Supply Chain Cascade Timeline (March 24 - April 3)

Entity ID: ent-20260419-40d55b9e5847
Type: concept
Scope: shared
Status: active
Aliases: supply chain cascade, five-day cascade, Coder.com cascade analysis

Description

Coder.com's mapping of the Claude Code leak as one node in a multi-event cascade compressing months of supply chain exposure into ~5 days: Mar 24 Trivy critical CVE -> Mar 26 Trivy GitHub Actions compromise -> Mar 26 Anthropic CMS Mythos leak -> Mar 26-28 LiteLLM security update -> Mar 27 Operon/Epitaxy discovered in Desktop -> Mar 27 Koi Security ShadowPrompt zero-click in CC Chrome extension -> Mar 31 00:21 UTC malicious Axios v1.14.1/v0.30.4 with embedded RAT -> Mar 31 ~04:00 UTC CC v2.1.88 + 59.8MB source map -> Apr 1-2 Zscaler confirms fake 'leaked source' ZIPs dropping Vidar + GhostSocks -> Apr 2 v2.1.90 silently patches CVE-2025-54795 -> Apr 3 SANS Stormcast. Developers cloning during Mar 31 02:00-08:00 UTC window ran npm install during the precise window when trojanised Axios was live.

Key claims

March 31 npm install window overlapped with live Axios RAT

Relations

Supply Chain Cascade Timeline (March 24 - April 3) --[contains]--> TeamPCP Supply Chain Campaign
Supply Chain Cascade Timeline (March 24 - April 3) --[contains]--> Source Map Leak (March 31, 2026)

Sources

src-20260409-5acfec94bd6e