This Week in Cybersecurity: The Supply Chain Is the Attack Surface (30 March – 5 April 2026)

The Week in One Paragraph

The week of 30 March to 5 April 2026 had no shortage of dramatic individual stories — Iranian hackers breaching the FBI Director's personal email, the European Commission losing 350GB of data to ShinyHunters, and a £30 malware kit selling full system access on Telegram. But the thread connecting nearly everything was dependency. Attackers are not trying to beat your firewall. They are compromising the maintainer of the package your developers trust, planting backdoors in the registry your CI/CD pipeline pulls from, and waiting patiently inside the third-party tools your staff use every day. If your security programme still treats the supply chain as someone else's problem, this week should change that.

The Package Registry Is Now a Primary Attack Vector

Three separate supply chain stories this week, taken together, paint a picture that should concern every development team running JavaScript or Python at any scale. North Korean threat actors compromised Axios — one of the most widely used npm packages in existence — by socially engineering a maintainer through a fake Microsoft Teams error message. The technique was simple, the impact potentially enormous. Our article 'Axios npm Hack: How North Korea Hijacked an Open-Source Maintainer' documents exactly how this worked and why most organisations have no detective control in place that would catch it. Separately, attackers planted 36 malicious packages inside the npm registry disguised as Strapi CMS plugins. Each one exploited Redis and PostgreSQL connections, harvested credentials, and dropped a persistent implant at install time. No exploit required — just npm install. And on the Python side, the TeamPCP supply chain campaign uploaded two malicious versions of the Telnyx SDK to PyPI, targeting developer environments across Windows, macOS, and Linux simultaneously. These are not isolated incidents. They are a pattern of sustained, professional attention to the one part of most organisations' estates that has the least visibility and the weakest gatekeeping. The 'Secrets Sprawl 2026' findings from GitGuardian compound the problem: 29 million hardcoded secrets were exposed on public GitHub in 2025, a 34 per cent year-on-year increase. Developers are writing code faster than ever — often with AI assistance — and secrets are leaking into repositories at a rate that no manual review process can keep pace with. For UK and New Zealand businesses, the question is not whether your development pipeline is exposed. It is how long it has been exposed without your knowledge. Panorays is worth considering here for any organisation with significant third-party software dependencies — continuous supplier risk monitoring needs to extend to the packages your teams are consuming, not just the vendors your procurement team has approved.

State Actors Are Escalating — and Personal Accounts Are the Weak Point

Iran-linked hackers breached the personal email account of FBI Director Kash Patel and published its contents. The same group, Handala Hack Team, deployed a destructive wiper against defence contractor Stryker. Star Blizzard, a Russian state-sponsored group, adopted the DarkSword iOS exploit kit in a precision campaign targeting UK government bodies, universities, financial firms, and legal entities. Three distinct China-aligned threat clusters simultaneously targeted a single Southeast Asian government entity. And separately, Iranian threat actors are running high-volume attacks against hospitals and critical infrastructure, with AI accelerating the pace. This is not background noise. This is a documented, concurrent escalation by three of the world's most capable state-sponsored adversaries — and the tactics being used in high-stakes geopolitical targeting do not stay there. They filter down. The FBI Director's email incident, covered across three separate articles this week, deserves particular attention. Kash Patel is one of the most security-aware individuals in public life by definition of his role. His personal account was still the weakest link. This is the lesson that applies universally: executives, board members, and high-value staff operate across personal and professional environments that your security controls simply do not reach. Personal Gmail accounts, home devices, and private social media profiles are now legitimate attack vectors for adversaries targeting your organisation through its leadership. For UK businesses in professional services, finance, defence supply chains, or any sector with government adjacency, Star Blizzard's targeting profile as described in 'Star Blizzard's iOS Exploit Kit: What UK Organisations Need to Know' should be read carefully. This group is not spray-and-pray. It is deliberate, well-resourced, and specifically interested in British institutions. Apple's emergency DarkSword patch extended to a wider range of iPhones — but as our article notes, the devices your staff use that are never updated remain permanently exposed. ESET's mobile threat management capabilities are worth reviewing in this context, particularly for New Zealand and Australasian businesses managing BYOD environments where device patch compliance is difficult to enforce.

Critical Infrastructure Vulnerabilities: The Patch Window Is Closing

Three separate critical infrastructure vulnerabilities reached active exploitation status this week, and in each case the timeline between disclosure and weaponisation was uncomfortably short. Fortinet's FortiClient EMS received an emergency out-of-band patch for a pre-authentication vulnerability — CVE-2026-35616 — that attackers were already exploiting before the fix arrived. The flaw requires no credentials and provides remote code execution on affected servers. Our two articles on this ('CVE-2026-35616: Why FortiClient EMS Is Being Patched Under Fire' and 'FortiClient EMS Exploit: What UK and NZ Businesses Must Do Now') make clear that this is not a vulnerability to schedule for the next maintenance window. Citrix NetScaler ADC and NetScaler Gateway are being actively exploited via CVE-2026-3055, a critical memory vulnerability that allows attackers to extract authenticated administrative session tokens. If you are running NetScaler infrastructure and have not patched, an attacker may already have administrative credentials to your environment — and you would not necessarily know. F5 BIG-IP presents perhaps the most instructive case. A vulnerability disclosed in October 2025 as a high-severity denial-of-service flaw has since been reclassified as remote code execution and confirmed as actively exploited. The threat model changed entirely — but organisations that assessed the original disclosure as tolerable risk may not have revisited the decision. These three cases together illustrate a problem that goes beyond patching: severity reclassification after initial disclosure is increasingly common, and most organisations have no process for re-evaluating their response when a vulnerability's risk profile changes. Hadrian's continuous attack surface management is well-suited to this problem — knowing which of your exposed assets are running vulnerable versions in real time, rather than relying on point-in-time vulnerability scans, is the difference between catching this before attackers do and reading about it afterwards. Sophos MDR and XDR customers should ensure their detection rules are updated for indicators associated with all three of these vulnerabilities. The exploitation activity is confirmed and ongoing.

AI Is Expanding the Attack Surface Faster Than Governance Can Follow

Four separate AI-related security stories this week, and none of them are about science fiction scenarios. They are about things happening now in production environments. OpenAI Codex contained a vulnerability that could have allowed attackers to compromise GitHub personal access tokens — a supply chain risk sitting inside one of the most widely adopted AI coding tools in enterprise development. ChatGPT had a now-patched flaw that allowed sensitive conversation data, uploaded files, and user messages to be exfiltrated without warning. As our article notes, when AI tools become part of your workflow, they become part of your attack surface. That is not a metaphor. It is a description of how data flows. DeepLoad, a newly identified malware loader, is using AI-generated junk code to disguise its malicious logic from security scanners — a direct challenge to signature-based defences that were not designed to evaluate probabilistically obfuscated payloads. And Unit 42's research into multi-agent AI systems on Amazon Bedrock reveals attack surfaces that traditional security controls do not cover at all. Microsoft's Agent Governance Toolkit, covered in 'AI Agents Are Running Loose. Governance Is Catching Up.', is a welcome development — but it is reactive. Autonomous agents are already executing financial transactions, managing infrastructure, and writing code in production environments that have no governance framework in place. The access policies those agents operate under are, increasingly, being written by LLMs that hallucinate. Our article 'LLM-Written Access Policies Are Creating Silent Security Gaps' documents exactly how a hallucinated Rego or Cedar policy does not crash an application — it silently removes a permission boundary that nobody notices until something goes wrong. For UK and New Zealand businesses adopting AI tooling, the practical recommendation is straightforward: every AI tool that touches your code, your data, or your infrastructure needs to be assessed the same way you would assess any other third-party application with elevated access. Coro's unified security platform can help bring AI-adjacent SaaS applications into a consistent access and monitoring framework — but only if organisations are willing to map their AI tool sprawl honestly first.

By the Numbers

The statistics from this week's reporting put the threat picture in concrete terms.

• 29 million hardcoded secrets exposed on public GitHub in 2025 — a 34% year-on-year increase and the largest single-year jump ever recorded (GitGuardian, State of Secrets Sprawl 2026)
• 36 malicious npm packages planted in a single campaign targeting Strapi CMS users, each capable of credential harvesting and persistent implant deployment
• 350GB of data allegedly stolen from European Commission cloud systems by ShinyHunters
• 800,000 WordPress sites exposed by the Smart Slider 3 vulnerability — exploitable by any user with a subscriber-level account
• 9.8 CVSS score assigned to the reported Telegram zero-click exploit, meaning no user interaction required for device compromise
• $4.5 million FCC proposed fine against Voxbeam for routing suspicious foreign call traffic enabling financial impersonation robocalls
• $50 million raised by Linx Security in a single funding round focused on identity security and governance
• $10 million US government bounty placed on the Iranian hackers who compromised FBI Director Kash Patel's personal email
• £30 — the reported entry cost for CrystalRAT malware-as-a-service, providing remote access, keylogging, and data theft capabilities
• 6,000+ Chrome extensions that LinkedIn's hidden JavaScript scanned for in visitors' browsers, according to BrowserGate researchers

What to Do This Week

The volume of active exploitation across this week's stories is high enough that prioritisation matters. Here is where to focus first.

• Patch FortiClient EMS, Citrix NetScaler, and F5 BIG-IP immediately — all three have confirmed active exploitation in the wild. If your organisation cannot patch within 24 hours, consider taking affected systems offline or restricting access while remediation is scheduled. Sophos Firewall customers should review perimeter rules to limit exposure of these services until patches are confirmed applied. Hadrian can help identify which of your internet-facing assets are running affected versions if your asset inventory is incomplete.
• Audit your npm and PyPI dependencies this week — not eventually. The Axios, Strapi, and Telnyx incidents demonstrate that trusted packages in trusted registries are being weaponised. Run a software composition analysis scan across your development pipeline and flag any package that was updated in the last 30 days without a corresponding review. Panorays can extend third-party risk monitoring to cover open-source dependency exposure for organisations that have not yet built this capability internally.
• Review executive and high-value staff accounts for personal email and device exposure. The Handala breach of the FBI Director's personal account is the template for how high-value targets get compromised. Identify your top 20 most targeted individuals — executives, board members, legal counsel, finance leadership — and verify that personal accounts are not being used for business communications, and that personal devices accessing business systems are enrolled in your MDM programme. ESET's mobile security management is worth deploying if you have BYOD gaps in Australasia.
• Map every AI tool in your environment that touches code, credentials, or sensitive data. This includes AI coding assistants, AI-powered SaaS applications, and any autonomous agents in development or production. For each tool, verify what data it can access, what permissions it holds, and what your off-boarding process looks like if the vendor is compromised. Coro provides visibility across SaaS application access that can help surface AI tools that were adopted without formal procurement review.
• Check secrets sprawl exposure now. If your development team uses GitHub, run GitGuardian's free historical scan or an equivalent tool against your repositories — including private ones. Hardcoded API keys, database credentials, and cloud provider tokens in repositories are the gift that keeps giving to attackers who have already moved on to another target. BlackFog's anti-exfiltration capabilities can provide an additional layer of protection if credentials are actively being harvested from developer environments.

Looking Ahead

Several threads from this week are likely to develop further in the coming days. The ShinyHunters breach of Europa.eu and the European Commission is not resolved — 350GB of allegedly stolen data will surface somewhere, and the downstream impact on individuals and organisations whose data was held in those systems will become clearer as the week progresses. Watch for extortion communications and data leak postings. The Iranian cyber escalation documented across multiple articles this week — hospital attacks, critical infrastructure targeting, the FBI Director's email, the Stryker wiper — suggests a sustained campaign rather than isolated incidents. UK organisations in healthcare, critical infrastructure, and government supply chains should treat the current threat level as elevated until there is evidence of de-escalation. The AI governance gap is going to produce more incidents like the ChatGPT and OpenAI Codex vulnerabilities before vendors, developers, and security teams find a working equilibrium. Any organisation that expanded its AI tool adoption in Q1 2026 without a corresponding security review has work to do before the next disclosure cycle. And the CrystalRAT malware-as-a-service at £30 a licence deserves watching. When sophisticated capabilities hit that price point, the attacker profile broadens dramatically. Tools that were previously the domain of organised criminal groups become accessible to opportunistic individuals — and the volume of attempts against UK and New Zealand small and medium businesses tends to rise shortly after.

Frequently Asked Questions