Jordan: Someone poisoned axios last night. If you don't know what axios is, ask your engineering team — and then ask them whether they audited their builds this morning. Eighty percent of cloud environments. North Korean fingerprints. A three-hour window that Huntress says was enough to compromise at least 135 systems in the first minute and a half. That's your cold open.

Alex: It's Thursday, April 2nd, 2026. You're listening to Cleartext. I'm Alex Chen, joined as always by Jordan Reeves. Today's episode is dense. We've got a major supply chain compromise that your AppSec team needs to be working right now, a source code leak from Anthropic that hands adversaries a blueprint for bypassing AI coding agent controls, Hasbro confirming operational disruption from a cyberattack, TA416 back targeting European governments, Iran coupling missile strikes with password-spraying campaigns, a zero-day in conferencing software hitting government networks through its own update mechanism, and a governance story that every CISO in this audience needs to hear about personal liability. Let's get into it.

Jordan: Let's start with axios because this one isn't theoretical. Attackers stole a long-lived npm access token from the lead maintainer of axios — the most widely used HTTP client library in JavaScript — and used it to publish two poisoned versions carrying a cross-platform RAT. macOS, Windows, Linux, all covered. The packages were live for roughly three hours before removal. Huntress confirmed 135 compromised systems within 89 seconds of publication. Wiz says axios is present in approximately 80 percent of cloud and code environments. Attribution points to UNC1069, which is a North Korean cluster. This is not a niche dependency someone snuck in. This is the plumbing.

Alex: And the operational question isn't whether you were exposed — it's whether you know. If you don't have artifact integrity verification, if your build pipelines are pulling from npm without locked digests, if you don't have visibility into what your CI/CD environments are executing, you are answering that question blind. The immediate actions are straightforward even if the execution isn't: audit your dependency locks, check your build logs for axios versions 1.8.3 and 1.8.4 specifically, and treat any system that ran a build in that three-hour window as potentially compromised until you can prove otherwise. The deeper issue is the long-lived token. That's a credential hygiene failure that became a supply chain event at internet scale. Your board doesn't need to understand npm to understand that sentence.

Jordan: Connected to this is the Anthropic Claude Code leak, and I want to be precise about what happened because the implications are different from a typical breach. Anthropic accidentally shipped a 59.8 megabyte source map file inside version 2.1.88 of the Claude Code npm package. That exposed 512,000 lines of unobfuscated TypeScript — the complete permission model, every bash security validator, 44 unreleased feature flags. Mirror repositories spread across GitHub within hours. Containment has effectively failed.

Alex: The risk model here shifts immediately. If you're running AI coding agents in your development environment — and most enterprises now are — you have to assume that the trust boundaries you thought existed in those tools have been publicly mapped by adversaries. The permission model is now documented. The validators are now documented. That's not a reason to pull the plug on AI-assisted development, but it is a reason to do a hard review of what those agents can access, what they can execute, and what human review checkpoints you actually have in place versus what you assumed were in place. The gap between policy and implementation just got a lot more dangerous to ignore.

Jordan: Before we move to the geopolitical layer, Hasbro. Major publicly traded company, cyberattack detected March 28th, proactively took systems offline, recovery expected to take several weeks, order processing and shipping disrupted, data exfiltration still being assessed. The forensic story isn't complete yet, but the operational story is already telling. Weeks of recovery. Revenue-affecting disruption. Public disclosure obligation.

Alex: What's useful about Hasbro for a board conversation is the sequencing. They detected it, they made the call to take systems offline proactively — that's the right call — and they're still looking at weeks of recovery. That's not a failure of detection. That's the reality of remediation at scale. If your board thinks fast detection means fast recovery, Hasbro is a useful data point to correct that assumption. Resilience investment and recovery planning are not the same line item as detection investment, and both matter.

Jordan: Now the geopolitical picture. Two stories that tell a coherent story about state actors using cyber as a direct complement to political and military objectives. First: TA416 is back. This is a Chinese state-backed group that Proofpoint tracks, and they've resumed cyberespionage operations targeting European governments after what appears to have been a deliberate multi-year pause. High confidence attribution. The driver is the shift in European-Chinese relations — trade friction, Taiwan policy divergence, EU regulatory pressure on Chinese tech. When geopolitics moves, the targeting lists move with it.

Alex: The practical implication for this audience is about adjacency. You may not be a European government, but if your organization has relationships with European government clients, European defense contractors, European policy institutions, or if you're an NGO doing policy work — you are now adjacent to a targeting set that just got reactivated. Chinese APT tradecraft in this context tends to be patient, credential-focused, and very good at living off the land. If you haven't revisited your threat model against that tradecraft recently, this is the prompt.

Jordan: The second geopolitical story is Iran, and this one is strategically significant. Iran-linked actors are running password-spraying campaigns against Middle Eastern city government systems with a specific operational goal: degrade municipal response capabilities during and after missile strikes. That's not opportunistic. That's coordinated. Cyber and kinetic, synchronized.

Alex: For most CISOs in this audience, the direct operational exposure here is limited. But the strategic lesson is not. We have now documented, attributed cases of a nation-state using cyberattacks to suppress emergency response to physical attacks. If you have any presence in contested regions — operations, facilities, third-party relationships — the threat model now explicitly includes physical-digital coordination. That conversation belongs in your crisis planning, not just your security program.

Jordan: One more before governance. The TrueConf zero-day. CVE-2026-3502. China-nexus attackers exploited a vulnerability in TrueConf — a videoconferencing platform specifically designed to run on private LANs without internet access — and turned its own trusted update mechanism into a malware delivery vector across Southeast Asian government networks. Check Point has the research. The attack chain is elegant and straightforward: compromise the update process, let the legitimate software distribute the payload to every connected endpoint.

Alex: The line I want to highlight is "designed without internet access." Organizations choose tools like TrueConf precisely because the isolation feels like security. The lesson is that isolation is a threat surface reduction strategy, not a trust establishment strategy. If your update mechanism trusts a signature without additional integrity controls, isolation doesn't protect you from a compromised update. Audit your air-gapped and LAN-only tools with the same rigor you'd apply to anything internet-facing.

Jordan: Governance. The BankInfoSecurity piece on CISO liability is worth reading in full, but here's the operational summary: regulators are pursuing personal accountability for CISOs after major breaches. That trend is changing how security leaders communicate risk — and not for the better. When personal liability is on the table, the rational response is to document defensively, hedge language, and avoid the kind of direct risk communication that actually helps boards make decisions. The piece notes this is making the role less attractive to experienced practitioners. Both of those downstream effects are bad for the industry.

Alex: I'll be direct about this because it's personal for a lot of people in this audience. If you don't have D&O coverage that explicitly covers your security decisions, you need to fix that today. If your employment contract doesn't specify what decisions are yours versus the CEO's or board's to make, that ambiguity is your liability. And if your reporting structure puts you in a position where you're accountable for outcomes you don't have authority to control — that's a governance failure your company needs to own, not a risk you should absorb personally. Document everything. Get counsel. Don't wait for a breach to find out where the lines are.

Jordan: Brief note on HHS. They're moving cybersecurity, cloud, and AI oversight back under the CIO office, reversing Biden-era changes. For healthcare CISOs, this is a compliance posture story. Federal regulatory touchpoints are shifting. If your team has existing relationships or reporting flows tied to the previous structure, map those now before something falls through a bureaucratic gap during a reorganization.

Alex: And Qodo raising $70 million to govern AI-generated code at scale. The signal here is market validation. AI-generated code is proliferating faster than the governance frameworks to manage it. If you don't have AI code governance in your AppSec program yet, you're already behind, and the capital flowing into this space tells you it's not optional much longer.

Jordan: The theme this week, if you want to call it one, is trust infrastructure. The axios attack exploited trusted package delivery. The TrueConf attack exploited trusted software updates. The Claude Code leak exposes the internals of trusted AI tooling. TA416 targets trusted government relationships. Every vector this week runs through something that was trusted.

Alex: And that's not a coincidence. Sophisticated actors, state-backed or otherwise, have understood for years that perimeter attacks are expensive and trust attacks are cheap. The asymmetry is the point. Your zero-trust architecture work, your supply chain integrity controls, your software bill of materials discipline — that's not hygiene work. That's the strategic response to the actual threat model. If you're having trouble making that case to your CFO, this week's news cycle is your presentation.

Jordan: Watch for more axios attribution detail over the next 48 hours. The UNC1069 link is assessed with moderate confidence right now and I expect that picture to sharpen.

Alex: That's Cleartext for Thursday, April 2nd. If this episode was useful, share it with someone who needed it. We're back tomorrow. Stay sharp.