High2026-04-07CVSS N/Asupply-chainnpmratredispostgresqljavascriptpersistence
36 Malicious npm Packages Deploy Persistent RATs via Redis and PostgreSQL
36 malicious npm packages were discovered on the public registry, using postinstall scripts to deploy cross-platform Remote Access Trojans (RATs) that establish persistence through Redis and PostgreSQL.Read bulletin→High2026-04-01CVSS 7.1CVE-2026-35412 (2026-04-01)directuscmsheadlessauthenticationuploadweb
CVE-2026-35412 — Directus: TUS Upload Authentication Bypass
A broken authorization check in Directus's TUS upload handler (versions prior to 11.16.1) allows a low-privilege authenticated user to overwrite arbitrary files on the server, including system or configuration files.Read bulletin→Critical2026-03-31CVSS N/Asupply-chainnpmaxiosjavascriptc2
Axios npm Package Compromised — Malicious Versions Phone Home to C2 Server
Malicious versions of the widely-used axios HTTP client (1.14.1 and 0.30.4) were published to npm, injecting code that contacts a Command & Control server and exfiltrating sensitive data from build environments.Read bulletin→Critical2026-03-28CVSS 9.4CVE-2026-33634 (2026-03-21)supply-chainci-cdgithub-actionscheckmarxsast
TeamPCP Hits Checkmarx — Supply Chain Campaign Expands to SAST Scanners
The TeamPCP group, already behind the Trivy compromise, expands its campaign to Checkmarx GitHub Actions (KICS, AST) and VS Code extensions, stealing CI/CD secrets and cloud tokens at scale.Read bulletin→Critical2026-03-26CVSS 9.4CVE-2026-33634 (2026-03-21)supply-chainci-cdteampcpgithub-actionskubernetesdocker