Today’s threat landscape is dominated by critical vulnerabilities in widely used developer tools and a surge in supply chain attacks targeting software repositories. The immediate priority is patching self-hosted API platforms and scrutinizing npm dependencies, as attackers exploit these vectors to steal sensitive data, hijack infrastructure, and compromise developer environments.
Critical Vulnerabilities in Popular Developer Tools
Two high-severity vulnerabilities in essential developer and e-commerce platforms demand immediate action. The open-source API development ecosystem Hoppscotch contains a critical flaw (CVE-2026-28215) in versions prior to 2026.2.0. An unauthenticated attacker can overwrite the entire infrastructure configuration of a self-hosted instance—including OAuth and SMTP settings—with a single HTTP POST request to /v1/onboarding/config. Simultaneously, the EverShop eCommerce platform has a severe information disclosure flaw (CVE-2026-28213) in its “Forgot Password” function. Prior to version 2.1.1, the API response returns the password reset token when a target email is specified, enabling instant account takeover.
Malicious npm Packages and Software Supply Chain Threats
The software supply chain is under active assault. Researchers discovered a malicious npm package, mouse5212-super-formatter, designed to exfiltrate files from the /mnt/user-data directory—a dedicated storage location used by Anthropic’s Claude AI. This represents a targeted attack on developer environments and AI tooling. This threat coincides with the reported disruption of the Glassworm botnet, which used Solana blockchain and BitTorrent DHT for resilient command-and-control to target developers in software supply-chain attacks. These incidents underscore the persistent risk posed by poisoned dependencies in public repositories.
Banking Malware Campaigns and Cryptojacking Operations
Financially motivated attacks are targeting both desktop and mobile users with sophisticated lures. Banking trojan campaigns are deploying Grandoreiro malware against Windows users and BTMOB RAT against Android devices, primarily in Latin America and Europe. These campaigns use Portuguese and Spanish language lures targeting financial sectors. Separately, Microsoft has detailed a cryptojacking operation using SEO poisoning and abused ScreenConnect installers to target high-performance PCs for GPU mining. Malicious sites for this campaign are also being surfaced through AI chatbots, expanding their reach.
Proactive Defense and Infrastructure Hardening
Beyond urgent patching, several strategic actions can mitigate today’s highlighted risks. For Active Directory environments, enforcing strong password policies without crippling usability is possible by implementing passphrases, breached password protection, and self-service resets. For media processing infrastructure, four newly discovered heap-based buffer overflow vulnerabilities in MediaArea’s MediaInfoLib require proactive monitoring for patches and the implementation of exploit mitigations like Control Flow Guard and ASLR.
Organizations must immediately upgrade Hoppscotch to version 2026.2.0 or later and EverShop to 2.1.1 or later. Security teams should block the malicious npm package mouse5212-super-formatter across all development environments and implement filesystem monitoring for access to the /mnt/user-data directory. Finally, deploy EDR rules to detect Grandoreiro execution patterns and update email gateways to flag emails with Portuguese/Spanish financial lures.