Intelligence Insights: April 2026

March 2026 highlights show high-impact supply-chain compromises: the axios npm package was account-taken and malicious versions published that introduce a hidden dependency executing a postinstall script to drop a cross-platform RAT on macOS, Windows, and Linux; TeamPCP similarly published malicious LiteLLM releases to PyPI after exfiltrating maintainer credentials as part of a coordinated supply-chain campaign linked to ransomware, credential harvesting, and coinmining. The report also notes increased Microsoft Teams phishing and email bombing and recommends mitigations such as npm 2FA and local package caching.