SentinelOne's weekly cybersecurity roundup for Week 14 of 2026 covers three major storylines: a supply chain attack on the LiteLLM AI package stopped in real time, the weaponization of the Axios HTTP library against developers, and a new Chrome zero-day enabling remote code execution.
The Good: SentinelOne Stops LiteLLM Supply Chain Attack in Real Time
In a rare example of a supply chain attack being stopped as it unfolded, SentinelOne researchers detected and blocked a malicious version of the LiteLLM Python package before it could cause widespread harm. LiteLLM is a popular open-source library used to route API calls across multiple large language model providers — widely used in AI application development.
The malicious package version contained a backdoor designed to:
- Exfiltrate environment variables (commonly used to store API keys for OpenAI, Anthropic, and other AI providers)
- Establish persistence on compromised developer machines
- Harvest credentials stored in cloud configuration files
SentinelOne's detection was credited to behavioral analysis flagging unusual package behavior at install time. The malicious version was quickly removed from PyPI, but not before being downloaded by a number of organizations — several of which have since disclosed breaches tied to the incident, including Mercor, the AI hiring platform.
This incident follows a growing pattern of threat actors targeting AI tooling supply chains, recognizing that developers working on AI applications often hold valuable API keys and cloud credentials.
The Bad: Axios npm Package Weaponized to Deploy Cross-Platform RAT
The Axios JavaScript HTTP client — one of the most downloaded packages in the npm ecosystem — was weaponized in a sophisticated supply chain attack attributed to North Korean threat group UNC1069. A malicious version of the package was pushed to npm via a compromised maintainer account, and was downloaded by thousands of developers before being detected.
| Attack Detail | Description |
|---|---|
| Package | axios (npm) |
| Attack Method | Compromised maintainer account |
| Payload | Cross-platform remote access trojan (RAT) |
| Attribution | UNC1069 (North Korea-linked) |
| Targets | JavaScript developers, CI/CD pipelines |
The malicious version deployed a cross-platform RAT capable of running on Windows, macOS, and Linux. The trojan established a persistent backdoor on developer machines and CI/CD build environments, potentially enabling the attackers to:
- Steal source code from compromised developer workstations
- Inject malicious code into software being built in compromised CI/CD environments
- Exfiltrate credentials, API keys, and secrets stored in development environments
Google's Threat Intelligence Group (GTIG) separately attributed the attack to North Korean operators, consistent with UNC1069's prior campaigns targeting software developers and cryptocurrency projects.
The Ugly: Chrome Zero-Day Enables Remote Code Execution
A new zero-day vulnerability in Google Chrome — designated CVE-2026-5281 — was disclosed and patched this week after being found under active exploitation. The flaw, a type confusion vulnerability in the V8 JavaScript engine, enables remote code execution when a victim visits a specially crafted webpage.
This marks the fourth Chrome zero-day exploited in the wild in 2026, maintaining a concerning cadence of browser-based RCE vulnerabilities.
| Attribute | Detail |
|---|---|
| CVE | CVE-2026-5281 |
| Component | V8 JavaScript Engine |
| Type | Type Confusion |
| Impact | Remote Code Execution |
| Exploitation | Confirmed in the wild |
| Fixed in | Chrome 136.x |
Exploitation was reported against both Windows and macOS targets. Google has not publicly attributed the exploitation activity but noted that it was used in targeted attacks — a phrase typically indicating nation-state or sophisticated cybercriminal involvement.
Users and organizations should ensure Chrome is updated to the latest version immediately.
Key Takeaways for Security Teams
-
AI tooling is now a prime supply chain target — developers building AI applications should verify package integrity and monitor for unauthorized LiteLLM or other AI SDK versions in their environments
-
Axios compromise underscores npm ecosystem risk — even widely trusted, high-download packages can be compromised through maintainer account takeover; adopt lockfile pinning and integrity verification in CI/CD
-
Patch Chrome immediately — CVE-2026-5281 is being actively exploited; organizations should push the update via MDM or patch management tooling as a priority
-
Rotate any credentials exposed in compromised dev environments — if LiteLLM or Axios malicious versions ran in your environment, treat all stored API keys and cloud credentials as compromised
Source: SentinelOne — April 3, 2026