Google Threat Intelligence reports a sophisticated supply chain attack on axios NPM package versions 1.14.1 and 0.30.4 (March 31, 2026), where attackers injected malicious 'plain-crypto-js' dependency to deploy WAVESHAPER.V2 backdoor across Windows, macOS, and Linux platforms. Attribution to UNC1069 based on malware signatures, infrastructure overlaps, and operational patterns. Remediation guidance includes version pinning, dependency auditing, CI/CD pipeline security, and credential rotation.

Russian military intelligence-linked hackers are exploiting known vulnerabilities in older internet routers to harvest authentication tokens from Microsoft Office users across over 18,000 networks. The campaign operates without deploying malicious software, allowing state-backed actors to conduct stealthy credential theft at scale.

Operative reported tensions with Lagos in Saboro [4 sources]