Recent cybersecurity incidents include a major Axios npm supply chain attack, critical vulnerabilities in Fortinet’s FortiClient EMS, and a significant data breach at the European Commission.

Key Points

• Attackers compromised Axios npm packages to distribute remote access trojans, contributing to a broader wave of supply chain intrusions.
• Fortinet issued emergency hotfixes for a zero-day authentication bypass (CVE-2026-35616) and a SQL injection vulnerability in FortiClient EMS.
• ShinyHunters were identified as the threat actors behind a 340 GB data breach affecting the European Commission’s cloud infrastructure.
• Google patched a Chrome zero-day (CVE-2026-5281) currently being exploited in the wild.
• Hasbro confirmed a cyberattack that forced the company to take internal systems offline for recovery.
• A Maryland man was charged for stealing over $50 million from the Uranium Finance cryptocurrency exchange.

Why it Matters

These events highlight the escalating risks posed by software supply chain compromises and the rapid exploitation of zero-day vulnerabilities in enterprise infrastructure. Organizations must prioritize robust patch management and supply chain security to defend against increasingly sophisticated attacks targeting both internal systems and third-party dependencies.