Originally reported by Security Affairs, The Record
TL;DR
CISA confirmed active exploitation of a use-after-free vulnerability in Google Dawn by adding it to the KEV catalog. Meanwhile, Google attributed the recent Axios npm supply chain compromise to North Korean threat group UNC1069, while ransomware operators continue targeting critical infrastructure including water treatment facilities.
CISA's addition of CVE-2026-5281 to the KEV catalog confirms active exploitation of a critical vulnerability in Google Dawn. Combined with confirmed North Korean APT activity targeting the npm supply chain, this represents immediate threats to enterprise infrastructure.
CISA added CVE-2026-5281, a use-after-free vulnerability in Google Dawn with a CVSS score of 8.8, to its Known Exploited Vulnerabilities catalog. The addition signals confirmed active exploitation of the flaw in the wild.
Google Dawn serves as the WebGPU implementation for Chromium-based browsers and native applications. The use-after-free condition could allow attackers to execute arbitrary code, making it a high-value target for threat actors seeking to compromise systems running Dawn-enabled applications.
Federal agencies must remediate the vulnerability by the CISA-mandated deadline, while private sector organizations should prioritize patching given the confirmed active exploitation status.
Google attributed the recent compromise of the popular Axios npm package to UNC1069, a North Korean threat group focused on financial gain. The supply chain attack targeted developers and organizations relying on the widely-used HTTP client library.
John Hultquist from Google's threat intelligence team confirmed the attribution, marking another instance of North Korean actors leveraging supply chain vectors for monetary objectives. The compromise of Axios, with millions of weekly downloads, demonstrates the significant reach these attacks can achieve.
Organizations using Axios should verify package integrity and review dependency management processes to detect potential compromise indicators.
Decentralized finance platform Drift suspended operations following a security incident that security experts believe resulted in hundreds of millions of dollars in stolen cryptocurrency. The Solana-based platform confirmed the cyberattack on Wednesday.
The incident highlights persistent vulnerabilities in DeFi protocols, where smart contract flaws and operational security gaps continue to provide lucrative targets for cybercriminals. The scale of the alleged theft ranks among the largest cryptocurrency heists recorded.
Drift has not disclosed technical details of the compromise or provided a timeline for service restoration.
Nissan acknowledged that stolen data originated from a third-party vendor after a hacking group claimed to have breached file-transfer systems serving Nissan and Infiniti dealerships across North America. The automaker stated no indication exists that customer information was accessed or compromised.
The incident underscores supply chain risks where third-party vendors become attack vectors for reaching primary targets. While Nissan maintains customer data remains secure, the breach demonstrates how threat actors continue exploiting vendor relationships to access corporate networks.
The identity of the claiming hacking group and the scope of accessed data remain undisclosed.
The city of Minot, North Dakota reported a March ransomware attack against its water treatment facility. City officials emphasized that operations continue normally despite the security incident.
The attack represents another instance of ransomware operators targeting critical infrastructure, specifically water and wastewater systems that CISA has identified as priority protection sectors. While operational continuity was maintained, the incident demonstrates persistent threats to essential services.
No details were provided regarding the ransomware variant involved or whether ransom demands were made.
Originally reported by Security Affairs, The Record
