Threat Intelligence

Adversary tradecraft, campaign breakdowns, and what the data is telling us.

Lazarus Poisons axios: A 100-Million-Download npm Package, Owned for Three Hours

DPRK's Lazarus stole one maintainer token and pushed a trojanized axios to npm — a library in 80% of cloud environments. The blast radius was global; the exposure window was three hours. Here's the kill chain, the cross-platform RAT, and every IOC.

EagleEye Security TeamJune 8, 2026

Threat Intelligence13 min read

CVE-2026-20131: How Interlock Turned a Cisco Firewall Into Root for 36 Days

Interlock ransomware exploited a maximum-severity deserialization flaw in Cisco Secure FMC as a zero-day for 36 days before a patch existed — owning the management plane of enterprise firewall estates. Here's the kill chain, the IOCs, and how to hunt it.

EagleEye Security TeamJune 8, 2026