The Good, the Bad and the Ugly in Cybersecurity – Week 14

This report covers three high-impact security events: SentinelOne autonomously blocked a trojanized LiteLLM PyPI package that tried to execute obfuscated Python code, steal data, and move laterally; Axios npm packages were compromised to include a hidden dependency that installs a cross-platform RAT (macOS/Windows/Linux) linked to a suspected UNC1069 actor and prompting immediate downgrades and credential rotations; and Google released patches for an actively exploited Chrome zero-day (CVE-2026-5281) in the Dawn WebGPU component — organizations should investigate IOCs, rotate exposed credentials, and apply browser updates promptly.