Security Signals (3/24/26-4/7/26)

This digest summarizes numerous security reports from late March to early April 2026 that document a surge in supply-chain attacks (notably the Axios npm and other third-party package compromises), multiple malware and stealer campaigns, active ransomware operations and EDR-evasion techniques, and a notable code/data leak (Anthropic Claude Code). The collection underscores active exploitation across open-source ecosystems, developer pipelines, SaaS notification abuse, and targeted campaigns tied to both criminal and nation-state actors, with vendor analyses and detection guidance included.