Software supply chains currently face diverging targeting methodologies. Defensive teams are managing a situation where high-volume, AI-assisted automation tests CI/CD pipelines for misconfigurations, while state-sponsored actors concurrently use patient, long-term social engineering to compromise trusted code libraries. Recent details regarding the "prt-scan" campaign on GitHub and the compromise of the Axios NPM package show a clear shift in the baseline for supply chain security.
The threat environment shows a professionalization of these operations, moving away including sporadic manual efforts toward industrialized systems. The "prt-scan" campaign utilized AI-assisted automation and initiate over 500 unauthorized access attempts against GitHub repositories. Though the success rate was below 10%, the scale of the effort. Unfolding across six waves using six different accounts—allowed a single actor to impact dozens of environments and introduce unauthorized code into at least two NPM packages. This campaign focused specifically on the pull_request_target trigger in GitHub Actions. This feature can inadvertently allow workflows to run with elevated permissions when triggered by untrusted forks if not strictly configured.
In a different approach from automated campaigns, the North Korean group UNC1069 employed a systematic social engineering strategy to compromise the lead maintainer of Axios, a library downloaded over 100 million times weekly. This high-fidelity operation prioritized patience over volume. The actors spent weeks building rapport, eventually inviting the maintainer to a convincing Slack workspace and a spoofed Microsoft Teams meeting. During the call, they prompted the installation of a "technical update," which deployed a remote access Trojan (RAT). This compromise provided full control over the developer’s workstation, bypassing two-factor authentication (2FA) by capturing the post-authentication state. Consequently, the actors were able to publish unauthorized versions of Axios directly to the NPM registry.
Alongside these supply chain risks, a critical zero-day vulnerability in Fortinet’s infrastructure requires immediate attention. Fortinet issued an emergency patch for CVE-2026-35616, a critical pre-authentication API access bypass in FortiClient Endpoint Management Server (EMS). With a CVSS score of 9.1, this vulnerability allows an unauthenticated party to execute arbitrary code or commands. The Cybersecurity and Infrastructure Security Agency (CISA) added this to its Known Exploited Vulnerabilities catalog, setting an April 9 remediation deadline for federal agencies. Security researchers have noted public proof-of-concept code on GitHub. While unauthorized activity appears limited to a single source at present, the availability of public access methods indicates a high probability of broader targeting.
Compounding current security priorities is the UAT-10608 campaign, a large-scale automated credential harvesting operation targeting public-facing Next.js applications. This campaign leverages the React2Shell vulnerability (CVE-2025-55182), a pre-authentication remote code execution flaw in React Server Components. Unauthorized actors are using automated scanners, likely utilizing services like Shodan—to locate vulnerable endpoints and deploy the NEXUS Listener framework. Acting as a command-and-control platform with a built-in search interface, this framework allows operators to systematically index and exfiltrate environment secrets, SSH keys, and cloud tokens from compromised hosts globally.
Detection and Remediation Opportunities
For defenders, understanding the technical mechanics of these campaigns provides clear detection opportunities. To identify Next.js targeting, security teams should monitor web application hosts for unexpected processes originating from the /tmp/ directory, particularly those with randomized, dot-prefixed names. Unusual nohup invocations that disconnect from standard application workflows also strongly indicate NEXUS Listener activity. On the network side, defenders should investigate any outbound HTTP/S connections from application containers that do not align with verified production endpoints. For organizations managing Fortinet environments, applying the emergency hotfix for versions 7.4.5 and 7.4.6 is the highest priority, as version 7.4.7 is pending its standard release.
Hardening the development environment requires a move toward stricter CI/CD governance. The prt-scan activity demonstrates the value of requiring manual approval for all outside collaborators before allowing any GitHub Action workflows to execute. Additionally, teams should configure the default state for the GITHUB_TOKEN to read-only.
The Axios incident offers a challenging lesson: traditional identity protections like 2FA may not protect a targeted developer’s workstation. Organizations can improve their resilience by isolating development environments from everyday communication tools and implementing continuous monitoring for unauthorized package publications. If an organization finds it has used the affected Axios versions (1.14.1 or 0.30.4), simply updating the library is insufficient. All secrets and credentials present on the affected developer’s machine or within the CI/CD runners must be rotated immediately to secure the environment.
These developments signal a lasting shift in how software ecosystems are targeted. Automation has lowered the barrier to entry for wide-scale operations, while sophisticated social engineering continues to advance. The long-term methodology seen in the Axios incident indicates that maintainers of high-impact open-source projects are now primary intelligence targets, similar to historically targeted executive roles. We anticipate more campaigns blending these approaches, utilizing automation for target identification and refined social engineering to gain access.
Currently, it remains unclear whether the prt-scan actor was experimental or preparing more refined automation scripts. Furthermore, while Fortinet has addressed the immediate API bypass, threat actors frequently target management infrastructure using secondary access methods after the initial patch cycle. Security teams should maintain vigilance for anomalous activity even after applying the latest fixes. Triage researchers continue to work alongside our partners to ensure these detection and remediation strategies are effectively integrated into their defenses.