Weekly Roundup: LiteLLM and Axios Supply Chain Attacks, Chrome Zero-Day in Dawn
SentinelOne's AI EDR blocked a LiteLLM supply chain attack in real time, Axios npm packages were compromised to deliver a cross-platform RAT, and Google patched an actively exploited Chrome zero-day in the Dawn component.
This week in cybersecurity saw a trio of high-profile incidents spanning supply chain attacks on popular open-source projects and an actively exploited Chrome zero-day, underscoring the accelerating pace of threats targeting developers and end-users alike.
The Good: SentinelOne AI EDR Stops LiteLLM Supply Chain Attack
SentinelOne demonstrated the power of autonomous, AI-driven endpoint protection when its Singularity Platform detected and blocked a trojanized version of LiteLLM—a popular proxy for LLM API calls—in real time, without any human intervention. The attack, which originated from a compromised security tool, involved attackers using stolen PyPI credentials to publish malicious LiteLLM versions that deployed a cross-platform data stealer. In one observed case, an AI coding assistant with unrestricted permissions unknowingly installed the infected package, highlighting a new attack surface. SentinelOne's behavioral AI identified suspicious execution patterns, such as base64-decoded payloads, and terminated the process chain in under 44 seconds while preserving full forensic visibility. The detection relied on observing behavior across processes, not on knowing the compromised package, allowing the platform to stop the attack regardless of how it entered the environment.
The Bad: Axios npm Compromise Delivers Cross-Platform RAT
In a major supply chain attack, the popular JavaScript HTTP client Axios had its npm account compromised, leading to the publication of malicious versions 1.14.1 and 0.30.4. These versions included a hidden dependency called "plain-crypto-js@4.2.1" that executed a post-install script to download and run platform-specific malware on macOS, Windows, and Linux systems. The malware connects to a command and control server, retrieves a second-stage payload, and then deletes itself while restoring clean-looking package files to evade detection. Researchers believe the attacker used a long-lived npm access token belonging to a core maintainer, and there are indications linking the malware to the North Korean threat group UNC1069. Users are advised to downgrade Axios immediately to versions 1.14.0 or 0.30.3, remove the malicious dependency, and rotate all credentials if exposure is suspected.
**The Ugly: Chrome Zero-Day CVE-2026-5281 Under Active Exploitation**
Google released emergency security updates for Chrome to address 21 vulnerabilities, including a high-severity zero-day tracked as CVE-2026-5281 that is actively being exploited in the wild. The flaw is a use-after-free bug in Dawn, an open-source implementation of the WebGPU standard used by Chromium. Successful exploitation allows an attacker who has already compromised the browser's renderer process to execute arbitrary code via a specially crafted HTML page. Google has withheld technical details to limit further abuse, but confirmed active exploitation. This is the fourth Chrome zero-day patched in 2026 so far, following flaws in Chrome's CSS component, Skia graphics library, and V8 JavaScript engine. The fix is available in Chrome version 146.0.7680.177/178 for Windows and macOS, and 146.0.7680.177 for Linux. CISA has added the flaw to its KEV catalog and mandated that federal agencies apply the patch by April 15, 2026.
Broader Implications
These incidents collectively highlight the growing sophistication and speed of attacks targeting the software supply chain. The LiteLLM and Axios compromises demonstrate that attackers are increasingly focusing on developer tools and package registries to distribute malware at scale, while the Chrome zero-day underscores the persistent risk of browser-based vulnerabilities. The ability of SentinelOne's AI to autonomously stop the LiteLLM attack in real time points to a necessary evolution in defense: behavior-based detection systems that can operate at machine speed, without relying on signatures or human analysts. As AI-driven attacks become more common, organizations must adopt similar autonomous defenses to close the gap between detection and compromise.