securitylabs.datadoghq.com
Resources curated from this publisher and indexed across appsec.fyi topic pages. Last item added: 2026-04-22.
| Date Added | Resource | Excerpt |
|---|---|---|
| 2026-04-22 2026 | LiteLLM and Telnyx Compromised on PyPI: Tracing the TeamPCP Supply Chain CampaignSupply Chain | Library detailing the TeamPCP supply chain campaign that compromised LiteLLM and Telnyx packages on PyPI. This extensive campaign began with a Trivy compromise, spread through npm and GitHub Actions, and included Kubernetes exploitation. Defenders should treat installations of LiteLLM versions 1.82.7/1.82.8 or Telnyx versions 4.87.1/4.87.2 as credential exposure events. |
| 2026-04-22 2026 | MCP Vulnerability Case Study: SQL Injection in the Postgres MCP ServerSQLi | Writeup on a SQL injection vulnerability in Anthropic's reference Postgres MCP server, allowing arbitrary SQL execution by terminating the read-only transaction with a `COMMIT;` statement. Though deprecated, the `@modelcontextprotocol/server-postgres` NPM package and `mcp/postgres` Docker image see significant weekly downloads. The vulnerability is patched in the Zed Industries fork (`@zeddotdev/postgres-context-server` v0.1.4) and an unreleased reference implementation. Users should avoid the deprecated server for sensitive data and consider the Zed Industries fork for mitigation. |
| 2026-04-16 2026 | Learnings from Recent npm Supply Chain Compromises - DatadogSupply Chain | Analysis of recent npm supply chain compromises, including the s1ngularity, Qix, and Shai-Hulud attacks, highlights critical vulnerabilities. Attackers exploited GitHub Actions pull_request_target triggers, phishing campaigns mimicking npm 2FA resets, and unrotated credentials to inject malicious code, steal secrets, and hijack cryptocurrency transactions. Specific malware like telemetry.js and crypto-stealing scripts were deployed across hundreds of compromised npm packages. The analysis emphasizes the need for hardened CI/CD workflows, immediate credential rotation, MFA, and fine-grained access tokens to mitigate these widespread risks. |
| 2026-04-11 2026 | XZ Utils backdoor (CVE-2024-3094) overviewSupply Chain | Reference to CVE-2024-3094 details a significant backdoor discovered in xz-utils versions 5.6.0 and 5.6.1, impacting the sshd binary and enabling remote code execution. The article curates high-quality external analyses, OSINT reports, and technical breakdowns, including information on its distribution across Fedora, Debian, Kali, and Arch Linux. It also provides historical context, referencing past supply chain attack attempts on open-source software dating back to Ken Thompson's work. |
| 2026-04-11 2026 | Shai-Hulud 2.0 npm worm: analysisSupply Chain | Analysis of Shai-Hulud 2.0, a self-replicating npm worm that backdoored 796 packages, reveals its sophisticated credential-stealing payload. This worm utilizes the Bun JavaScript runtime to evade detection, harvests credentials from local filesystems and cloud environments (AWS, Google Cloud, Azure) using techniques like `trufflehog` and accessing instance metadata services, and exfiltrates them to public GitHub repositories. It self-propagates by injecting malicious files like `setup_bun.js` and `bun_environment.js` into other npm packages, and can also establish GitHub self-hosted runners for remote code execution via vulnerable GitHub Actions. |