N. Korean hackers were behind malicious versions of Axios

Metacurity is the only daily cybersecurity briefing built for clarity, not agendas—no vendor spin, no echo chamber, just sharp, original aggregation and analysis of what actually matters to security leaders.

If you rely on Metacurity to cut through the noise on policy, industry shifts, and security research, consider supporting us with a paid subscription. Independent coverage like this only exists because readers decide it’s worth it.

A suspected North Korean hacking group has hijacked and modified a popular open source software development tool called Axios to deliver malware that could put millions of developers at risk of being compromised, contradicting previous assessments that TeamPCP was behind the compromise.

On Monday, a hacker pushed malicious versions of the widely used JavaScript library, which developers rely on to allow their software to connect to the internet. The affected library was hosted on npm, a software repository that stores code for open source projects. Axios is downloaded tens of millions of times every week. 

The hijack was spotted and stopped in around three hours overnight on Monday into Tuesday,  according to security firm StepSecurity, which analyzed the attack. 

It’s unclear at this point how many people downloaded the malicious version of Axios during that time span. Security company Aikido, which also investigated the incident, said anyone who downloaded the code “should assume their system is compromised.”

Google said that its security researchers are linking the Axios compromise to the North Korean hacking group UNC1069.

“We have attributed the attack to a suspected North Korean threat actor we track as UNC1069,” said John Hultquist, the chief analyst for Google’s Threat Intelligence Group. “North Korean hackers have deep experience with supply chain attacks, which they’ve historically used to steal cryptocurrency. The full breadth of this incident is still unclear, but given the popularity of the compromised package, we expect it will have far reaching impacts.”

The hacker was able to slip malicious code inside Axios by compromising the account of one of the project’s primary developers, who was authorized to push out updates. The hacker replaced the legitimate developer’s email address on the account with their own, making it more difficult for the developer to regain access. (Lorenzo Franceschi-Bicchierai / TechCrunch)

Related: PCMag, Channel NewsAsia, Bloomberg Law, Elastic Security Labs, Nextgov/FCW, Recorded Future, Axios, Reuters, CNN, Security Affairs, CSO Online, Devops, AFP-Jiji, The Chosun Daily, Korea JoongAng Daily, Sri Lankan Guardian, Sophos, VentureBeat, CNN

Cisco has suffered a cyberattack after threat actors used stolen credentials from the recent Trivy supply chain attack to breach its internal development environment and steal source code belonging to the company and its customers.

A source, who asked to remain anonymous, said that Cisco's Unified Intelligence Center, CSIRT, and EOC teams contained the breach involving a malicious "GitHub Action plugin" from the recent Trivy compromise.

The attackers used the malicious GitHub Action to steal credentials and data from the company's build and development environment, impacting dozens of devices, including some developer and lab workstations.

While the initial breach has been contained, the company expects continued fallout from the follow-on LiteLLM and Checkmarx supply chain attacks.

As part of the breach, multiple AWS keys were reportedly stolen and later used to perform unauthorized activities across a small number of Cisco AWS accounts. Cisco has isolated affected systems, begun reimaging them, and is performing wide-scale credential rotation.

BleepingComputer has learned that more than 300 GitHub repositories were also cloned during the incident, including source code for its AI-powered products, such as AI Assistants, AI Defense, and unreleased products.

A portion of the stolen repositories allegedly belongs to corporate customers, including banks, BPOs, and US government agencies.

Multiple sources said that more than one threat actor was involved in the Cisco CI/CD and AWS account breaches, with varying degrees of activity. (Lawrence Abrams / Bleeping Computer)

Related: MacRumors, AppleInsider, Ynetnews, Wired, The Indian Express, Hindustan Times, Political Wire, CBS News, FXStreet, The US Sun, Security Week

Anthropic leaked part of the internal source code for its popular artificial intelligence coding assistant, Claude Code, the company confirmed.

“No sensitive customer data or credentials were involved or exposed,” an Anthropic spokesperson said in a statement. “This was a release packaging issue caused by human error, not a security breach. We’re rolling out measures to prevent this from happening again.”

A source code leak is a blow to the startup, as it could help give software developers, and Anthropic’s competitors, insight into how it built its viral coding tool. A post on X with a link to Anthropic’s code has amassed more than 21 million views since it was shared at 4:23 a.m. ET on Tuesday.

The leak also marks Anthropic’s second major data blunder in under a week. Descriptions of Anthropic’s upcoming AI model and other documents were recently discovered in a publicly accessible data cache, according to a report from Fortune. (Ashley Capoot / CNBC)

Related: Gizmodo, GitHub, Axios, Zee News, Bleeping Computer, The New Stack, Livemint, Unite.AI, Techstrong.ai, Towards Data Science, Digit, Cybersecurity News, VentureBeat, Decrypt, r/cybersecurity, Fortune, The Register, CNET, Business Insider, European Central Station, Bloomberg, The Information, CSO Online, Security Affairs

Apple is shifting its long-standing iOS security update strategy after two sophisticated hacking tools surfaced in the wild within a month, exposing gaps in its “upgrade-or-stay-vulnerable” approach.

Historically, Apple required users to install the latest operating system to receive security patches, but the emergence of the DarkSword exploit—and continued resistance from users to upgrade to iOS 26—has prompted the company to issue fixes for older versions of its mobile OS.

The company said it will release an iOS 18 update to protect users from DarkSword, a web-based exploit capable of silently compromising devices. The move marks a notable expansion of Apple’s use of “backporting,” allowing users to receive critical security patches without upgrading to the newest OS—even on devices that support it.

The decision follows growing criticism after millions of users remained exposed, particularly as DarkSword spread globally via compromised websites, phishing campaigns, and public code repositories.

Security experts welcomed the change but criticized the delay, noting that attackers had already weaponized the exploit for espionage and cybercrime. The shift comes after a similar move earlier in March, when Apple patched older iOS 17 devices against another advanced toolkit, Coruna.

Analysts say the incidents highlight a broader reality: iPhone users who cannot or choose not to upgrade—due to software compatibility, storage limits, or preference—represent a sizable attack surface, challenging Apple’s assumption that forcing updates alone can ensure security. (Andy Greenberg / Wired)

Related: MacRumors, Gizmodo, Digit, The Mac Observer, Cult of Mac, 9to5Mac, Panda Security Mediacenter,  r/appler, r/jailbreak

Mercor, a popular AI recruiting startup, has confirmed a security incident linked to a supply chain attack involving the open-source project LiteLLM.

The AI startup told TechCrunch on Tuesday that it was “one of thousands of companies” affected by a recent compromise of LiteLLM’s project, which was linked to a hacking group called TeamPCP. Confirmation of the incident comes as extortion hacking group Lapsus$ claimed it had targeted Mercor and gained access to its data.

It’s not immediately clear how the Lapsus$ gang obtained the stolen data from Mercor as part of TeamPCP’s cyberattack. (Jagmeet Singh / TechCrunch)

Related: The Cyber Express, Cyber Security News, Neowin

Hung Nguyen, a researcher at the boutique cybersecurity firm Calif, discovered vulnerabilities in the Vim and GNU Emacs text editors using simple prompts with the Claude AI assistant, showing that remote code execution could be triggered simply by opening a file.

The assistant not only identified the flaws but also generated and refined proof-of-concept exploits and suggested mitigations, underscoring how AI tools can accelerate vulnerability discovery in widely used developer software.

In Vim, Nguyen found that improper handling of “modelines”—file-embedded instructions that control editor behavior—combined with missing security checks, allowed malicious code to execute even when sandboxing was intended. The flaw affects Vim versions 9.2.0271 and earlier and could allow attackers to execute arbitrary commands with the user’s privileges if a specially crafted file is opened. Nguyen disclosed the issue to maintainers, who quickly released a fix in Vim 9.2.0272.

A separate issue in GNU Emacs remains unresolved, tied to its integration with Git. Opening a file can trigger Git operations that read a repository’s configuration and execute a user-defined program via the core.fsmonitor setting, enabling attackers to embed malicious scripts in hidden .git directories within shared files or archives.

While Emacs developers attribute the problem to Git, researchers warn that the risk persists because the editor automatically invokes Git without safeguards, and users are advised to avoid opening untrusted files until mitigations are implemented. (Bill Toulas / Bleeping Computer)

Related: Calif, Cyber Security News, Cyber Press, Cyber Kendra

Palo Alto Networks researchers have demonstrated how AI agents built on Google Cloud’s Vertex AI platform can be compromised and turned into “double agents,” capable of carrying out malicious actions such as data exfiltration, backdoor creation, and infrastructure compromise.

The analysis focused on Vertex’s Agent Engine and Agent Development Kit (ADK), which are designed to help developers build and scale AI agents, but were found to introduce significant security risks if misconfigured.

At the center of the issue is the Per-Project, Per-Product Service Agent (P4SA), which by default has overly broad permissions. Researchers showed that attackers could exploit these permissions to obtain service account credentials and pivot from the AI agent’s environment into the broader Google Cloud project, accessing sensitive data and systems.

This access could also allow attackers to download proprietary container images from private repositories, potentially exposing intellectual property and enabling further attacks, as well as accessing storage buckets and other restricted resources.

Palo Alto also identified a pathway for remote code execution that could enable persistent backdoors within the agent environment. Google has since responded by updating its guidance, urging users to adopt a “Bring Your Own Service Account” (BYOSA) approach to enforce least-privilege access and reduce risk. (Eduard Kovacs / Security Week)

Related: Unit 42, Dark Reading

According to researchers at ESET, nearly 80 percent of British manufacturers say a cyber incident has hit them in the past year.

78 percent of UK manufacturers admit to suffering at least one cyber incident in the last 12 months, with more than half reporting lost revenue as a result. These aren't minor hiccups either. In more than half of the worst incidents, losses surpassed £250,000, because when something breaks digitally, the production line usually follows suit.

The sector got a high-profile reminder of the stakes last year when Jaguar Land Rover was forced to halt production following a cyberattack that rippled across its supply chain. The disruption dragged on for weeks, with estimates putting the wider economic hit at around £1.9 billion once suppliers, delays, and lost output were factored in.

ESET's numbers suggest this kind of fallout is increasingly common. Almost all respondents said incidents had a direct operational impact, with supply chain disruption and missed commitments near the top of the list. (Carly Page / The Register)

Related: ESET, ESET, Infosecurity Magazine

The Indian government has warned of a sophisticated “Android God Mode” malware campaign targeting users, capable of taking near-complete control of infected devices by abusing accessibility permissions.

Officials say the malware can operate silently in the background, giving attackers access to sensitive data and enabling unauthorized actions without the victim’s awareness.

The malware is typically delivered through apps masquerading as legitimate services such as banking, government, or customer support tools. Once installed, it requests extensive permissions that allow it to monitor screen activity, capture credentials and one-time passwords, and execute actions on behalf of the user, effectively turning the device into a remotely controlled tool for fraud and surveillance.

Authorities are urging users to install apps only from trusted sources and to be cautious about granting accessibility permissions. They also warn against downloading apps via links or unofficial channels and advise users to remove suspicious applications immediately, as the campaign highlights the growing sophistication and reach of mobile-targeted cyber threats. (Arya Mishra / Hindustan Times)

Related: MoneyControl, ETV Bharat, NewsBytes

New York City Mayor Zohran Mamdani reversed a 2023 ban on TikTok use by city government, allowing agencies and employees to return to the platform.

The move marks a shift from former Mayor Eric Adams’ policy, which restricted TikTok on official devices due to concerns over its ties to China. Mamdani announced the change with a brief video on the reinstated @nycmayor account.

The administration said agencies can use TikTok under strict conditions, including limiting access to designated communications staff and requiring use on dedicated government-issued devices that contain no other apps. Officials framed the decision as a way to expand outreach, arguing the platform can help deliver timely information about services, emergencies, and events to New Yorkers.

The reversal comes despite ongoing national security concerns about TikTok’s parent company, ByteDance, and its potential links to the Chinese government. While TikTok has taken steps to distance its US operations from Beijing, many states—including New York State—continue to prohibit its use on government devices, leaving Mamdani’s policy as a notable departure. (Chris Sommerfeldt / Politico)

Related: Wired, Gizmodo, CGTN, AM New York, Tubefilter, WNYW-TV, Inc.com, Associated Press, New York Times, r/nyc

Hackers broke into the water treatment plant in Minot, ND, to implant ransomware on a server, although no specific ransom was demanded.

The plant operated in manual fashion until the infected server could be removed. The utility says that at no time was public safety threatened, and the FBI is investigating. (KX News)

The US Federal Bureau of Investigation (FBI) warned Americans against using foreign-developed mobile applications, particularly those created by Chinese developers.

In a public service announcement (PSA) issued via its Internet Crime Complaint Center (IC3) platform this Tuesday, the FBI warned of privacy and data security risks associated with these apps.

"As of early 2026, many of the most downloaded and top-grossing apps in the United States are developed and maintained by foreign companies, particularly those based in China," the bureau warned.

"The apps that maintain digital infrastructure in China are subject to China's extensive national security laws, enabling the Chinese government to access mobile app users' data potentially."

Among the risks highlighted in the advisory, the FBI said that some of these mobile apps may continuously collect data and users' private information, even when users grant permission only while the app is active. (Sergiu Gatlan / Bleeping Computer)

Related: IC3, CyberInsider

Tenex.ai, an artificial intelligence cybersecurity startup, has raised $250 million in a Series B venture funding round.

Crosspoint Capital led the financing, with participation from Shield Capital and DeepWork Capital. (Dina Bass / Bloomberg)

Related: Tenex, Wilson Sonsini, Bank Info Security, Silicon Angle, PYMNTS, Business Observer, The Business Journal, Hoodline

Cybersecurity company Linx Security, which has developed an identity security and governance platform, has raised $50 million in a Series B venture funding round.

Insight Partners led the round with participation from existing investors Cyberstarts and Index Ventures. (Meir Orbach / Calcalist)

Related: CTech, Globes, Linx Security, CityBiz, Business Insider

depthfirst, a San Francisco, CA-based applied AI lab developing new security solutions, raised $80M in a Series B venture funding round.

Meritech Capital led the round, with participation from Forerunner Ventures and The House Fund, and existing investors, including Accel, Box Group, Liquid 2 Ventures, Alt Capital, and Mantis VC. (Thomas Brewster / Forbes)

Related:  SiliconANGLE, depthfirst, FinSMEs, Pulse 2.0

Best Thing of the Day: Digital Sovereignty Slowly Gaining Momentum in Europe

The small German state of Schleswig-Holstein is emblematic of the push across Europe to transition critical assets away from American tech giants, pursuing digital sovereignty by actively replacing all Microsoft products and services with open-source alternatives.

Worst Thing of the Day: When What You Tell AI Gets Into the Hands of Mark Zuckerberg

Perplexity AI Inc. was accused in a lawsuit of surreptitiously sharing the personal information of its users with Meta and Google in violation of California privacy laws.

Closing Thought