IN The Hacker News’ weekly recap, Axios’s npm package was compromised by threat actors linked to North Korea, with UNC1069 claiming responsibility for seizing the lead maintainer’s npm account to push WAVESHAPER.V2, a cross‑platform malware, amid a package with almost 100 million weekly downloads.
The piece also highlights a high‑severity Chrome flaw, CVE‑2026‑5281, which Google said has been exploited in the wild, prompting updates to versions 146.0.7680.177/178 for Windows and macOS, and 146.0.7680.177 for Linux, though Google did not reveal who is behind the exploitation. Top‑news items include Fortinet FortiClient EMS CVE‑2026‑35616, described as pre‑authentication API access bypass with active exploitation, first seen in honeypots on 31 March 2026 per watchTowr.
The recap also notes TrueConf CVE‑2026‑3502 being exploited in attacks against government entities in Southeast Asia, with Check Point attributing the activity to a tampered update delivery chain. It further reports that ICE confirmed use of Paragon Graphite spyware to identify and disrupt foreign terrorist organisations, while several other security stories and CVE roundups are listed in the weekly overview.