Axios Compromised, Chrome Zero-Day, and WhatsApp Malware - Blumira Briefings

Show Notes

Axios Compromised, Chrome Zero-Day, and WhatsApp Malware - Blumira Briefings

Welcome to Blumira Briefings, your top headlines and trends for your security practice.

This week's episode:

- The npm account for Axios, a JavaScript library with over 100 million weekly downloads, was compromised by threat actors who published malicious versions (1.14.1 and 0.30.4) containing remote access trojan (RAT) malware.
- Google has released an emergency security update for its Chrome web browser, addressing a high-severity zero-day vulnerability, identified as CVE-2026-5281, which is actively being exploited by malicious actors.
- Microsoft has issued a warning regarding a new malware campaign that targets WhatsApp users, exploiting social engineering tactics to trick them into executing malicious Visual Basic Script (VBS) files. This campaign, active since late February, aims to establish persistent remote access to infected systems.

Have a security topic you want us to cover? Let us know in the comments!

--

Sources:
Attackers hijack Axios npm account to spread RAT malware
https://securityaffairs.com/190221/security/attackers-hijack-axios-npm-account-to-spread-rat-malware.html
--
Google fixes actively exploited Chrome zero-day flaw, update now
https://cyberinsider.com/google-fixes-actively-exploited-chrome-zero-day-flaw-update-now/
--
WhatsApp malware campaign uses malicious VBS files to gain persistent access
https://www.csoonline.com/article/4153092/whatsapp-malware-campaign-uses-malicious-vbs-files-to-gain-persistent-access.html