cxodigitalpulse.com
Resources curated from this publisher and indexed across appsec.fyi topic pages. Last item added: 2026-05-19.
| Date Added | Resource | Excerpt |
|---|---|---|
| 2026-05-19 2026 | Mini Shai-Hulud Malware Campaign Compromises Open-Source Packages in Major Supply Chain AttackSupply Chain | Analysis of the Mini Shai-Hulud malware campaign reveals a large-scale software supply chain attack impacting hundreds of open-source npm and PyPI packages. Attackers exploited GitHub Actions and CI/CD pipelines via cache poisoning to inject malicious code, compromising popular packages from vendors like TanStack and UiPath. The malware steals credentials, establishes persistence in developer tools, and possesses destructive capabilities, highlighting the weaponization of trusted automation infrastructure and the evolution of supply chain threats targeting AI and cloud development. |
| 2026-05-16 2026 | OpenAI Impacted by TanStack Supply-Chain AttackSupply Chain | Writeup detailing the OpenAI supply-chain attack, where compromised TanStack npm packages, part of the "Mini Shai-Hulud" campaign, infected two employee devices. Attackers leveraged malicious code in 84 package versions to steal limited credentials from internal source code repositories, though OpenAI confirmed no user data or production systems were compromised. This incident underscores the growing risk of supply-chain attacks targeting AI companies and their reliance on open-source ecosystems. |
| 2026-05-15 2026 | OpenAI Says Hackers Stole Limited Data Following Latest Code Security IncidentSupply Chain | Writeup detailing a recent OpenAI supply-chain attack involving compromised TanStack npm packages. Hackers injected malicious code into the TanStack ecosystem, gaining access to two OpenAI employee devices and stealing limited internal data. The incident did not impact ChatGPT user data, production systems, or core intellectual property, but it underscores the growing threat of sophisticated supply-chain attacks targeting open-source libraries and AI infrastructure. |
| 2026-05-06 2026 | Sophisticated Quasar Linux RAT Campaign Targets Software Developers in Supply Chain AttacksSupply Chain | Analysis of the Quasar Linux RAT (QLNX) campaign targeting software developers via supply chain attacks. This sophisticated Linux-based malware aims to steal credentials, maintain remote access, and facilitate large-scale supply chain compromises. The campaign is linked to trojanized software installers, including compromised Daemon Tools, distributing backdoors globally. Attackers use staged deployment, selectively targeting high-value organizations after initial broad infection, with potential cyberespionage motives. Compromising developer environments grants access to source code, signing keys, and CI/CD pipelines, enabling downstream attacks. |
| 2026-05-06 2026 | Kaspersky Links Suspected Chinese Hackers to Backdoor Planted in Daemon Tools Supply Chain AttackSupply Chain | Analysis of a Daemon Tools supply chain attack, attributed to a Chinese-speaking threat actor, where malicious backdoors were implanted in official installers via compromised digital certificates. This sophisticated operation, affecting versions 12.5.0.2421 onward since April 8, 2026, leveraged Daemon Tools' elevated permissions to establish deep system persistence and deploy remote-control malware, resulting in thousands of global infection attempts targeting various sectors including government and industrial operations. |
| 2026-05-02 2026 | Over 1800 Developers Impacted in Mini Shai-Hulud Supply Chain Attack Targeting SAP Lightning and IntercomSupply Chain | Writeup of the Mini Shai-Hulud supply chain attack impacting over 1,800 developers through compromised SAP npm packages, the Lightning Python library (versions 2.6.2, 2.6.3), and Intercom integrations (intercom-client versions 7.0.4, 7.0.5; intercom-php). Attributed to TeamPCP, the attack steals credentials and API keys, exfiltrating them to public GitHub repositories and scanning for cloud environments and HashiCorp Vault secrets, evolving from earlier Shai-Hulud campaigns. |
| 2026-04-24 2026 | Bitwarden CLI Compromised in Supply Chain Attack Exposes Developer SecretsSupply Chain | Writeup of the Bitwarden CLI supply chain attack, where a malicious npm package (@bitwarden/cli@2026.4.0) was distributed via a compromised GitHub Actions workflow. This incident, part of a broader campaign linked to Checkmarx attacks, targeted developer secrets including GitHub and npm tokens, SSH keys, and cloud credentials, with potential for escalating into wider breaches by injecting malicious workflows. |
| 2026-04-24 2026 | Tenable Research Uncovers Remote Code Execution Vulnerability in Microsoft GitHub Repository Exposing CI/CD Pipeline to Unauthorized Code ExecutionRCESupply Chain | Analysis of a critical Remote Code Execution vulnerability (CVSSv4 9.3) in a Microsoft GitHub repository, specifically within its CI/CD workflow using GitHub Actions. Attackers could inject malicious Python code into issue descriptions, triggering automatic execution on the GitHub runner and exfiltrating sensitive secrets like GITHUB_TOKEN, thereby compromising the software supply chain and potentially allowing unauthorized code execution. |
| 2026-04-23 2026 | Malicious Docker Images and VS Code Extensions Compromise Checkmarx Supply ChainSupply Chain | Analysis of a supply chain attack where malicious Docker images, specifically a trojanized `checkmarx/kics` image under tags like `v2.1.20` and `alpine`, and compromised Visual Studio Code extensions, were used to exfiltrate sensitive data and compromise developer environments, highlighting risks in trusted repositories and developer ecosystems. |
| 2026-04-22 2026 | Critical SGLang Flaw (CVE-2026-5760) Enables RCE via Malicious AI ModelsRCE | Writeup of CVE-2026-5760 in SGLang, a critical flaw enabling remote code execution via malicious AI models. Attackers can craft a GGUF model with a malicious tokenizer.chat_template to exploit an unsandboxed Jinja2 environment, triggering server-side template injection and executing arbitrary Python code. This high-severity vulnerability, requiring no authentication, impacts SGLang deployments serving LLMs. |
| 2026-04-14 2026 | OpenAI Impacted by North Korea-Linked Axios Supply Chain Hack Rotates Security CertificatesSupply Chain | Library compromise impacting OpenAI, where North Korea-linked actors poisoned the Axios JavaScript library on NPM. Malicious versions deployed a RAT, affecting OpenAI's macOS application signing workflow and exposing code-signing certificates. OpenAI rotated certificates and stated no user data or intellectual property was compromised, though older macOS applications will lose support. |
| 2026-04-07 2026 | Guardarian Users Targeted in Supply Chain Attack via Malicious Strapi NPM PackagesSupply Chain | Writeup of a supply chain attack targeting Guardarian users via malicious Strapi NPM packages. Threat actors published 36 fake packages, disguised as Strapi plugins, designed to deliver payloads including remote shells, Docker escape, and credential harvesting. Techniques involved exploiting Redis, targeting PostgreSQL, scanning for wallet files, exfiltrating Strapi configurations, and establishing persistent access. The attack evolved from aggressive payloads to reconnaissance and targeted credential theft, specifically for the Strapi ecosystem. |