against the wall when it comes to cyber operations." – Chris Krebs [05:02]
On looming quantum supply chain concerns:
"Hopes to align on policy with European allies on these initiatives." – US CTO Ethan Klein [03:29]

Additional Notes

Trust as a Theme: April is "Trust Month" at CISO Series, with focus on building trust within security teams.
Security Tip of the Day (Sponsor):
-"Least privilege isn't about distrusting users, it's about limiting blast radius.” [03:45]
Engagement Opportunities: Listeners invited to engage with future events and provide show feedback.

Timestamps for Key Segments

| Segment | Timestamp | |----------------------------|--------------| | Axios poisoned attack | 00:21–01:30 | | Team PCP supply chain moves| 01:31–02:15 | | Claude code leak | 02:16–03:02 | | Quantum supply chain risks | 03:03–03:44 | | Italy finance fine | 04:23–05:00 | | Iran’s Pay2Key returns | 05:01–05:46 | | Silver Fox/Atlas Cross RAT | 05:47–06:16 | | Dutch Finance breach | 06:17–07:11 |

Conclusion

Today’s episode underscores escalating threats to code repositories, the blurred line between cybercrime and nation-state activity, and the challenges of governing sensitive data in both tech and finance. Listeners are left with a call to examine supply chain trust, future-proofing for emerging tech, and vigilance in the face of globally converging cyber risks.

Loading summary

Transcript4 lines

[00:00]
A
Before we get into the headlines, just a quick reminder that April is Trust Month at the CISO Series. We've got some fun events lined up in April to talk all about trust in cybersecurity, so head on over to our events page@cisoseries.com for more details from the CISO Series.
[00:16]
B
It's Cybersecurity Headlines
[00:22]
A
These are the cybersecurity Headlines for Wednesday, April 1, 2026 hi, I'm Rich Straffolino. HTTP client introduces malicious dependency Axios, a widely used HTTP client library on npm, was hijacked by threat actors to introduce a remote access Trojan into two releases. Google's Threat Intelligence Group chief analyst John Holtquist attributed the attack to the North Korean APT UNC 1069. Axios is downloaded roughly 100 million times a week. The attackers were able to hijack the NPM account of Axios maintainer, change the account email and then lock them out. Rather than change the Axios code directly, they added a malicious dependency manually pushing through NPM CLI rather than through the project's GitHub Actions pipeline to avoid detection. Researchers at Step Security noted this attack showed significant planning and sophistication with separate payloads ready for Windows, macOS and Linux. Check out the show notes now for details on the affected versions. Team PCP testing the open source supply chain in more bad news for all things open source, researchers at Wiz released a report on the activities of Team pcp. We've covered the group's attacks on the LLM proxy library Light LLM. Last week, Wiz observed the group seeking to quickly validate stolen secrets from supply chain attacks. In the case of its malware injection on Trivi, Team PCP was seen validating stolen data within hours flipping, followed by AWS discovery operations against validated secrets in less than a day. Researchers told Infosecurity magazine that Team PCP has been seen explicitly collaborating with extortion groups like Lapsus and other ransomware organizations, serving as initial access broker clearinghouse. Claude source code leaked Solaire Labs intern Chofan Sho posted on X that Anthropic seemed to have published a JavaScript source map file for Claude code on its public NPM registry. This source file was quickly archived and spread across GitHub. Anthropic acknowledged the leak, saying it was the result of human error, not malicious activity. The file revealed how Claude code limits context entropy through a three layer memory architecture and provides details on a background daemon mode called Kairos. It also gives details on Anthropic's internal model roadmap and current development milestones, and provides a prompt for an undercover mode to stealthily use CLAUDE code for public open source contributions. A call to Secure Quantum computing Supply Chains we are seeing continuing signs that everyone is getting ready for the advent of quantum computing. The most recent example, the Financial Times reports that a U.S. delegation will push to shore up the security and stability of the quantum computing supply chain at this week's meeting of the Quantum Development Group in London. This will look to secure access to rare earth metals and get ahead of other material constraints needed for this emerging technology. US Chief Technology Officer Ethan Klein said he hopes to align on policy with European allies on these initiatives. This comes after the US suspended the US UK Technology Prosperity deal back in September, which had previously served as a cooperative research framework for emerging tech like AI and quantum computing. And now, thanks to Today's episode sponsor ThreatLocker Least privilege isn't about distrusting users, it's about limiting blast radius. Many attacks succeed because malware inherits excessive permissions. Enforcing least privilege helps ensure that even if something goes wrong, attackers can't easily escalate access or move laterally across the environment. Learn more@threatlocker.com Italy Fines Finance giant for personal data security failures the Italian Data Protection Authority fined one of Italy's largest financial firms, intesa San Paolo Spa, 31.8 million euros, citing serious shortcomings in personal data security due to the inadequacy of the technical and organizational measures adopted. This follows a three year investigation into the firm which discovered employees improperly accessing customer information without triggering internal control systems. While this Access impacted about 3,500 customers, the investigation found that these were often high risk accounts belonging to public figures. The investigation also found that the company sent incomplete breach notifications well after legally required deadlines. Iran revives Pay two Key as former CISA director Chris Krebs recently characterized, iran seems to be throwing everything against the wall when it comes to cyber operations. The most recent examples Researchers at Kela's Cyber Intelligence center found evidence that the country revived its state backed ransomware operation paytakey. This revival saw the group recruiting from Russian illicit forums, a move Kela characterized as outsourcing geopolitical retribution to the global cybercrime talent pool. Part of the strategy for Pay two Key appears to be launching so called pseudo ransomware attacks where the goal is just to leave systems encrypted to cause chaos or install other forms of wiper malware. Pay2Key also serves as initial access broker for other threat actors. Silverfox spreads rats across Asia. A Chinese cybercrime group that goes by a range of frankly awesome sounding names, including Silver Fox, Swimsnake, the Great Thief of the Valley and and Void Arachne, has been spotted operating a typo squatting campaign. This attempts to spoof trusted software brands like surfshark, Telegram, Zoom and Signal to install a novel Atlas Cross remote access Trojan. After visiting a spoof domain, victims are prompted to download a zip archive that installs an autodesk binary, which then launches a shellcode loader for Atlas Cross. Researchers say the coordinated nature of the campaign and the development of a previously unseen remote access Trojan show significantly more sophistication from Silver Fox Dutch Finance Ministry goes offline after breach Last week, the Dutch Ministry of Finance disclosed that it suffered a data breach on March 19th. This attack didn't impact systems used for tax collection, subsidies or import export regulations, but did expose data on some employees. So far, no threat group has taken credit for the attack. In a statement to legislators, Minister of Finance Ilko Heinen said the ministry was forced to shut down some systems for security reasons. As of March 23, Heinen said about 1,600 institutions could not see account balances or use an online portal to apply for loans. Both services are available through conventional banking channels. No word on when these online portals will come back online. It's April 1st, and that means it's the start of Trust Month at the CISO series. We mentioned it at the top of the show each Friday in April, we're focusing Super Cyber Friday on a different aspect of trust in cybersecurity. This week, we're digging into building trust within your security team. If you've ever worked with a security team that's been burned by leadership in the past, you've got to join us this Friday at 1pm Eastern for the livestream. You can share some of the lessons you've learned in our chat, play some fun games, win some CISO series swag, and have fun in a meetup after the stream is over. If that sounds good, head on over to our events page@cisoseries.com to register. And if you have some thoughts about the news from today or about the show in general, be sure to reach out to us feedbackisoseries.com we would be delighted to hear from you. Reporting from the CISO series, I'm Rich Strofalino, reminding you to have a super sparkly day.
[07:47]
B
Cybersecurity headlines are available every weekday. Head to cisoseries.com for the full stories behind the headlines.