Malware

Scattered Spider and LAPSUS$ Linked to Dual Supply Chain Compromises of Trivy and Axios

LAPSUS$ Scattered Spider TeamPCP UNC1069

Two separate supply chain attacks in March 2026 compromised Trivy — the dominant open-source container vulnerability scanner — and axios, the de facto JavaScript HTTP client library. Attribution spans Scattered Spider (UNC3944), LAPSUS$, TeamPCP, and UNC1069. The blast radius is substantial and confirmed: OpenAI disclosed that the compromised axios package reached their macOS code signing pipeline, requiring emergency certificate rotation. The dual-vector nature is what makes this analytically distinct. Trivy runs with broad filesystem and environment variable access in CI/CD pipelines — a backdoored scanner silently exfiltrating secrets from every pipeline it touches while continuing to report results normally. Axios compromise operates at the HTTP layer, intercepting credentials, API tokens, and request bodies across every application that bundles it. Together, these cover both build-time and runtime attack surfaces. Scattered Spider has documented, specific interest in financial sector targets and identity infrastructure. Their presence in this attribution cluster, combined with LAPSUS$'s pioneering of maintainer credential theft and insider recruitment, suggests the open-source ecosystem's trust model is being systematically targeted by financially motivated actors. Immediate actions: audit CI/CD pipeline logs from March for anomalous network egress, review npm lock files and container image manifests for affected axios versions, and verify internal artifact mirrors for tampered Trivy binaries.

This is the Codecov playbook at scale, run twice in parallel. The generational shift here is real — where SolarWinds required nation-state operational discipline, Scattered Spider and LAPSUS$ achieve comparable supply chain reach through social engineering and credential theft against individual maintainers. The open-source maintainer-as-single-point-of-failure problem is now being exploited by financially motivated groups, not just espionage programs. TeamPCP and UNC1069 are less established designations worth adding to tracking lists.

Editorial

the strategic headline this week isn't any single compromise — it's that Scattered Spider and LAPSUS$, groups we've historically tracked as social engineering and SIM-swapping operators, are now attributed to coordinated supply chain poisoning of CI/CD infrastructure. the dual Trivy/axios compromise represents a genuine capability escalation: these are financially-motivated actors adopting tradecraft previously associated with nation-state operations, and the confirmed downstream impact on OpenAI's code signing pipeline demonstrates the blast radius isn't theoretical. coming weeks after the LiteLLM package compromise, this is starting to look less like isolated incidents and more like a sustained campaign against the open-source dependency graph that underpins most of our build and deployment infrastructure. your software supply chain governance program should be modeling for this tempo, not last year's.

the Adobe Acrobat Reader prototype pollution zero-day (CVE-2026-34621) hitting KEV and drawing emergency patches is operationally significant but strategically familiar — PDF delivery chains remain the gift that keeps on giving. the trajectory data shows this story accelerating through the weekend with four new sources on the 13th, which typically signals broad exploitation rather than targeted activity. separately, the Citizen Lab report on law enforcement exploitation of ad-tech data pipelines via 'Webloc' across 500M devices deserves attention from executive protection and insider threat programs: if law enforcement can purchase location tracking at that scale through commercial data brokers, so can anyone else with a budget.

Critical

Vulnerabilities

Adobe Acrobat Reader Prototype Pollution Under Active Exploitation (CVE-2026-34621)

CVE-2026-34621

CVE-2026-34621 is a prototype pollution vulnerability in Adobe Acrobat Reader's File Handler, affecting all versions up to 24.001.30356 and 26.001.21367. CISA has added it to KEV — the operative signal, since CISA doesn't list speculatively. The EPSS of ~6% reflects predictive modeling that predates confirmed exploitation; the disconnect between no public exploit in Exploit-DB and active KEV listing suggests the exploit is being traded privately or weaponized in targeted campaigns before broad disclosure. Adobe Acrobat Reader is ubiquitous infrastructure in financial services. PDF-borne delivery chains are a staple of both commodity and targeted attacks against knowledge workers. Prototype pollution as an exploitation class is historically more associated with server-side Node.js than desktop PDF readers, which points to Acrobat's embedded JavaScript engine as the likely attack surface — a rich and historically fruitful target. Verify patch status across all endpoint populations, including VDI images, externally managed devices, and any BYOD populations with conditional access.

2026-04-11

2 sources

+ CVE-2026-34621

The Hacker News, VulDB

2026-04-13

4 sources

Canadian Centre for Cyber Security, BleepingComputer, Malwarebytes Labs, Help Net Security

2026-04-14

1 source

TechCrunch Security

Notable

Supply Chain

Axios Supply Chain Attack Reaches OpenAI macOS Code Signing Pipeline

OpenAI disclosed that the compromised axios package — part of the broader Scattered Spider/LAPSUS$-attributed supply chain campaign — reached their macOS code signing pipeline. OpenAI detected and mitigated the compromise, rotating affected certificates with no confirmed code compromise downstream. However, the fact that a supply chain attack against a broadly-used npm package propagated into the code signing infrastructure of a major AI vendor validates the worst-case blast radius assumptions for the axios compromise. For organizations consuming OpenAI tools or APIs, the mitigated status is reassuring but the attack path is not: if the compromise had gone undetected longer, signed OpenAI binaries could have carried tainted dependencies. This reinforces the need to verify dependency integrity not just in your own pipelines but in your vendors' software delivery chains.

Elevated from routine. This is the downstream proof-of-concept for the critical Trivy/axios story — it demonstrates the supply chain attack reached a tier-one AI vendor's signing infrastructure. The 'detected and mitigated' outcome is the good timeline; the bad timeline is the one where it wasn't caught for weeks.

Geopolitical

Citizen Lab Exposes Law Enforcement Ad-Data Surveillance Platform Tracking 500 Million Devices

Carmine Tsunami Attor

Citizen Lab research documents law enforcement use of 'Webloc,' a commercial surveillance tool that exploits advertising data pipelines (RTB bid streams, mobile SDKs, location data aggregators) to track approximately 500 million devices — a scale that dwarfs most documented commercial spyware deployments. The actor designation 'Carmine Tsunami' is associated with this campaign. The entry also tags Attor, a surveillance implant previously attributed by ESET to a Russian-nexus APT in 2019, though whether this reflects a direct technical connection or co-mention in source material requires verification. For a financial institution, this operates on two threat axes: executive protection (high-value personnel trackable through personal devices and apps with no malware required) and regulatory exposure (customer mobile data flowing through ad-data pipelines represents a third-party data broker risk vector with law enforcement access implications). The surveillance model — using commercial ad-tech intermediaries rather than direct device compromise — sidesteps traditional endpoint detection entirely.

The ad-tech data broker layer has become passive intelligence collection infrastructure accessible to any sufficiently funded or legally empowered actor. This is a quantitative escalation of a trend visible since the 2020 X-Mode revelations. The intersection with insider threat programs and executive protection is non-trivial — tracking a bank executive's movements requires no implant, just access to the same bid stream data that serves them ads.

Briefs

Vulnerabilities

Chamilo LMS Unrestricted File Upload via BigUpload (CVE-2026-33704)

Chamilo LMS up to 1.11.37 allows unrestricted file uploads through the BigUpload endpoint with minimal exploitation risk (EPSS 0.00215).

CVE-2026-33704 T1608.002

Vulnerabilities

Chamilo LMS Privilege Escalation via User Status Update (CVE-2026-33706)

Chamilo LMS up to 1.11.37 contains a privilege escalation vulnerability in the update_user_from_username endpoint with negligible exploitation likelihood (EPSS 0.00025).

CVE-2026-33706 T1068

Vulnerabilities

Chamilo LMS Predictable Random Value Generation (CVE-2026-33710)

Chamilo LMS up to 1.11.37 and 2.0.0-RC.2 generate predictable random values in timing-related functions with minimal exploitation likelihood (EPSS 0.00029).

CVE-2026-33710 T1600.001

Vulnerabilities

Chamilo LMS Unauthenticated PII Exposure via /api/users (CVE-2026-33736)

Chamilo LMS up to 2.0.0-RC.2 has improper authorization controls on the /api/users API endpoint allowing unauthorized personal information disclosure with negligible exploitation likelihood (EPSS 0.00028).

CVE-2026-33736

Vulnerabilities

phpseclib SSH2 Timing Side-Channel in Binary Packet Handling (CVE-2026-40194)

phpseclib versions up to 3.0.50 exhibit timing discrepancies in SSH2::get_binary_packet that could enable side-channel attacks with negligible practical exploitation risk (EPSS 0.0001).

CVE-2026-40194 T1592

Vulnerabilities

FastGPT RAG Platform Access Control Bypass (CVE-2026-40252)

labring FastGPT up to 4.14.10.4 has improper access control mechanisms allowing unauthorized API access with minimal exploitation risk (EPSS 0.00057).

CVE-2026-40252 T1068

Vulnerabilities

Totolink A7100RU OS Command Injection in Diagnostic CGI Endpoint

Totolink A7100RU router contains an OS command injection vulnerability in the /cgi-bin/cstecgi.cgi setDiagnosisCfg endpoint with minimal exploitation likelihood (EPSS 0.00892).

CVE-2026-6116 T1202

Vulnerabilities

Kubernetes CSI SMB Driver Path Traversal Enabling Directory Deletion

Kubernetes CSI Driver for SMB has a path traversal vulnerability via the subDir parameter potentially enabling deletion of unintended directories on SMB servers.

CVE-2026-3865

Vulnerabilities

Microsoft Edge Android Clickjacking Vulnerability

Microsoft Edge for Android up to version 146.0.3856.84 contains a clickjacking vulnerability with minimal exploitation likelihood (EPSS 0.00061).

CVE-2026-33119 T1566.003