NPM Malware, Top IRS Scams 2026, and SonicWall Security Failings - Blumira Briefings

Show Notes

Welcome to Blumira Briefings, bringing you a weekly download of the top headlines and trends for your security practice.

*This week's episode:*

-  Another software supply chain hit: Typosquatted npm packages are harvesting creds and propagating through dev environments.
- Tax season is open season for threat actors: refund hijacking, credential phishing, and payroll fraud risks are escalating for businesses and their employees.
- When perimeter security becomes the liability: Marquis claims compromised firewall data paved the way for ransomware.

Like the new format? Have a security topic you want us to cover? Let us know in the comments!

*Sources:*
- Self-spreading npm malware targets developers in new supply chain attack: https://www.helpnetsecurity.com/2026/02/24/npm-worm-sandworm-mode-supply-cain-attack
- Taxing times: Top IRS scams to look out for in 2026: https://www.welivesecurity.com/en/scams/taxing-times-top-irs-scams-look-out-2026
- Marquis sues firewall provider SonicWall, alleges security failings with its firewall backup led to ransomware attack: https://techcrunch.com/2026/02/24/marquis-sonicwall-lawsuit-ransomware-firewall-breach

*Chapters:*
0:00 Intro
0:31 Self-Spreading NPM Malware
3:54 IRS Scams 2026 Edition
10:18 SonicWall Security Failings