North Korean APT group UNC1069 targeted the Axios npm package via a tailored social engineering attack against its maintainer. The campaign aimed to insert malicious code into this critical open-source library, posing risks to global software supply chains. Detection methods include MFA, cryptographic signing, and vigilant monitoring of package updates.

Google Threat Intelligence identified Coruna, a sophisticated iOS exploit kit leveraging 23 vulnerabilities across five complete exploit chains to silently install malware via drive-by web delivery. Former L3Harris Trenchant employees confirmed the toolkit originated within the US defense contractor's offensive cyber division before being sold to Russian intelligence, which has deployed it against targets in Ukraine. Organizations should enforce iOS Lockdown Mode on high-risk devices, deploy mobile threat defense tooling, and immediately ingest Google's published IOCs.

A recent study reveals that third-party resellers and brokers undermine government restrictions on spyware distribution by exploiting opaque supply chains and enabling continued proliferation. This activity complicates detection, attribution, and enforcement efforts, highlighting the need for enhanced supply chain risk management and international regulatory cooperation.

TeamPCP has orchestrated targeted supply chain attacks against developer security tools such as Trivy, Checkmarx's KICS, VS Code plug-ins, and the LiteLLM AI library. These attacks aim to compromise software development environments, enabling espionage and data theft. Security teams should enhance supply chain protections, apply timely patches, and monitor for indicators of compromise related to TeamPCP activity.