ZeroFox Daily Intelligence Brief - April 1, 2026

ZeroFox Daily Intelligence Brief - April 1, 2026

ZeroFox Intelligence collects, curates, and analyzes information derived from open and proprietary sources. Here is today’s daily roundup to give you and your clients an advantage over the adversary.

Brief Highlights

• Axios Npm Package Compromised by Suspected North Korean Hackers
• Anthropic Confirms Accidental Claude Code Source Leak
• TeamPCP Shifts to Post-Compromise Exploitation After Data Exfiltration

Axios Npm Package Compromised by Suspected North Korean Hackers

Source: https://techcrunch.com/2026/03/31/hacker-hijacks-axios-open-source-project-used-by-millions-to-push-malware/

What we know: The Axios JavaScript NPM package, an open source software development tool with 400 million downloads per month on npm, was recently compromised by suspected North Korean hackers to deliver a remote-access trojan (RAT) to victim developer accounts. The attack was stopped by npm in around three hours overnight (UTC) on Monday into Tuesday.

Context: Axios’s lead developer account called “jasonsaayman,” with authorization to push updates was compromised. A malicious dependency, named "[email protected]," was inserted to deliver the RAT. Furthermore, the malware was designed to automatically delete itself after installation. Malicious updates were sent to users on Windows, macOS, and Linux.

Analyst note: The compromise is very likely to trigger a major supply chain attack, impacting multiple organizations across various sectors. Developer systems which downloaded the updates between March 30-31, 2026, are likely to be compromised. The Indicators of Compromise (IOCs) are available here.

Anthropic Confirms Accidental Claude Code Source Leak

Source: https://www.bleepingcomputer.com/news/artificial-intelligence/claude-code-source-code-accidentally-leaked-in-npm-package/

What we know: Anthropic has accidentally leaked the closed-source code for Claude Code via NPM package version 2.1.88. The version included a debugging file “cli.js.map” that linked the compiled JavaScript back to the original source code exposing 1,900 files and 500,000 lines, which are now spreading on GitHub despite DMCA takedowns.

Context: Claude Code is Anthropic's proprietary Command-Line Interface (CLI) tool that has always been kept closed-source to protect features. The leak occurred due to a human error in release packaging that included a source map with embedded original code possibly enabling full reconstruction of the entire source code tree. However, Anthropic maintains no customer data was exposed.

Analyst note: The leak is likely to spur reverse-engineering of some exclusive features that could be of advantage to competitor AI tools. It is also likely to increase precision in attacks against its users as threat actors could study the leaked code to find security vulnerabilities. There is a roughly even chance of new open-source projects replicating leaked proprietary code like this to be created by independent developers that could decrease Claude’s uniqueness.

TeamPCP Shifts to Post-Compromise Exploitation After Data Exfiltration

Source: https://www.darkreading.com/cloud-security/teampcp-breaches-cloud-saas-instances-stolen-credentials

What we know: TeamPCP has begun carrying out follow up attacks after its campaigns in March 2026, where it targeted LiteLLM, Trivy, and more. Using stolen credentials from these attacks, the group accessed cloud environments and conducted large-scale data exfiltration from software as a services (SaaS) providers and code repositories.

Context: TeamPCP initiated supply chain attacks by injecting credential-stealing malware into trusted developer tools and packages to compromise downstream users. These attacks then led TeamPCP to carry out widespread token theft across npm, PyPI, and cloud environments, impacting thousands of repositories and exposing sensitive credentials, APIs, and source code at scale.

Analyst note: Compromised credentials are likely to be reused or sold on dark web forums, increasing risk of account takeovers, ransomware deployment, and data extortion. Additionally, this heist is likely to involve partnerships with active and prolific ransomware and extortion threat groups in future attacks.

DEEP AND DARK WEB INTELLIGENCE

DarkForums user spain: Threat actor “spain” has advertised 430 GB data from Spain-based energy company Feníe Energía. The dataset reportedly includes over 1.7 million records with personally identifiable information, with the actor suggesting additional undisclosed data may also be available. If the actor’s claims are true, the PII is likely to be reused or enriched with other datasets, increasing risk of account takeovers and targeted social engineering attacks.

VULNERABILITY AND EXPLOIT INTELLIGENCE

CVE-2026-3502: This is an already-patched integrity verification bypass vulnerability in TrueConf client video conferencing software that has reportedly been exploited as a zero-day in a campaign targeting government entities in Southeast Asia. The flaw enables a threat actor to distribute a tampered update, leading to the execution of arbitrary code. Successful exploitation is likely to enable threat actors to snoop or hijack confidential meetings, access sensitive documents or notes, and make changes to schedules.

Affected products: TrueConf Client versions 8.1.0 through 8.5.2