TL;DR — 15 Second Read
- →North Korea backdoored the Axios npm package (183M weekly downloads) with the Waveshaper v2 malware
- →Adobe Reader zero-day is actively exploited via fake invoice PDFs — no patch exists yet
- →Docker AuthZ plugin bypass (CVE-2026-34040) allows full host takeover from inside a container
- →North Korea's UNC4736 stole $285M from Drift Protocol after 6 months of social engineering
This week brought a surge of high-severity threats across the software supply chain, container infrastructure, PDF readers, and DeFi platforms. North Korean threat actors made headlines twice — backdooring a massively popular npm package and pulling off a $285 million DeFi heist after months of patient social engineering. Here's everything covered on CyberTimes this week.
Affected products
- ·npm / Node.js
- ·Adobe Reader / Acrobat
- ·Docker Engine
- ·DeFi platforms
- ·Next.js applications
How to Fix
Step-by-step remediation
For npm: run 'npm audit' and check your package-lock.json for compromised Axios versions. For Adobe Reader: Edit → Preferences → JavaScript → uncheck 'Enable Acrobat JavaScript'. For Docker: update to the latest Docker Engine release and audit your AuthZ plugin configuration. For DeFi: revoke all unnecessary wallet approvals via revoke.cash.
What happened
- 1npm Supply Chain Attack: North Korea's UNC1069 embedded the Waveshaper v2 backdoor into the Axios npm package, which receives 183 million weekly downloads. Any project depending on a compromised version was silently infected.
- 2Adobe Reader Zero-Day: Attackers are delivering malicious PDF invoices that exploit an unpatched Adobe Reader flaw to execute code. With no official patch available, millions of users remain exposed.
- 3Docker Container Escape: CVE-2026-34040 allows attackers inside a Docker container to bypass the AuthZ plugin and gain full host access. AI agents running in containers can trigger this automatically.
- 4$285M Drift Protocol Hack: UNC4736 (Lazarus Group) spent six months posing as a legitimate developer, building trust before draining the entire protocol in under 10 seconds.
Real-World Impact
The Axios backdoor potentially exposed thousands of production Node.js applications to credential theft and remote access. The Adobe zero-day is being actively used in phishing campaigns targeting finance teams. The Docker escape flaw is particularly concerning for AI infrastructure where containers run with elevated privileges.
Technical Details
"The combination of supply chain attacks, zero-days with no patch, and container escapes in a single week underscores why defence-in-depth is non-negotiable in 2026."
— CyberTimes Security Team
🛡️ Prevention Tips
Lock npm dependency versions with exact version pinning. Treat unexpected PDF attachments as hostile regardless of sender. Run containers with the principle of least privilege. Never connect DeFi wallets to unverified protocols.
FAQs
Which Axios versions were backdoored?
Audit your specific version using 'npm audit' — the compromised packages were published under typosquatted names mimicking the official Axios package.
Is there a patch for the Adobe Reader zero-day?
No. Adobe has not released a patch as of April 11, 2026. Disabling JavaScript in Adobe Reader is the only mitigation available right now.
Am I at risk from the Docker flaw if I use Docker Desktop?
CVE-2026-34040 primarily affects Docker Engine on Linux servers. Docker Desktop users on Mac/Windows have a different architecture and are less directly exposed.
Read Next
axios · npm
North Korea's UNC1069 Backdoored Axios npm Package — 183 Million Weekly Downloads Exposed to WAVESHAPER.V2 Backdoor
adobe reader · zero day
Adobe Reader Zero-Day Actively Exploited via Fake Invoice PDFs — No Patch Available Yet
cve 2026 34040 · docker
CVE-2026-34040: Docker AuthZ Plugin Bypass Lets Attackers Escape Containers and Gain Full Host Access — AI Agents Can Trigger It Automatically
north korea · dprk
$285 Million Drift Hack: North Korea's UNC4736 Spent Six Months Building Trust Before Draining Everything in 10 Seconds
npm · strapi