In March 2026, researchers identified significant supply chain compromises involving widely used development tools. The axios npm package suffered an account takeover, leading to the distribution of malicious versions containing a remote access trojan (RAT) dropper targeting macOS, Windows, and Linux. Similarly, the threat group TeamPCP targeted the Python Package Index (PyPI) by compromising the LiteLLM project through its CI/CD pipeline, highlighting a growing trend of attackers exploiting maintainer credentials to inject malicious dependencies. Beyond supply chain attacks, there has been a notable surge in Microsoft Teams phishing paired with email bombing. Attackers flood a victim's inbox to create a sense of urgency, then pose as IT support via Teams to guide users into installing remote monitoring and management (RMM) tools like Quick Assist.…