Comorando

🚨 BREAKING: Axios, used by 83 million developers weekly, was just compromised on npm. Hackers hijacked a maintainer account and injected a RAT that works on macOS, Windows and Linux. The malware deleted itself after infection to avoid detection. Another supply chain attack in March 2026. #Axios

Axios: 83 million weekly downloads. Compromised via a hijacked maintainer account. A hidden dependency deployed a cross-platform RAT across macOS, Windows and Linux. The malware self-destructed after infection to erase all traces. Supply chain attacks are the new normal. #Axios

🚨Cyber Alert ‼️ 🌍Global - 𝗔𝘅𝗶𝗼𝘀 Unknown attackers compromised the npm account of Axios maintainer “jasonsaayman” and published malicious versions (1.14.1, 0.30.4) with a fake dependency delivering a cross-platform RAT. The malware enabled remote control, persistence, and data access across macOS, Windows, and Linux, with C2 communication and self-cleanup for evasion. Given Axios’ ~83M weekly downloads, impact could be large, but affected users are unknown. Threat actor: Unknown Sector: ICT Data exposure (claimed): Not specified Data type: Not specified Observed: Mar 31, 2026 Status: Pending verification ESIX©: 7.45 Full details and impact assessment on HackRisk.io

28 organismos. Un solo grupo. Un solo día. Si el Banco Central, la Justicia y las fuerzas policiales no pudieron proteger sus datos, ¿qué pasa con las PyMEs que ni siquiera monitorean sus emails corporativos? Nadie está a salvo si no sabe qué datos ya están expuestos.

🏥 Salud y educación comprometidas: → Ministerios de Salud de Buenos Aires, Misiones y Neuquén → OSEP Mendoza e IOMA Buenos Aires → Educación de Chubut, Jujuy y Catamarca → 200.000 registros educativos filtrados Datos de pacientes, alumnos y docentes expuestos.

🚨 28 organismos del Estado argentino hackeados simultáneamente. Banco Central, Ministerios, Policías, Salud, Educación, Justicia. El grupo CHRONUSTEAM se adjudicó el ataque más grande en la historia digital de Argentina. 🧵 Qué se sabe hasta ahora ↓ #Argentina

The pattern is always the same: → Hack one trusted tool → Steal credentials → Use those to hack the next tool → Repeat March 2026 proved that your security tools can become your biggest vulnerability. What are you doing about it?

March 27: They compromised Telnyx, downloaded 3.75 million times. In 10 days: GitHub, Docker Hub, npm, OpenVSX, PyPI. The FBI warned: "Expect more breach disclosures in the coming weeks."

One hacking group compromised 5 ecosystems in 10 days. They didn't hack companies directly. They hacked the security tools companies trust. The FBI warned: more breaches are coming. 🧵 What happened ↓ #TeamPCP

Los ataques a la cadena de suministro se están convirtiendo en el vector principal. El próximo no atacará a Trivy—atacará a la herramienta que usas todos los días. Mantente alerta. #Ciberseguridad #SupplyChain

Qué revisar ahora mismo: → Logs de CI buscando 'tpcp.tar.gz' → Tráfico saliente hacia 'checkmarx[.]zone' → Tokens npm creados en esa ventana Rótalos. No asumas que estás seguro porque no eres Microsoft. Los ataques a la cadena de suministro no discriminan.

Un token robado. 474+ repositorios infectados. 1,705 paquetes comprometidos. Y nadie lo notó por 5 días. Este es el ataque TeamPCP que cambió las reglas de la cadena de suministro. Hilo 🧵👇

@DarkWebInformer Important flag. If confirmed, this is serious—CURP + full address + phone is identity theft ready. Curious—has Regio Ruta or INAI (Mexico's data protection authority) commented on this?

‼️🇲🇽 A dataset allegedly from Regio Ruta, a public transit platform in Monterrey, Nuevo León, Mexico, has been leaked on a popular cybercrime forum. ▪️ Records: 117,570 ▪️ Data Fields: RUC, ID, full name, CURP, date of birth, phone, email, full address, city, postal code, status ▪️ Format: .csv