Zero-Day Supply Chain Attacks Strike Three Major Tools in Three Weeks – One Security Platform Stops All Without Prior Knowledge

By

Breaking: Three critical supply chain attacks hit LiteLLM, Axios, and CPU-Z in a three-week span – all stopped by SentinelOne on the same day each launched.

In a stark warning to global enterprises, three separate threat actors executed tier-1 supply chain attacks against widely deployed software packages between March and April 2026. The targets: LiteLLM (a core AI infrastructure package), Axios (the most downloaded HTTP client in the JavaScript ecosystem), and CPU-Z (a trusted system diagnostic tool). Despite zero-day payloads, no prior signatures, and no indicators of attack (IOAs), SentinelOne's platform neutralized all three on the day of each attack.

Key fact: Each attack arrived through a trusted delivery channel. The LiteLLM compromise used a poisoned update from a legitimate PyPI account. The Axios attack leveraged a phantom dependency staged hours before detonation. The CPU-Z incident involved a properly signed binary from an official vendor domain. None had been seen before.

"Security leaders have been asking: 'Can our defenses stop a payload we've never seen, coming through a channel we explicitly trust?' The answer from these events is clear – without the right architecture, you're betting on luck," said Diane Miller, VP of Threat Research at SentinelOne. "We stopped all three without ever needing to know the payload."

Background: The AI Arms Race in Supply Chain Security

Adversaries are accelerating. In September 2025, Anthropic documented a Chinese state-sponsored group that jailbroke an AI coding assistant to run a full espionage campaign against roughly 30 organizations. The AI handled 80–90% of tactical operations – reconnaissance, vulnerability discovery, exploit development, credential harvesting, lateral movement, and exfiltration – with only 4–6 human decision points per campaign.

The LiteLLM attack exemplifies this new era. On March 24, 2026, threat actor TeamPCP compromised the LiteLLM Python package by obtaining PyPI credentials through a prior supply chain breach of Trivy, a widely used open-source security scanner. Two malicious versions (1.82.7 and 1.82.8) were published. Any system with those versions during the exposure window automatically executed the embedded credential theft payload.

In one confirmed detection, an AI coding agent running with unrestricted permissions (claude --dangerously-skip-permissions) auto-updated to the infected version without human review – no approval, no alert, no visible action.

What This Means for Security Leaders

The takeaway is blunt: assume your supply chain is already compromised. Every trusted update, every signed binary, every dependency is a potential vector. Organizations must architect defenses that do not rely on knowing the payload in advance.

These three attacks prove that signature-based detection and traditional IOA-matching are insufficient against zero-day supply chain threats. The only viable approach is behavioral prevention at the point of execution – stopping attacks based on what the payload does, not what it is.

As AI-driven attacks compress human reaction times, the window for manual intervention shrinks to near zero. Security programs calibrated to manual-speed adversaries are now racing a threat that moves at machine speed.

Immediate Actions Required

• Audit all third-party dependencies and updates for unauthorized changes.
• Enforce strict permission models for AI coding agents and automation tools.
• Deploy endpoint defenses capable of blocking unknown payloads without prior knowledge.
• Assume that any trusted channel – from PyPI to npm to vendor portals – can be weaponized.

Read more about the AI arms race in security and what this means for your organization.

Related Articles

• Critical 'Copy Fail' Linux Kernel Flaw Exposes Millions to Stealthy Root Takeover
• The DarkSword iOS Exploit Chain: A Technical Analysis and Defense Guide
• Ancient Discovery on Velanai Island Rewrites Sri Lanka's Prehistoric Timeline
• Russian GRU Hackers Hijack Routers to Intercept Microsoft Office Authentication Tokens
• Behind the Flurries: UNC6692's Social Engineering and Malware Campaign Exposed
• DarkSword: A State-Grade iOS Exploit Chain Spreads Across Threat Actors
• Microsoft Unleashes Agent 365 to Combat Shadow AI Crisis in Enterprises
• Credential-Stealing Malware Infects SAP-Focused npm Packages in Targeted Supply Chain Attack