Axios NPM Compromised, CareCloud Breach, GM Idles Electric Truck Factory

Axios NPM Package Compromised in Maintainer Account Takeover

• Lead maintainer account hijacked via email swap to attacker ProtonMail.
• Malicious versions 1.14.1 and 0.30.4 injected remote access trojan.
• NPM yanked packages fast after short two-hour exposure window.

USA, Mar 31 (TNGB) – The popular Axios HTTP client library suffered a supply chain attack when its lead maintainer account on npm and GitHub was reportedly compromised. Attackers changed the email address to one they controlled and published two malicious versions that pulled in a fake dependency running a cross-platform RAT on postinstall. The incident affected macOS, Windows, and Linux systems with roughly 100 million weekly downloads though actual installs stayed limited.

This breach exposes how single points of failure in open source dependencies can threaten vast portions of the internet economy.

CareCloud Hackers Accessed Patient Medical Records in EHR Breach

• Unauthorized parties entered one electronic health record environment.
• Access lasted eight hours on March 16 before systems restored.
• Company investigates potential patient data exposure and exfiltration.

USA, Mar 31 (TNGB) – CareCloud, a major provider of healthcare software, reported that hackers gained entry to one of its electronic health record systems. The breach occurred on March 16 and lasted about eight hours while causing partial disruptions to data access and functionality. Officials continue to assess whether any patient records were viewed or removed during the incident.

Healthcare organizations face mounting pressure to secure sensitive patient information against determined intruders.

Federal Agencies Ordered to Patch Actively Exploited Citrix NetScaler Bug

• CISA sets three-day deadline for vulnerable traffic management tool.
• CVE-2026-3055 out-of-bounds read flaw under active attack.
• Researchers first reported exploitation in the wild last week.

USA, Mar 31 (TNGB) – Federal civilian agencies received urgent notice from CISA to address a critical vulnerability in Citrix NetScaler products used for traffic management and authentication. The out-of-bounds read flaw known as CVE-2026-3055 is reportedly being exploited by hackers already. Agencies must apply the patch no later than April 2 to limit exposure.

Timely updates remain the most effective defense against rapidly evolving threats to government infrastructure.

OkCupid Settles Claims Over Sharing User Photos With Facial Recognition Firm

• Match Group agreed to resolve 2014 FTC allegations without admission.
• Roughly three million user photos sent to Clarifai without consent.
• Settlement requires enhanced privacy safeguards for future data handling.

USA, Mar 31 (TNGB) – OkCupid parent Match Group settled claims that it shared user photos with facial recognition company Clarifai without proper permission. The 2014 incident involved approximately three million images and drew Federal Trade Commission scrutiny over consent practices. Terms of the agreement focus on improved data protection measures moving forward.

Companies must treat user biometric data with the strictest controls to maintain public trust.

China Students Rent AI Smart Glasses to Cheat on Exams

• Affordable rentals let users scan questions for instant answers.
• Glasses cost between six and twelve dollars per day.
• Practice reportedly surged during recent high-stakes testing periods.

CHINA, Mar 31 (TNGB) – Students across China have begun renting AI-powered smart glasses designed to provide real-time exam assistance. The devices scan test questions and deliver answers through a connected interface making cheating surprisingly straightforward. Reports indicate widespread adoption ahead of major academic assessments.

Academic integrity faces new challenges as accessible technology blurs lines between study aid and outright dishonesty.

GM Idles Electric Truck Factory and Lays Off Thirteen Hundred Workers

• Factory Zero in Detroit halted production for one month.
• Temporary layoffs affect one thousand three hundred employees.
• Move follows softer than expected electric vehicle demand.

DETROIT, Mar 31 (TNGB) – General Motors paused operations at its Factory Zero electric truck plant and placed thirteen hundred workers on temporary leave. The idling runs from mid-March through mid-April as the company adjusts output to match current market conditions. Officials cited slower electric vehicle sales as the primary driver.

Automakers continue to navigate shifting consumer preferences in the transition to electric fleets.

Microsoft Fixes Outlook Classic Crashes Tied to Teams Meeting Add-in

• Older Outlook builds conflicted with newest Teams add-in version.
• Crashes began around March 12 and prompted safe mode prompts.
• Fix deployed in Teams update released March 30.

USA, Mar 31 (TNGB) – Microsoft resolved an issue causing classic Outlook to crash when the Teams Meeting add-in was active. Affected users on builds up to version 2402 encountered repeated failures until they entered safe mode. The company pushed the corrected add-in version late Monday to restore stability.

Seamless integration between productivity tools demands rigorous compatibility testing before release.

All Google Users in United States Can Now Change Gmail Address

• Policy shift allows username updates once every twelve months.
• Old address remains as alternate for continued access.
• Change applies only to US accounts and keeps all prior emails.

USA, Mar 31 (TNGB) – Google expanded its Gmail policy to let every United States user modify the username portion of their email address. The update rolled out gradually after initial December announcements and now covers all domestic accounts. Users retain full email history while the former address functions as an alternate.

Greater flexibility in personal identifiers gives consumers more control over their digital identity.

Instagram Tests Paid Option to View Stories Anonymously

• Subscription feature hides viewer identity from story posters.
• Additional perks include extended viewing time and replay counts.
• Rollout currently limited to select markets including Mexico and Philippines.

USA, Mar 31 (TNGB) – Instagram began testing a premium subscription that permits anonymous viewing of stories without alerting the original poster. Subscribers gain extras such as unlimited audience lists and the ability to search specific viewers. The feature appeared first in a handful of international test regions.

Privacy tools evolve quickly but raise fresh questions about transparency between users and platforms.

ClassPass and Mindbody Parent Completes Seven Point Five Billion Dollar Merger

• Playlist merged with EGYM to create larger wellness platform.
• Deal includes seven hundred eighty five million in new equity.
• Combined entity spans gyms, spas, equipment, and corporate wellness.

USA, Mar 31 (TNGB) – The company operating ClassPass and Mindbody finalized its merger with fitness technology firm EGYM in a transaction valued at seven point five billion dollars. The union brings together booking platforms, consumer apps, and smart equipment under one roof. Officials completed the deal on March 31 after months of preparation.

Consolidation in the wellness sector accelerates as companies seek scale amid rising competition.