CyberheistNews Vol 16 #17 [Heads Up] This Sophisticated Scam Should Be a Warning to All Companies

Executive summary: This CyberheistNews issue reports a high-risk supply-chain compromise in which a compromised Axios maintainer account on npm published two malicious package versions that added a post-install dependency to silently deploy a cross-platform remote access trojan—an attack likely to impact many developer systems and CI/CD pipelines; it also covers an active WhatsApp VBS malware phishing campaign and adversary abuse of AI workflow automation platforms to host phishing payloads, alongside broader FBI and industry trend intelligence on AI-enabled scams.