The Bruno IDE was subject to a supply chain compromise that distributed a Remote Access Trojan (RAT) to users through a malicious npm package dependency.

This supply chain attack involved the compromise of the axios npm package. Users who performed an installation during the window of compromise inadvertently pulled in a malicious dependency that deployed a RAT, allowing for unauthorized remote access to the host system.

A CVSS score of 9.8 reflects the severity of a system-level compromise. The deployment of a RAT grants an attacker full persistent access to the developer's machine, enabling the theft of source code, API credentials, and internal network access, which can have catastrophic consequences for the organization.

Immediate Action: Upgrade to Bruno IDE version 3.2.1 and perform a full forensic scan of any machines that ran npm install for @usebruno/cli on March 31, 2026.

Proactive Monitoring: Monitor systems for outbound connections to unknown or suspicious command-and-control (C2) infrastructure and check for unexpected background processes.

Compensating Controls: Utilize endpoint detection and response (EDR) solutions to identify and isolate suspicious processes originating from node-based development tools.

Public Exploit Available: true

Users and organizations who installed or updated the Bruno CLI during the impacted window must assume their systems are compromised. Immediate remediation and comprehensive incident response procedures are required to purge the malware and reset all exposed credentials.