zerofox logo
Advisories

ZeroFox Weekly Intelligence Brief – April 4, 2026

|by Alpha Team

banner image

ZeroFox Weekly Intelligence Brief – April 4, 2026

ZeroFox’s Weekly Intelligence Briefing highlights the major developments and trends across the threat landscape, including digital, cyber, and physical threats. ZeroFox Intelligence is derived from a variety of sources, including—but not limited to—curated open-source accesses, vetted social media, proprietary data sources, and direct access to threat actors and groups through covert communication channels. Information relied upon to complete any report cannot always be independently verified. As such, ZeroFox applies rigorous analytic standards and tradecraft in accordance with best practices and includes caveat language and source citations to clearly identify the veracity of our Intelligence reporting and substantiate our assessments and recommendations. All sources used in this particular Intelligence product were identified prior to 6:00 AM (EST) on April 2, 2026; per cyber hygiene best practices, caution is advised when clicking on any third-party links.

Read the Brief

View the full report here

North Korea-Linked Threat Actors Target Axios

What we know:

  • The Axios JavaScript NPM package was recently compromised by North Korean threat actors UNC1069.
  • The actors hijacked Axios’s npm account to publish trojanized versions of Axios (1.14.1 and 0.30.4), embedding a malicious dependency (“plain-crypto-js”) that delivers a cross-platform backdoor across Windows, macOS, and Linux.

Meta Accuses Italian Spyware Maker of Pushing Fake WhatsApp Versions

What we know:

  • Meta has accused Italian spyware maker SIO of tricking some 200 iPhone users in Italy into downloading a fake version of WhatsApp that contained spyware. Meta did not specify who the victims were but said it has alerted them.

Canada Imprisons Individual Linked to Online Extremist Group Terrorgram Collective

What we know:

  • The Canadian Public Prosecution Service sentenced an individual to 20 years in prison for producing and disseminating violent extremist propaganda as part of the online network known as the “Terrorgram Collective” that inspired multiple terrorist attacks.

Tags: tlp:green