This week’s Cyber Express roundup summarizes a wave of high-impact incidents—from the Hasbro operational disruption and the Mercor/LiteLLM supply-chain compromise linked to TeamPCP and Lapsus$, to Lazarus Group’s Axios library attack, the FBI director’s email leak, and the CareCloud health-records breach. The report emphasizes that organizations must strengthen supply-chain oversight, enforce robust access controls, and prioritize rapid incident response to remain resilient against converging criminal and nation-state threats. #Hasbro #LiteLLM #TeamPCP #LazarusGroup #CareCloud #HandalaHackTeam
Keypoints
- Hasbro detected unauthorized network access on March 28, 2026, and implemented containment and contingency measures.
- Mercor’s breach originated from a malicious LiteLLM package update, affecting thousands of organizations.
- Lazarus Group is attributed with inserting a malicious dependency into the Axios JavaScript library to gain backdoor access.
- Hackers linked to Iran and the Handala Hack Team compromised FBI Director Kash Patel’s personal email in a hack-and-leak operation.
- CareCloud experienced an electronic health record system intrusion, raising potential exposure of sensitive patient data.
Read More: https://thecyberexpress.com/tce-weekly-roundup-ransomware-supply-chain/