Axios npm versions 1.14.1 and 0.30.4 were tampered to inject the malicious package plain-crypto-js 4.2.1, delivering a cross-platform trojan affecting Windows, macOS, and Linux. The malware targets developer credentials, cloud tokens, and SSH keys stored on infected hosts and establishes persistence via OS-native mechanisms. Organizations should audit installed Axios versions, remove plain-crypto-js, rotate all secrets from exposed environments, and rebuild affected CI/CD runners from clean images.

Researchers identified a malware campaign using large volumes of AI-generated junk code to inflate binary size and evade static analysis, obscuring credential-harvesting and C2 functionality targeting Windows endpoints. The technique leverages LLM output to produce syntactically valid but functionally inert code at scale, degrading signature-based detection without requiring manual obfuscation expertise. SOC teams should prioritize behavioral detection, ASR rule enforcement, and full credential rotation on affected systems.

Black Duck CEO Jason Schmitt argues that AI-assisted development tools like GitHub Copilot and Amazon CodeWhisperer are introducing vulnerability patterns and dependency risks that traditional SAST and SCA pipelines are not equipped to detect. Existing regulations including NIST SSDF, OMB M-22-18, and PCI DSS v4.0 create direct compliance exposure for organizations that have not updated their application security testing programs to account for LLM-generated code. Security teams must audit AI tool usage across the SDLC, update SBOM generation, and revise secure coding policies before their next compliance attestation cycle.

Check Point Research disclosed a prompt injection vulnerability in OpenAI ChatGPT that allowed a single malicious prompt to silently exfiltrate user messages, uploaded files, and other session data without user knowledge. The flaw requires no authentication beyond a standard ChatGPT session and carries low attack complexity. Organizations should restrict file uploads, avoid using ChatGPT for sensitive data processing, and monitor OpenAI's security advisories for patch confirmation.

DeepLoad is a new malware loader delivered via the ClickFix social engineering tactic, identified by ReliaQuest researchers. It uses likely AI-assisted obfuscation and process injection to evade static detection, and begins stealing credentials and session tokens immediately upon execution — before the primary loader can be blocked. Windows endpoints without PowerShell restrictions or application control policies are the primary targets.

CVE-2024-7014 is a reported critical remote code execution vulnerability in the Telegram messaging application, carrying a CVSS score of 9.8, allegedly triggered by a maliciously crafted sticker file with no user interaction required. Telegram disputes the vulnerability's existence and has not issued a patch or security advisory. Security teams should update Telegram clients, disable automatic media downloads, and monitor endpoint behavior pending vendor resolution.

CVE-2026-3055 is a critical (CVSS 9.3) memory overread vulnerability in Citrix NetScaler ADC and NetScaler Gateway caused by insufficient input validation. An unauthenticated remote attacker can exploit the flaw to leak sensitive memory contents including session tokens and credentials. Defused Cyber and watchTowr have confirmed active reconnaissance activity targeting affected deployments.

Three vulnerabilities in LangChain and LangGraph frameworks allow attackers to access filesystem data, environment secrets, and conversation histories. Users should apply the latest patches and restrict access to mitigate potential data breaches.

CVE-2025-53521 is a stack-based buffer overflow in F5 BIG-IP Access Policy Manager (APM) that allows unauthenticated remote attackers to execute arbitrary code on affected systems. Successful exploitation can lead to full system compromise, session interception, and lateral movement through protected networks. CISA has added the vulnerability to the KEV catalog with a federal patch deadline of March 30, 2026.

CVE-2015-5611 is a CVSS 10.0 remote code execution vulnerability in Fiat Chrysler's Uconnect telematics system affecting 1.4 million vehicles across Jeep, Dodge, Ram, and Chrysler brands. Researchers Charlie Miller and Chris Valasek demonstrated unauthenticated remote exploitation over the Sprint cellular network, gaining full control of steering, braking, and transmission via CAN bus message injection. FCA issued a mandatory recall under NHTSA 15V-461 and the case directly shaped subsequent automotive cybersecurity regulation including UNECE WP.29 R155 and ISO/SAE 21434.

A critical code injection vulnerability was actively exploited within hours of public disclosure, giving organizations almost no remediation window before attacks began. The flaw enables remote code execution and affects internet-facing deployments of the targeted product. Organizations should apply vendor patches immediately, isolate unpatched systems, and treat any exposed instance as potentially compromised.

Security teams often assume that active alerts and controls guarantee protection, but this can create a false sense of security. Regular testing and tuning of detection mechanisms are necessary to verify defenses against real-world attacks.