HomeIntelligenceBrief
BREACH BRIEF🟠 High ThreatIntel

Malwarebytes Weekly Security Roundup (Mar 30–Apr 5) Flags Phishing Job Offers, Apple DarkSword Patch, npm Supply‑Chain Attack, and WhatsApp Windows Campaign

Malwarebytes Labs highlighted a series of emerging threats, from credential‑phishing job offers and new Apple iOS patches to a supply‑chain compromise of the npm registry and a WhatsApp‑on‑Windows malware campaign. The briefing underscores the need for rapid patching, supply‑chain hygiene, and robust phishing defenses across third‑party relationships.

LiveThreat™ Intelligence · 📅 April 07, 2026· 📰 malwarebytes.com
🟠
Severity
High
TI
Type
ThreatIntel
🎯
Confidence
High
🏢
Affected
4 sector(s)
Actions
5 recommended
📰
Source
malwarebytes.com

Malwarebytes Weekly Security Roundup (Mar 30 – Apr 5): Phishing Job‑Offer Lures, Apple “DarkSword” Patch, npm Supply‑Chain Attack, WhatsApp Windows Campaign, and More

What Happened — Malwarebytes Labs published a weekly roundup covering ten distinct security stories, including a credential‑phishing campaign masquerading as dream‑job offers from Coca‑Cola and Ferrari, Apple’s expansion of “DarkSword” patches to iOS 18.7.7, a third‑party audit of Malwarebytes Privacy VPN, a supply‑chain compromise of the npm registry reported by Axios, and a new WhatsApp‑on‑Windows malware campaign flagged by Microsoft.

Why It Matters for TPRM

  • Phishing lures targeting high‑profile brands increase the risk of credential theft from partner employees.
  • Unpatched or newly‑patched OS vulnerabilities can affect any vendor that supplies devices or software to your organization.
  • Supply‑chain attacks on widely‑used package managers (npm) can cascade into downstream services you rely on.
  • Third‑party audits (e.g., VPN) highlight the importance of verifying security controls of SaaS providers.

Who Is Affected — Technology / SaaS vendors, cloud service providers, endpoint security firms, payroll/HR platforms, and any organization that integrates npm packages or uses WhatsApp for business communications.

Recommended Actions

  • Conduct phishing‑simulation training and enforce MFA for all employees, especially those with access to privileged accounts.
  • Verify that all Apple devices in your environment are running iOS 18.7.7 or later and that “DarkSword” patches are applied.
  • Review your software‑bill‑of‑materials (SBOM) for npm dependencies; apply any security updates immediately.
  • Request the full third‑party audit report for Malwarebytes Privacy VPN (or any VPN service you use) and confirm remediation of any findings.
  • Monitor Microsoft advisories for WhatsApp on Windows and enforce application whitelisting.

Technical Notes

  • Attack vectors: Phishing (credential‑theft), vulnerability exploitation (iOS “DarkSword”), supply‑chain compromise (npm registry), malware distribution via compromised WhatsApp Windows client.
  • CVEs: Apple’s “DarkSword” patches address CVE‑2025‑XXXX (remote code execution) and CVE‑2025‑YYYY (privilege escalation).
  • Data types: Potential exposure of login credentials, personal identifying information (PII), and proprietary code from compromised npm packages.

Source: Malwarebytes Labs – A week in security (Mar 30 – Apr 5)

📰 Original Source
https://www.malwarebytes.com/blog/news/2026/04/a-week-in-security-march-30-april-5-2

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

Monitor Your Vendor Risk with LiveThreat™

Get automated breach alerts, security scorecards, and intelligence briefs when your vendors are compromised.

Start Free Trial → Learn About Scorecards
← All Intelligence Briefs Breach Watch Feed →