bankinfosecurity.com
Resources curated from this publisher and indexed across appsec.fyi topic pages. Last item added: 2026-05-27.
| Date Added | Resource | Excerpt |
|---|---|---|
| 2026-05-27 2026 | Glassworm Group: Software Supply-Chain Attackers DisruptedSupply Chain | Analysis of the Glassworm Group's software supply-chain attacks details their use of GlasswormRAT, a Node.js-based remote access Trojan, to poison code repositories like VS Code Marketplace and Open VSX. The group leverages stolen developer credentials to force-push malicious code into default branches of over 300 GitHub repositories, targeting Windows, Mac, and Linux systems. Their resilient command-and-control infrastructure utilized the Solana blockchain, BitTorrent, and Google Calendar for C2 server resolution. Indicators of compromise include connections to CrowdStrike-operated IP address 164.92.88.210. |
| 2026-05-26 2026 | Socket Raises $60M for Wider Software Supply-Chain DefenseSupply Chain | Library for securing software supply chains, Socket provides protection for developer endpoints, AI ecosystems, browser extensions, and editor plug-ins. It addresses the growing threat of malicious packages and dependencies introduced by AI development tools and open-source packages, offering features like Socket Firewall to block threats before they reach pipelines. The company has secured $60 million in funding to expand its security controls across broader software ecosystems and enhance its human-vetted threat analysis capabilities. |
| 2026-05-25 2026 | Automated 'Megalodon' Campaign Spreads GitHub Repo BackdoorsSupply Chain | Library for detecting automated supply-chain attacks like the "Megalodon" campaign, which injected malicious GitHub Actions workflows to steal secrets from over 5,000 repositories. The attack targeted CI/CD pipeline secrets, cloud credentials, and SSH keys. The campaign used fake push requests, base64-encoded bash payloads, and two variants: "SysDiag" for mass execution on every push/pull request, and "Optimize-Build" for dormant backdoors triggered via API. It affected numerous repositories, including Tiledesk. |
| 2026-05-13 2026 | Mass Supply-Chain Attack Slams npm and PyPi Hits Mistral AISupply Chain | Library for securing supply chains against the "Mini Shai-Hulud" worm, which has targeted npm and PyPI packages, including those from Mistral AI. This worm autonomously spreads by stealing credentials from over 100 locations, including cloud platforms and developer tools, and can include a wiper payload. Recommendations include implementing code cooldown periods before integrating new packages, enforcing multifactor authentication, and routine key rotation to mitigate these attacks. |
| 2026-04-24 2026 | Flurry of Supply-Chain Software Library AttacksSupply Chain | Library security overview detailing recent supply-chain attacks targeting open-source repositories like npm and PyPI. Attackers compromise popular packages, such as LiteLLM, Axios, Xinference, Namastex.ai, Checkmarx KICS, and Bitwarden CLI, injecting malware to steal developer credentials, secrets, and tokens. These poisoned packages, distributed via automated CI pipelines, can spread rapidly through software dependencies, highlighting the fragility of current development practices. |
| 2026-04-24 2026 | Cloudsmith Raises $72M for Software Supply-Chain SecuritySupply Chain | Library providing software supply-chain security through artifact management. Cloudsmith, a platform from Twilio's former chief customer officer, raised $72 million to enforce policies, audit usage, and reduce exposure to malicious or compromised packages by acting as an intermediary between developers and public repositories. This approach transforms artifact management into a security layer, offering insights into package popularity, maturity, and known risks to both human developers and AI agents, while also integrating data from external security tools for more nuanced policy decisions. |
| 2026-04-03 2026 | Under Fire: Attackers Target Flaws in F5 and Citrix GearRCE | Library: Actively exploited vulnerabilities in F5 BIG-IP APM (CVE-2025-53521, a critical remote code execution flaw) and NetScaler ADC/Gateway (CVE-2026-3055, a critical memory overread, and CVE-2026-4368, a session mix-up) are detailed. Attackers, including nation-state actors, are targeting these application delivery and security platforms, with F5 revising its BIG-IP APM flaw severity from denial-of-service to remote code execution, and CISA mandating patching for federal agencies. Memory leak vulnerabilities in Citrix products, like the previously disclosed CitrixBleed, continue to be a significant concern. |