Security Check-in Quick Hits: Axios Malware, Claude Leak, Mercor Breach, and Fortinet Flaw Top the Day's Cybersecurity Alerts

For April 1, 2026

Axios NPM Supply Chain Attack Delivers Remote Access Trojan

Popular JavaScript HTTP client library axios fell victim to a sophisticated supply chain compromise on March 31, 2026. Malicious versions 1.14.1 and 0.30.4 were published to npm with a remote access trojan embedded in the postinstall script. The packages have since been removed, but anyone who installed or updated axios in the prior 24 hours should immediately scan their systems for compromise.

Laravel, a major framework that depends on axios, moved quickly: it pinned safe versions in its starter templates, updated its installer to run package installs with --ignore-scripts by default, and blocked the attacker’s domain on Laravel Cloud. The incident underscores how a single compromised maintainer account in a widely used dependency can expose millions of downstream projects and production environments. Supply chain attacks like this remain one of the fastest-growing threats because they bypass traditional perimeter defenses and exploit trust in open-source ecosystems. Organizations should audit recent npm installs, enable script blocking where possible, and consider tools that verify package integrity before deployment.

Mercor AI Confirms 4TB Data Breach Tied to LiteLLM Supply Chain Attack

Mercor AI officially acknowledged a severe data breach after the Lapsus$ hacking group claimed to have stolen 4 terabytes of sensitive information. The breach originated from a supply chain compromise of the open-source LiteLLM project, which Mercor relied on. Attackers exfiltrated proprietary source code, internal databases, and large volumes of user-verification data by breaching the company’s Tailscale VPN. Lapsus$ has listed the dataset for live auction on the dark web.

This incident highlights how a single backdoored dependency (LiteLLM reportedly had a malicious release that exfiltrated secrets) can cascade into major downstream breaches for AI startups and their users. With hundreds of millions of monthly downloads for affected tools, the blast radius is enormous. Security teams should treat every open-source dependency as potentially untrusted, implement strict SBOM (Software Bill of Materials) tracking, and monitor for anomalous outbound traffic from build and runtime environments. Mercor users are urged to change credentials and monitor accounts for suspicious activity.

Anthropic’s Claude Source Code Leaked via NPM Registry Map File

Internal source code for Anthropic’s Claude AI coding tool was inadvertently exposed through a map file published in its npm registry. The leak includes system prompts, internal code, feature roadmaps, and references to an unreleased model codenamed “mythos.” No model weights were compromised, but the exposure still represents a significant operational security failure for one of the leading AI labs.

The code was quickly shared on file-hosting sites, drawing immediate attention from the security community. This incident serves as a stark reminder that even well-resourced AI companies can suffer from basic build and packaging oversights. Developers using Claude or similar tools should assume that internal implementation details may now be public and review any custom integrations for potential new attack vectors. Broader lesson: map files and source maps should never be shipped to public registries unless intentionally open-sourced.

Critical Pre-Auth SQL Injection in FortiClient EMS (CVE-2026-21643) Actively Discussed

A high-severity vulnerability (CVSS 9.1–9.8) was disclosed in Fortinet’s FortiClient Endpoint Management Server (EMS) 7.4.4. The flaw is a pre-authentication SQL injection that could allow unauthenticated remote code execution via crafted HTTP requests. Security researchers and OSINT tools report thousands of exposed instances online, and the issue is already seeing active chatter about potential exploitation in the wild.

Fortinet users running the affected version should prioritize patching immediately and restrict public exposure of EMS consoles. This CVE joins a growing list of high-impact flaws in endpoint management and remote access tools that attackers target for initial access. Organizations should also review network segmentation around management servers and enable logging to detect probing attempts.

Stay vigilant—supply chain compromises and AI-related exposures dominated today’s chatter, proving once again that the attack surface is shifting toward the tools and libraries we trust most. Check your dependencies, patch aggressively, and verify everything.