Honestly the last week was insane, so many interesting and scary staff. If you don't read this usually, I would highly recommend reading this week summary. 🛡️ Axios npm Supply Chain Attack Impacts Millions of Developers What happened: A major supply chain attack compromised the widely used Axios npm package, impacting a library with ~100 million weekly downloads. Attackers hijacked a maintainer account and published malicious versions that injected a hidden dependency executing a cross-platform remote access trojan (RAT) during installation. The campaign has been attributed to a North Korean-linked actor, with payloads targeting Windows, macOS, and Linux systems. 🔗 https://www.microsoft.com/en-us/security/blog/2026/04/01/mitigating-the-axios-npm-supply-chain-compromise/ 🤖 DeepLoad Malware Uses AI to Evade Detection What happened: Researchers identified a new malware strain dubbed DeepLoad, which leverages AI model APIs to dynamically generate polymorphic malicious code during execution. By continuously changing its structure and behavior at runtime, the malware can bypass traditional signature-based defenses and adapt in real time to detection mechanisms. 🔗 https://reliaquest.com/blog/threat-spotlight-deepload-malware-pairs-clickfix-delivery-with-ai-generated-evasion/ ☁️ AWS Expands Bedrock Security with Cross-Account Guardrails What happened: AWS announced general availability of cross-account guardrails for Amazon Bedrock, enabling organizations to enforce consistent AI security and governance policies across multiple accounts. This allows centralized control over model behavior, compliance rules, and safety constraints across enterprise-scale AI deployments. 🔗 https://aws.amazon.com/blogs/aws/amazon-bedrock-guardrails-supports-cross-account-safeguards-with-centralized-control-and-management/

If you are using Claude Code, Codex, Gemini or any other tool for coding on your desktop, you might want to pay attention to this. https://www.trendmicro.com/zh_hk/research/26/c/axios-npm-package-compromised.html https://www.huntress.com/blog/supply-chain-compromise-axios-npm-package https://www.sophos.com/en-us/blog/axios-npm-package-compromised-to-deploy-malware I have just woke up, but apparently there has been huge supply chain attack. At the moment I'm working on threat hunting. Here is the KQL hunt query. Might be useful to someone. let TimePeriod = 3d; // Hash IOCs let AxiosIOCMD5 = dynamic([ "21d2470cae072cf2d027d473d168158c", "db7f4c82c732e8b107492cae419740ab", "7658962ae060a222c0058cd4e979bfa1", "089e2872016f75a5223b5e02c184dfec", "04e3073b3cd5c5bfcde6f575ecf6e8c1", "7a9ddef00f69477b96252ca234fcbeeb", "9663665850cdd8fe12e30a671e5c4e6f", "8c782b59a786f18520673e8d669e3b0a" ]); let AxiosIOCSHA1 = dynamic([ "2553649f2322049666871cea80a5d0d6adc700ca", "d6f3f62fd3b9f5432f5782b62d8cfd5247d5ee71", "07d889e2dadce6f3910dcbc253317d28ca61c766", "b0e0f12f1be57dc67fa375e860cedd19553c464d", "978407431d75885228e0776913543992a9eb7cc4", "a90c26e7cbb3440ac1cad75cf351cbedef7744a8", "13ab317c5dcab9af2d1bdb22118b9f09f8a4038e", "59faac136680104948e083b3b67a70af9bfa5d5e", "ae39c4c550ad656622736134035f17ca7a66a742" ]); let AxiosIOCSHA256 = dynamic([ "5bb67e88846096f1f8d42a0f0350c9c46260591567612ff9af46f98d1b7571cd", "59336a964f110c25c112bcc5adca7090296b54ab33fa95c0744b94f8a0d80c0f", "58401c195fe0a6204b42f5f90995ece5fab74ce7c69c67a24c61a057325af668", "e10b1fa84f1d6481625f741b69892780140d4e0e7769e7491e5f4d894c2e0e09", "f7d335205b8d7b20208fb3ef93ee6dc817905dc3ae0c10a0b164f4e7d07121cd", "617b67a8e1210e4fc87c92d1d1da45a2f311c08d26e89b12307cf583c900d101",

https://youtu.be/E_zDr_3V-WU

📉 The $2.77 Exploit: AI Slashes Cost of Weaponizing Vulnerabilities What happened: A new report from Booz Allen reveals that the cost to automatically generate working exploits for CVEs has dropped to as little as $2.77 using AI tools. At the same time, nearly 60% of critical vulnerabilities remain unpatched past CISA deadlines, highlighting a widening gap between attacker speed and defender response. 🔗 https://industrialcyber.co/article/booz-allen-warns-ai-driven-cyberattacks-outpace-human-driven-defenses/ 🤖 HiddenLayer Report Highlights Rise of Agentic AI Breaches What happened: The 2026 AI Threat Landscape Report shows that 1 in 8 AI-related security incidents now involve agentic systems. The report also found that 35% of AI breaches originate from malicious models in public repositories, while shadow AI usage has reached 76% across enterprises, significantly expanding the attack surface. 🔗 https://businessjournaldaily.com/ai-security-company-releases-2026-threat-report/ 🎭 ‘InstallFix’ Campaign Uses Fake Docs to Deliver Infostealers What happened: A new social engineering campaign dubbed InstallFix targets developers by cloning legitimate documentation (including AI tooling docs) and embedding malicious installation commands. Victims unknowingly execute scripts that deploy the Amatera infostealer, capable of harvesting credentials, session tokens, and browser data. 🔗 https://pushsecurity.com/blog/installfix 🆔 SpyCloud Report: Machine Identities Become Primary Target What happened: SpyCloud’s latest research shows a major shift from human credentials to non-human identities (NHIs) such as API keys and session tokens. Stolen identity records increased significantly, with attackers using these composite identity profiles to bypass MFA and move laterally across cloud environments.

Hello everyone, if you are working on your lab and you decide to import Playbooks from templates it can cause issues. I have just tried some Playbooks, which are prepared for you and once I edited variable, it resulted in error. The best workaround was to just delete variable and create a new one. So if you want to change prompt, key and so on. That's the easiest solution.