Supply Chain Security
Software supply chain security addresses threats that target the dependencies, build systems, and distribution channels that modern applications rely on. High-profile incidents like SolarWinds, Log4Shell, and the xz backdoor demonstrated that attackers increasingly target upstream components rather than applications directly. Supply chain attacks include dependency confusion (substituting malicious packages with names matching internal packages), typosquatting in package registries, compromised maintainer accounts, malicious code injected into build pipelines, and trojanized development tools. Defenses include software bills of materials (SBOMs), dependency pinning and lock files, signature verification, provenance attestation (SLSA framework), regular dependency auditing with tools like Dependabot, Snyk, or Socket, and careful evaluation of new dependencies before adoption.
| Date Added | Link | Excerpt |
|---|---|---|
| 2026-06-21 NEW 2026 | Microsoft Links Mastra AI npm Supply Chain Attack to North Korean Sapphire Sleet Hackers news | Microsoft has linked the Mastra AI npm supply chain attack to North Korean hackers, identified as Sapphire Sleet. This group, also known by other aliases, is accused of compromising an npm package to inject malicious code, potentially impacting developers using the Mastra AI tool. The attack highlights the ongoing threat of sophisticated supply chain compromises orchestrated by nation-state actors. |
| 2026-06-21 NEW 2026 | npm Supply Chain Attack: North Korea Backdoored 144 AI Packages in 88 Minutes news | A sophisticated supply chain attack, attributed to North Korea, compromised 144 AI-related packages on the npm JavaScript registry. The attackers achieved this rapid compromise, injecting malicious code into the packages within just 88 minutes. This incident highlights the vulnerability of open-source software repositories and the potential for state-sponsored actors to exploit them for malicious purposes, impacting developers and users who rely on these packages. The article does not mention a specific bug bounty payout. → techtimes.com |
| 2026-06-21 NEW 2026 | Your control tower to secure code across GitHub, GitLab, and Azure Repos intermediate API Sec | Wiz offers a unified platform to secure code across GitHub, GitLab, and Azure Repos. It provides a "control tower" for your development pipeline, utilizing the Wiz Security Graph, thorough configuration checks, and advanced code scanning to ensure code security. The service aims to protect your entire development workflow by identifying and mitigating vulnerabilities. → wiz.io |
| 2026-06-21 NEW 2026 | Kroger’s approach to supply chain security beginner | Kroger's Product Security Leader, David Imhoff, discussed challenges in securing digital supply chains during a recent Snyk customer event. The focus was on strategies and approaches Kroger employs to ensure the safety and integrity of its supply chain, particularly in the digital realm. No bug bounty payout amount was mentioned in the provided content. → snyk.io |
| 2026-06-20 NEW 2026 | Microsoft links Mastra AI supply chain attack to North Korean hackers news 2 min read | Analysis of the Mastra AI supply chain attack, attributed to North Korean threat actor Sapphire Sleet (BlueNoroff), details a compromise of over 140 npm packages. Attackers hijacked an npm maintainer account to publish malicious updates, introducing a typosquatted dependency, "easy-day-js," which acted as a malware dropper. This dropper targeted Windows, Linux, and macOS systems, aiming to steal credentials, API keys, and cryptocurrency wallets, including those from MetaMask, Phantom, and Coinbase Wallet, utilizing tactics previously associated with Sapphire Sleet campaigns. → bleepingcomputer.com |
| 2026-06-20 NEW 2026 | Supply chain attack hits widely-used AI package risks impacting thousands of companies news 4 min read | Library compromise targeting LiteLLM versions 1.82.7 and 1.82.8 highlights the risks of supply chain attacks. Malicious code within these versions was designed to exfiltrate sensitive data, including cloud credentials and API keys, and maintain persistence. This incident, attributed to a group called TeamPCP, emphasizes the potential for widespread impact, affecting developers, organizations, and downstream users due to LiteLLM's extensive use in AI systems and cloud environments. → therecord.media |
| 2026-06-20 NEW 2026 | GitHub “besieged” by malware repositories and repo confusion: Why you'll be ok beginner 9 min read | Library for securing open-source development against threats like malware repositories, repo confusion, typosquatting, and dependency confusion. It emphasizes code vetting, repository authentication, and provides best practices for developers and security teams. Tools like Snyk Advisor and Snyk Learn are mentioned for assessing package health and improving security knowledge. → snyk.io |
| 2026-06-20 NEW 2026 | Securing your SBOM on Google Cloud intermediate 4 min read | Guidance on securing SBOMs details NSA recommendations for open source software management, secure repository creation, and crisis management. Practices include evaluating OSS, risk assessment, maintaining internal repositories, vulnerability response, and creating validated SBOMs with details on components, versions, and licenses. Snyk integrates with Google Cloud services like CloudBuild, Artifact Registry, and GKE to help users find and fix vulnerabilities, scan containers, and generate enriched SBOMs. → snyk.io |
| 2026-06-20 NEW 2026 | The XZ backdoor CVE-2024-3094 news 8 min read | Analysis of CVE-2024-3094, a critical backdoor in the liblzma library affecting Linux distributions like Debian and Fedora. The exploit, a sophisticated supply chain attack, targeted x86-64 Linux systems using glibc and GCC, aiming to bypass SSH authentication and potentially achieve remote code execution. The vulnerability leverages modified build files and the GNU C Library's IFUNC mechanism to compromise OpenSSH. Detection methods using Snyk CLI for applications and containers are also outlined. → snyk.io |
| 2026-06-19 NEW 2026 | VS Code 1.123 Adds Two-Hour Extension Update Delay to Limit Supply Chain Attacks intermediate 3 min read | Library introducing a two-hour delay for VS Code extension auto-updates to mitigate supply chain attacks, following similar cooldown mechanisms in package managers like Pip and npm. While this new protection aims to provide a window for detecting malicious updates, it notably exempts "trusted publishers." Critics suggest the delay is too short, with alternative proposals including sandboxing extensions and staged rollouts. The change offers teams disabling auto-updates more control via policy-based allowlists or internal marketplaces. → infoq.com |
| 2026-06-19 NEW 2026 | Cybersecurity Firms Impacted by Klue Supply Chain Attack news 2 min read | Writeup of the Klue supply chain attack, detailing how threat actors compromised Klue's backend servers to steal OAuth tokens for customer integrations, impacting cybersecurity firms Huntress and Recorded Future. The attack primarily targeted Salesforce data, exfiltrating CRM information, business contacts, and price quotes. The incident bears similarities to previous attacks on Salesloft, Drift, and Gainsight, and is attributed to the Icarus extortion group. → securityweek.com |
| 2026-06-19 NEW 2026 | Supply chain attack on lottie-player: everything you need to know news 3 min read | Library compromise impacting lottie-player versions 2.0.5 through 2.0.7. Malicious code injected via a compromised npm token allowed attackers to serve Web3 wallet connection prompts, aiming to steal cryptocurrency. Organizations like 1inch were affected, with at least one reported loss of 10 Bitcoin. Developers should audit dependencies and update to version 2.0.8 or revert to 2.0.4. → wiz.io |
| 2026-06-19 NEW 2026 | npm v12’s Biggest Security Change: From Implicit to Explicit Trust intermediate 11 min read | Library introducing explicit trust for npm package installations in v12, blocking script execution, Git repositories, and remote URLs by default, requiring explicit approval. This change directly addresses common malware delivery mechanisms exploited in campaigns like Shai-Hulud variants and easy-day-js, which leveraged lifecycle scripts, Git dependencies, and remote URLs to steal credentials and compromise developer environments. → jfrog.com |
| 2026-06-18 NEW 2026 | Supply-chain malware is evolving into self-propagating worms news 4 min read | Library catalog entries for Shai-Hulud demonstrate how supply-chain malware has evolved into self-propagating worms that exploit developer workflows. This new class of malware, unlike traditional single-point compromises, automates credential theft, package infection, and republishing across ecosystems like npm, PyPI, and GitHub. This worm-like behavior turns dependency chains into active propagation mechanisms, posing significant risks by extending compromises into CI/CD pipelines and cloud services, necessitating robust security measures such as securing developer environments, tightening credential management, strengthening dependency controls, and improving pipeline visibility. |
| 2026-06-18 NEW 2026 | How software developments speed obsession enabled TeamPCPs chaos crusade beginner 8 min read | Analysis of the TeamPCP threat actor's widespread supply chain attacks, compromising over 1,000 open-source packages, including Trivy. TeamPCP exploits the industry's reliance on trust and AI in development, targeting CI/CD pipelines and third-party dependencies for credential theft from cloud environments like AWS and Azure. Their campaigns highlight a broken trust model and aim for notoriety and chaos rather than solely financial gain. → cyberscoop.com |
| 2026-06-18 NEW 2026 | From package to postinstall payload: Inside the Mastra npm supply chain compromise intermediate 9 min read | Library for analyzing the Mastra npm supply chain compromise, detailing the exploitation of the `ehindero` maintainer account to inject malicious `easy-day-js` package dependencies. This attack leveraged a postinstall hook to disable TLS certificate verification, download a second-stage payload, and execute it as a hidden process. The analysis covers the staged delivery, obfuscated dropper, C2 communication, and Windows-specific techniques like reflective .NET assembly injection and host fingerprinting for persistence and further exploitation. → microsoft.com |
| 2026-06-18 NEW 2026 | 141 Mastra npm packages compromised in supply chain attack news | 141 Mastra npm packages compromised in supply chain attack https://ift.tt/qH0bhIf → cybernews.com |
| 2026-06-18 NEW 2026 | Ultralytics AI Library Hacked via GitHub for Cryptomining intermediate 4 min read Python | Library compromise targeting Ultralytics via GitHub Actions injected cryptomining malware into PyPI versions 8.3.41 and 8.3.42. Attackers exploited branch name vulnerabilities in pull requests to execute arbitrary code, modifying core library files to download and run XMRig. This supply chain attack highlights the risk of compromised CI/CD workflows, impacting downstream dependencies like the ComfyUI Impact Pack and affecting numerous cloud environments. → wiz.io |
| 2026-06-18 NEW 2026 | Breaking the Chain: Wiz Uncovers a Signature Verification Bypass in Nuclei, the Popular Vulnerability Scanner (CVE-2024-43405) news 10 min read | Writeup detailing CVE-2024-43405, a critical signature verification bypass discovered in Nuclei, the popular open-source vulnerability scanner from ProjectDiscovery. This vulnerability, uncovered by Wiz, could enable arbitrary code execution by allowing malicious templates to bypass the existing signature verification mechanism, which relies on ASN.1 encoded ECDSA signatures. The bypass exploits subtle issues within the regex-based signature extraction and removal logic, potentially compromising systems running untrusted Nuclei templates. → wiz.io |
| 2026-06-18 NEW 2026 | Polyfill supply chain attack embeds malware in JavaScript CDN assets intermediate 7 min read | Library providing detection for the Polyfill supply chain attack impacting cdn.polyfill.io, which embedded malware in JavaScript assets. The attack, announced June 25, 2024, affected over 100,000 websites, including Intuit. Snyk Code's SAST engine can detect usage of malicious domains like polyfill[.]site, polyfill[.]com, bootcdn[.]net, and staticfile[.]net through custom rules, and has identified CVE-2024-38526 in the pdoc library. → snyk.io |
| 2026-06-18 NEW 2026 | A Forgotten Contributor Account Compromised the Entire Mastra npm Package Scope intermediate 9 min read | Writeup detailing a supply chain attack on the `@mastra` npm scope, where a former contributor's compromised account was used to republish 142 packages with a malicious dependency, `easy-day-js`. This dependency, a `dayjs` imposter, featured an install hook that disabled TLS verification, downloaded a cross-platform cryptocurrency stealer and remote access trojan, and established persistence. The attack exploited lax scope access management by npm and highlights the risks of unrevoked permissions and dependency confusion via version ranges. → snyk.io |
| 2026-06-18 NEW 2026 | Over 140 popular Mastra npm Packages Hit by Supply Chain Attack news 3 min read | Writeup detailing the @mastra npm supply chain attack, where 141 packages were compromised via a malicious dependency, `easy-day-js`. The attack leveraged `postinstall` scripts to download and execute obfuscated payloads from C2 servers, targeting crypto wallet extensions. This mirrors the `axios` compromise, employing similar tactics like staged malicious versions and self-deleting scripts to evade detection. → aikido.dev |
| 2026-06-18 NEW 2026 | Developer Machines And Supply Chain Security Risk beginner | This article discusses the significant supply chain security risks posed by compromised developer machines. It highlights how attackers can target these machines to inject malicious code into software projects, leading to widespread vulnerabilities and breaches. The content emphasizes the importance of securing developer environments, including endpoints, code repositories, and build pipelines, as a critical defense against such attacks. The goal is to prevent compromised development tools from becoming entry points for attackers into the software supply chain. → darkreading.com |
| 2026-06-18 NEW 2026 | easy-day-js Supply Chain Attack Hits Mastra AI in npm news 3 min read | Writeup of the `easy-day-js` npm supply chain attack, which impacted the `@mastra` organization by hijacking an account to replace the legitimate `dayjs` dependency with a malicious version. This typesquatting attack leveraged a `postinstall` script to download and execute a multi-stage dropper, featuring disabled TLS verification, hardcoded C2 servers, and self-deleting stages. The attack affected 141 packages, leading to account takeover and the distribution of a crypto-stealer, highlighting npm's ongoing vulnerability to dependency hijacking despite upcoming deprecation of install scripts. → ox.security |
| 2026-06-17 NEW 2026 | AUR suspends new registrations as 1500-plus malicious packages flood repository news | Library for detecting malicious packages like those recently found in the Arch User Repository (AUR). This supply chain attack involved over 1,500 packages, with attackers abusing stewardship processes to inject malicious `PKGBUILD` post-install scripts. These scripts, resembling tactics seen in IronWorm and Mini Shai-Hulud, introduced malicious dependencies, including commands to install packages like `atomic-lockfile`, `js-digest`, and `lockfile-js` via npm or the Bun runtime. → scworld.com |
| 2026-06-17 NEW 2026 | Mastra AI Framework Poisoned in npm Supply-Chain Attack news 5 min read | Library poisoning in the Mastra AI framework targeted npm packages, injecting a malicious dependency named "easy-day-js" disguised as a legitimate library. This supply-chain attack, potentially linked to the TeamPCP group and their Shai-Hulud worm, leveraged npm's version resolution to automatically pull the poisoned code during installations, compromising environments. Mitigation advice includes downgrading to specific previous versions and explicit use of lockfiles, while npm plans security overhauls in its upcoming v12 release to disable automatic script execution from dependencies by default. → bankinfosecurity.com |
| 2026-06-17 NEW 2026 | Mastra AI Framework Poisoned in npm Supply-Chain Attack news 5 min read | Library poisoning targeted the Mastra AI framework, compromising over 140 packages via a malicious dependency named `easy-day-js`, a typosquat of the popular `dayjs` library. This supply-chain attack, attributed to the TeamPCP group, leveraged phantom dependencies and automated install processes to execute obfuscated payloads downloaded from attacker-controlled servers. Users are advised to downgrade to specific previous versions and utilize lockfiles. Microsoft's upcoming npm v12 release will introduce security fixes, disabling automatic script execution from dependencies by default. |
| 2026-06-17 NEW 2026 | Mastra npm packages compromised in easy-day-js supply chain attack news 1 min read | Library for detecting vulnerabilities in npm packages, similar to the easy-day-js supply chain attack. This incident saw 144 Mastra npm packages compromised via a malicious dependency that acted as an information stealer, harvesting browser data and cryptocurrency wallet information across multiple operating systems. The attack leveraged a hijacked npm account and injected obfuscated payloads through postinstall hooks, disabling TLS certificate validation. Systems that installed affected packages should be considered compromised, with users advised to roll back, rotate credentials, and audit hosts. → scworld.com |
| 2026-06-17 NEW 2026 | Supply-chain attack injects backdoor on ShapedPlugin WordPress software news 3 min read | Library for detecting and mitigating supply-chain attacks like CVE-2026-10735 affecting ShapedPlugin's premium WordPress software. This attack involved injecting backdoors through legitimate update channels, leading to credential theft, 2FA secret exfiltration, and the deployment of tools like Tiny File Manager and Adminer. The incident highlights risks associated with compromised build pipelines and vendor update systems, impacting plugins such as Real Testimonials Pro, Product Slider Pro, and Smart Post Pro. |
| 2026-06-17 NEW 2026 | Hackers Target npm Ecosystem by Compromising 140 Mastra Packages news | Hackers have compromised over 140 packages within the npm ecosystem, specifically targeting those belonging to Mastra. This widespread attack highlights a significant security vulnerability in the popular JavaScript package manager. The compromised packages could potentially lead to the distribution of malicious code to a vast number of developers and applications relying on these dependencies. Further details regarding the specific vulnerabilities exploited or any potential payout amounts are not provided in the content. → gbhackers.com |
| 2026-06-17 NEW 2026 | Mastra npm Supply Chain Attack: 140 Packages Backdoored via easy-day-js Typosquat news 9 min read | Library for detecting and preventing the Mastra npm supply chain attack, where over 140 packages were backdoored via the `easy-day-js` typosquat. This attack involved an obfuscated `postinstall` dropper that downloaded a secondary payload from attacker-controlled servers and then self-deleted. The library analyzes package dependencies and execution behavior to identify and block such malicious activities, similar to how Harden Runner intercepted outbound calls to the command-and-control servers. → stepsecurity.io |
| 2026-06-17 NEW 2026 | Over 140 popular Mastra npm Packages Hit by Supply Chain Attack news 3 min read | Analysis of a large-scale supply chain attack targeting the popular `@mastra` npm scope, where 141 packages were compromised by injecting a malicious `easy-day-js` dependency. This malicious package leveraged `postinstall` hooks to fetch and execute obfuscated payloads from C2 servers, targeting crypto wallet extensions and self-deleting to evade detection, mirroring techniques seen in the prior `axios` compromise. → aikido.dev |
| 2026-06-17 NEW 2026 | Chainguard launches scanner to block npm malware greyware beginner | Chainguard has released a new scanner designed to combat malware and greyware within the npm ecosystem. The tool aims to identify and block malicious packages before they can be integrated into projects, enhancing the security of the JavaScript development pipeline. |
| 2026-06-17 NEW 2026 | 144 Mastra npm Packages Compromised via Hijacked Contributor Account news 3 min read | Analysis of the easy-day-js software supply chain attack, impacting 144 npm packages within the Mastra AI framework, details a technique where a hijacked contributor account published malicious versions of dependent libraries. The compromised "@mastra/*" packages incorporated a cloned "dayjs" library, "easy-day-js," which, via a postinstall hook, downloaded and executed a cryptocurrency-stealing remote access trojan. This trojan, capable of harvesting credentials from over 160 browser extensions and establishing persistence across multiple operating systems, exploited the broad installation footprint of Mastra's popular packages. → thehackernews.com |
| 2026-06-17 NEW 2026 | Atomic Arch Supply Chain Attack Compromises 1500 Arch User Repository Packages: Credential-Stealing Malware Targets Arch Linux Systems news 6 min read | Writeup of the Atomic Arch campaign, a supply chain attack that compromised around 1,500 Arch User Repository (AUR) packages by injecting credential-stealing malware like `atomic-lockfile` into build scripts. The Rust-based malware targets Arch Linux systems, exfiltrating credentials, developer tokens, and cloud access keys, employing eBPF rootkit techniques for persistence and stealth. The attack highlights risks in open-source ecosystems and is mapped to MITRE ATT&CK techniques like T1195.002 (Supply Chain Compromise) and T1564.006 (Hide Artifacts: Rootkit). → rescana.com |
| 2026-06-17 NEW 2026 | The Overlooked Attack Surface: Securing Code Repositories, Pipelines, and Developer Infrastructure beginner 6 min read | Library for securing developer infrastructure, extending Application Security Posture Management (ASPM) to code repositories, CI/CD pipelines, and artifact registries. It continuously assesses configurations, maps identities, and detects threats across the software supply chain, citing examples like the Ultralytics PyPI attack and Kong's DockerHub compromise. The library integrates with cloud security posture management and detection and response principles, mapping controls to frameworks like CIS Benchmarks and OWASP TOP10 CI/CD Security Risks for proactive risk management. → wiz.io |
| 2026-06-17 NEW 2026 | GitHub Action tj-actions/changed-files supply chain attack: everything you need to know news 6 min read Secrets | Library detailing CVE-2025-30066, a supply chain attack on the tj-actions/changed-files GitHub Action. This attack injected malicious code, causing affected public repositories to leak secrets within workflow logs. The compromise, also potentially linked to reviewdog/action-setup, involved a compromised GitHub Personal Access Token (PAT). Mitigation steps include rotating leaked secrets like AWS keys and GitHub PATs, removing references to the affected action, and pinning future actions to specific commit hashes. → wiz.io |
| 2026-06-17 NEW 2026 | New GitHub Action supply chain attack: reviewdog/action-setup news 6 min read Secrets | Library detailing a GitHub Action supply chain attack targeting reviewdog/action-setup@v1. This vulnerability, likely a precursor to the tj-actions/changed-files compromise, involved malicious code injected into CI workflows to dump secrets from CI runner memory. Affected repositories, particularly public ones, risked leaking secrets via workflow logs, necessitating immediate rotation of any exposed credentials. Mitigation involves identifying affected workflows, checking for the malicious payload, and removing references to the compromised action. → wiz.io |
| 2026-06-17 NEW 2026 | Vulnerabilities in NodeJS C/C++ add-on extensions intermediate 6 min read | Library for analyzing C/C++ vulnerabilities in NodeJS npm packages, focusing on Buffer Overflow, Denial of Service (process crash, unchecked types), and Memory Leakages. It models sources, sinks, and sanitizers using Snyk Code to identify vulnerable patterns within Node-API and Napi interfaces, providing remediation examples for maintainers. → snyk.io |
| 2026-06-17 NEW 2026 | Three trends shaping software supply chain security today beginner 4 min read | Survey of trends shaping software supply chain security, focusing on growing SBOM regulations, the impact of AI-generated code on secure development practices, and the evolving threat landscape, including AI supply chain attacks impacting LLMs. This resource emphasizes proactive security measures, leveraging business context for risk prioritization, and shifting code security left to align with faster development cycles. → snyk.io |
| 2026-06-17 NEW 2026 | The persistent threat: Why major vulnerabilities like Log4Shell and Spring4Shell remain significant beginner 4 min read | Library for detecting and addressing application security vulnerabilities, focusing on the persistent threat of Log4Shell (CVE-2021-44228) and Spring4Shell. It highlights that a significant percentage of applications still use outdated, vulnerable versions of Log4j and Spring Framework, leaving them open to attacks such as remote code execution via JNDI lookups and deserialization. Snyk integrates into development workflows via Git, CLI, and CI pipelines to identify risks early and offers one-click fix PRs for vulnerable dependencies. → snyk.io |
| 2026-06-17 NEW 2026 | Proactive AppSec continuous vulnerability management for developers and security teams beginner 8 min read | Library for continuous vulnerability management that integrates Snyk DeepCode AI into IDEs like VS Code and IntelliJ IDEA. It proactively identifies security issues in open-source components, AI-generated code (e.g., from GitHub Copilot), and containerized applications, offering real-time feedback and mitigations for vulnerabilities like XSS and SQL injection, thereby enhancing application security throughout the development lifecycle. → snyk.io |
| 2026-06-17 NEW 2026 | Multiple JetBrains IDE plugins caught stealing AI keys news 5 min read Secrets | Library of malware-infected JetBrains IDE plugins were found exfiltrating AI provider API keys, including those for OpenAI, SiliconFlow, and DeepSeek. At least 15 plugins, installed nearly 70,000 times, disguised as AI coding assistants but secretly transmitted user-provided API keys to a server at 39.107.60[.]51 upon saving them in settings, with no user consent. Affected plugins include "DeepSeek Junit Test," "CodeGPT AI Assistant," and "DeepSeek AI Assist," published under multiple vendor accounts. → aikido.dev |
| 2026-06-17 NEW 2026 | Pickle in the Middle – Hijacking Vertex AI Model Uploads for Cross-Tenant RCE advanced 12 min read AI RCE | Library detailing a vulnerability in the Google Cloud Vertex AI SDK for Python (versions 1.139.0 and 1.140.0) that allows attackers to hijack model uploads. The flaw, termed "Pickle in the Middle," exploits predictable default bucket names and missing ownership checks. Attackers can perform bucket squatting, upload malicious models containing a pickle deserialization payload, and achieve remote code execution within a victim's Vertex AI serving infrastructure. → unit42.paloaltonetworks.com |
| 2026-06-16 NEW 2026 | Over 1 million WordPress sites at risk after popular plugin hacked OptinMonster among those hit in CDN supply-chain attack news 2 min read | Writeup detailing a supply-chain attack compromising over a million WordPress sites through a vulnerability in the UpdraftPlus plugin hosted on Awesome Motive's CDN. The attack involved malicious JavaScript injection via a compromised CDN API key, targeting logged-in WordPress admins to harvest tokens and create rogue accounts, enabling full site takeover and backdoor plugin installation. Site owners are advised to check for fake admin accounts like ‘developer_api1’ and ‘dev_xxxxxx’, inspect for hidden backdoor plugins, and rotate credentials and security salts. → techradar.com |
| 2026-06-16 NEW 2026 | Atomic Arch Supply Chain Attack Hits 1500 AUR Packages news 2 min read | Writeup detailing the Atomic Arch supply chain attack targeting Arch Linux's User Repository (AUR), which compromised over 1,500 packages by modifying build scripts (PKGBUILDs) to execute malicious NPM and Bun-based installations. The attack leveraged abandoned packages, introduced rootkit-like malware for credential harvesting and exfiltration, and utilized eBPF for persistence, making detection and cleanup difficult. → securityweek.com |
| 2026-06-16 NEW 2026 | Introducing WizOS: Securing Wiz from the ground up with hardened, near-zero-CVE container base images. intermediate 4 min read | Library for hardened, near-zero-CVE container base images, WizOS, offers a secure foundation for cloud-native applications. It transitions from Alpine's musl to glibc, supports a wider range of applications, and builds every component from source with signing and provenance. WizOS provides a reproducible build pipeline, reducing critical and high CVEs to near zero, thus minimizing build pipeline interruptions and allowing developers to focus on application logic. It's designed as a drop-in replacement for Alpine-based images and is currently available in private preview for Wiz customers. → wiz.io |
| 2026-06-16 NEW 2026 | The mysterious supply chain concern of string-width-cjs npm package intermediate 6 min read | Analysis of npm package aliasing and its supply chain risks, triggered by an `string-width-cjs` update in `cliui`. The article details how package aliasing can be abused, referencing a 2021 Snyk disclosure. It highlights the discovery of suspicious, seemingly empty npm packages (`string-width-cjs`, `strip-ansi-cjs`, `wrap-ansi-cjs`) published by an anonymous user, potentially for dependency confusion or typosquatting. The analysis further examines how these packages are pulled into other projects, like `react-native-multiply` and `clazz-transformer`, suggesting a campaign to mine Tea tokens. → snyk.io |
| 2026-06-16 NEW 2026 | Ensuring comprehensive security testing in DevOps pipelines beginner 6 min read | Library for integrating comprehensive security testing into DevOps pipelines. It details strategies for assessing application risk profiles and implementing various testing types, including SAST (Snyk Code), SCA (Snyk Open Source), container security (Snyk Container), IaC security (Snyk IaC), DAST, RASP, and API testing. The library emphasizes shifting security left and ensuring coverage across the entire software development lifecycle, from development to production, with recommendations for effective alert notification frameworks. → snyk.io |
| 2026-06-16 NEW 2026 | Lottie Player npm package compromised for crypto wallet theft news 3 min read | Writeup detailing the compromise of the `@lottiefiles/lottie-player` npm package, which injected malicious code into versions 2.0.5 through 2.0.7, enabling cryptocurrency wallet theft. The incident highlights supply chain risks, particularly when using CDNs without pinned dependency versions, and details how tools like Snyk can identify vulnerable installations of this and similar packages. → snyk.io |
| 2026-06-16 NEW 2026 | The Government Just Banned an AI Model. An Engineer's Perspective. news 7 min read AI | Analysis of the US government's ban on Anthropic's Mythos 5 AI model, which was effective at identifying software vulnerabilities. The ban, prompted by a jailbreak that exposed these capabilities, highlights the supply chain risks of AI vendors and the detrimental impact on defenders when defensive tools are removed, creating an arms race disadvantage. The incident sets a precedent for shutting down AI capabilities globally due to potential misuse, underscoring the need for nuanced frameworks for dual-use AI rather than outright bans. → snyk.io |
| 2026-06-15 NEW 2026 | Arch Linux supply chain attack spreads to 1900 AUR packages news 14 min read | Analysis of the Arch Linux supply chain attack details how over 1,900 AUR packages were compromised, injecting a rootkit and credentials harvester. Attackers exploited an AUR mechanism to "adopt" orphaned packages, then modified installation procedures to include malicious npm packages or Bun scripts. The malware targets browser credentials, developer secrets, and access keys. This incident highlights vulnerabilities in community-driven package repositories and the evolving tactics of supply chain attacks. |
| 2026-06-15 NEW 2026 | GitHub to Update npm to Thwart Software Supply Chain Attacks news 2 min read | Library update npm v12 shifts from implicit trust to explicit opt-in to prevent software supply chain attacks. It will block install scripts, Git dependencies, and remote URLs by default. While praised for structural defenses against threats like Miasma, experts caution about potential developer friction and attackers pivoting to private repositories like Artifactory and Nexus. Developers can prepare by upgrading to npm 11.16.0+ or using `npm approve-scripts` to audit dependencies and build allowlists. → infosecurity-magazine.com |
| 2026-06-15 NEW 2026 | 400 Arch Linux Packages Hijacked To Install Rootkit-Like Malware news | Over 400 Arch Linux packages were compromised to install rootkit-like malware. The attackers gained control of the `pkgbuild-web` account on Arch Linux's Git server, allowing them to push malicious code into various packages. This compromised code, when compiled and installed by users, could execute arbitrary commands with root privileges. The vulnerability was discovered by a security researcher who noticed suspicious code within a package. Arch Linux has since revoked the compromised account and is working to remove the malicious code and restore the affected packages. No specific bounty amount was mentioned. |
| 2026-06-15 NEW 2026 | Why Runtime Scanning Is Too Late for Your CI/CD Supply Chain Security intermediate 12 min read | Library for securing CI/CD supply chains, emphasizing proactive governance at the point of ingestion over reactive runtime scanning. It highlights the insufficiency of detection-only security postures, citing the xz Utils backdoor as an example, and addresses the significant resource drain and financial costs associated with late-stage detection. The library's approach counters modern attacks like obfuscated payloads and typosquatting by implementing checks before dependencies enter the development lifecycle, preventing compromises before they impact build environments. → thehackernews.com |
| 2026-06-15 NEW 2026 | DevOps Tools Targeted for Cryptojacking news 10 min read | Library for detecting and defending against cryptojacking campaigns, specifically targeting DevOps tools like HashiCorp Nomad, Consul, Docker API, and Gitea. This campaign, designated JINX-0132, exploits known misconfigurations and vulnerabilities, including an unpatched RCE in Gitea (CVE-2020-14144) and default Nomad job queueing behavior, to deploy the XMRig miner. Attackers leverage publicly available resources like GitHub repositories for payloads and avoid traditional IOCs, complicating detection. → wiz.io |
| 2026-06-15 NEW 2026 | TraderTraitor: Deep Dive advanced 10 min read | Analysis of TraderTraitor details a North Korean threat cluster, linked to Lazarus Group and APT38, that targets cryptocurrency exchanges, DeFi platforms, and crypto startups. The group employs social engineering via phishing emails and trojanized applications, as well as sophisticated supply chain compromises involving malicious npm packages and the JumpCloud incident. TraderTraitor's objective is primarily financial gain through cryptocurrency theft, with notable operations including the DMM Bitcoin exchange heist and the ByBit hack. → wiz.io |
| 2026-06-15 NEW 2026 | Ultralytics AI Pwn Request Supply Chain Attack news 6 min read AI RCE | Analysis of the Ultralytics supply chain attack, involving two distinct phases between December 4-7, 2024, details how malicious versions of the AI library were published to PyPI. This attack exploited a template injection vulnerability in GitHub Actions, specifically within the `ultralytics/actions` workflow, allowing for the exfiltration of GitHub tokens and the distribution of a cryptocurrency mining payload (XMRig) for Monero. The malicious versions (8.3.41, 8.3.42, 8.3.45, and 8.3.46) were detected through unusual CPU usage and abuse detection systems like Google Colab. → snyk.io |
| 2026-06-15 NEW 2026 | Snyk Security Labs Testing Update: Cursor.com AI Code Editor intermediate 3 min read | Analysis of Cursor.com AI Code Editor by Snyk Security Labs details testing for dependency confusion vulnerabilities. Researchers uploaded intentionally named packages to the public NPM repository to test if Cursor's build system would mistakenly pull private extensions from the public registry. These packages exfiltrated system details such as username, hostname, and environmental variables to confirm installation. The analysis concluded that Cursor was not vulnerable to dependency confusion and no sensitive data was disclosed. → snyk.io |
| 2026-06-15 NEW 2026 | Best Practices for Creating a Modern npm Package with Security in Mind beginner 17 min read | Tutorial on creating modern, production-ready npm packages, covering project setup with GitHub, publishing to the npm registry, and implementing security checks. It details using TypeScript for ECMAScript Module format builds, setting up test frameworks, and automating version management and publishing with GitHub Actions. Key steps include enabling two-factor authentication for npm accounts, using `npm publish --dry-run` to preview publications, and configuring `package.json` for build outputs and included files. → snyk.io |
| 2026-06-14 2026 | Miasma supply-chain attack toolkit goes public on GitHub news | The Miasma supply-chain attack toolkit, designed for compromising software build processes, has been publicly released on GitHub. This toolkit allows attackers to inject malicious code into legitimate software updates. Its availability on a public platform increases the risk of its misuse by a wider range of actors. The specific payout amount for any bug bounty related to this toolkit is not mentioned in the provided content. → theregister.com |
| 2026-06-14 2026 | NPM 12 Redefines Script Execution and Dependency Security to Combat JavaScript Supply Chain Attacks beginner 5 min read | Library redefining JavaScript supply chain security, NPM 12 shifts from opt-out to opt-in for risky behaviors like executing lifecycle scripts and resolving Git dependencies. New defaults block automatic script execution from dependencies and prevent remote URL fetches unless explicitly allowed. Innovations include a "min-release-age" setting to mitigate rapidly published malicious packages and the `npm approve-scripts` command for granular script management, directly addressing past attacks involving vulnerabilities like those seen in eslint-config-prettier and the Shai-Hulud worm. → rescana.com |
| 2026-06-14 2026 | The Axios npm compromise was visible in registry metadata before anyone ran npm install news 3 min read | Library for automatically verifying package provenance during `npm install`. This approach catches supply chain attacks like the Axios npm compromise, where malicious versions were published without the expected trusted-publisher block or matching commit hashes. By automating a check for provenance mismatches, akin to comparing registry metadata against an established automated pipeline, this library flags suspicious packages before malicious code can execute, preventing similar compromises to the one involving malicious Axios versions 1.14.1 and 0.30.4. |
| 2026-06-14 2026 | s1ngularity: supply chain attack leaks secrets on GitHub: everything you need to know news 4 min read | Writeup detailing the s1ngularity supply chain attack, which leveraged malicious versions of the Nx build system npm package to steal developer secrets like cryptocurrency wallets, GitHub tokens, and SSH keys. The attack utilized AI command-line tools for reconnaissance and exfiltrated data to attacker-controlled GitHub repositories, with a subsequent phase involving the public release of over 5500 private repositories. The vulnerability exploited a flawed GitHub Actions workflow allowing code injection through unsanitized pull request titles combined with the `pull_request_target` trigger. → wiz.io |
| 2026-06-14 2026 | s1ngularity's Aftermath: AI, TTPs, and Impact in the Nx Supply Chain Attack intermediate 9 min read AI | Analysis of the s1ngularity supply chain attack reveals novel TTPs, including AI-powered malware that abuses GitHub Actions to leak thousands of corporate secrets and exfiltrate sensitive files. The malware specifically targets AI CLIs like Claude, Gemini, and Amazon Q to identify and collect data, and leverages leaked GitHub tokens to further expose private repositories. This incident highlights the significant impact of AI integration in malware and the evolving threat landscape of software supply chain compromises. → wiz.io |
| 2026-06-14 2026 | Widespread npm Supply Chain Attack: Breaking Down Impact & Scope Across Debug, Chalk, and Beyond news 6 min read | Writeup of a widespread npm supply chain attack impacting packages like debug and chalk, detailing how a wallet-hijacking browser interceptor was deobfuscated. The analysis quantifies a roughly two-hour exposure period with high package prevalence and a concerning malware presence, explaining the rapid spread through social engineering and malicious releases. Mitigation strategies involve updating lockfiles, rebuilding from clean caches, invalidating CDN assets, and hotfixing UI elements to prevent transaction redirection to attacker-controlled wallets. → wiz.io |
| 2026-06-14 2026 | Shai-Hulud: Ongoing Package Supply Chain Worm Delivering Data-Stealing Malware news 5 min read | Writeup detailing the Shai-Hulud npm supply chain attack, which involved malicious versions of popular packages spreading data-stealing malware worm-like across the ecosystem. The attack, believed to be a consequence of the s1ngularity/Nx compromise, leveraged a post-install script to harvest sensitive data using tools like TruffleHog, exfiltrate it to GitHub repositories, and propagate itself by publishing malicious package versions. The analysis includes compromised package names, compromised GitHub user data, and recommendations for revoking credentials. → wiz.io |
| 2026-06-14 2026 | Creating SBOMs with the Snyk CLI beginner 6 min read | Library for generating Software Bills of Materials (SBOMs) using the Snyk CLI. It supports various programming languages and package managers, creating SBOMs in CycloneDX, XML, or SPDX formats. The Snyk CLI can also scan existing SBOM files for known vulnerabilities and integrates with tools like Bomber for analysis. Automating SBOM generation within CI/CD pipelines is crucial for security, compliance, and transparency. → snyk.io |
| 2026-06-14 2026 | Do not pass GO - Malicious Package Alert news 2 min read | Library alert detailing a software supply chain compromise in the BoltDB Go Module. Version 1.3.1, released November 2021, was backdoored and remotely controllable via a command and control server. This typo squatting attack, named github.com/botdb-go/bolt, exploited Go Module Mirror's indefinite caching, allowing the malicious code to persist for years. Socket researchers reported the issue, leading to its removal from Go Module Proxy and GitHub, and inclusion in the Go vulnerability database. → snyk.io |
| 2026-06-14 2026 | Snyk Helps Secure the Golang Bento Project news 2 min read | Library contribution that fixes CVE-2025-22869, a denial-of-service vulnerability in golang.org/x/crypto/ssh, within the Golang Bento project. Snyk proactively addressed the issue by updating dependencies to secure versions, demonstrating their commitment to securing open-source projects through their Secure Developer Program. → snyk.io |
| 2026-06-14 2026 | Reconstructing the TJ Actions Changed Files GitHub Actions Compromise news 7 min read Secrets | Writeup on the tj-actions/changed-files GitHub Actions compromise, detailing how an attacker leveraged write privileges, orphaned Git commits, and manipulated release tags to inject malicious code. This code then exfiltrated encrypted secrets from memory and leaked them into public GitHub Action logs, impacting approximately 23,000 repositories. The analysis includes steps to recreate the attack and highlights remediation advice for users to review their logs. → snyk.io |
| 2026-06-13 2026 | NPM 12 Will Change Script Execution Behavior to Prevent Supply Chain Attacks news 2 min read | Library update detailing changes in NPM version 12, set for July release, to mitigate supply chain attacks like TeamPCP and Shai-Hulud. This update will block automatic execution of preinstall, install, and postinstall scripts from dependencies by default. Developers can proactively manage script execution by using `npm approve-scripts` to create an allowlist for trusted packages, preventing vulnerabilities exploited through weaponized binding.gyp files and Git/remote URL dependencies. → securityweek.com |
| 2026-06-13 2026 | Free Compromise Detection for GitHub Repos - Tracebit Community Edition beginner 3 min read | Library that deploys AWS canary credentials and SSH key canaries within GitHub Actions to detect compromised repositories. This free tool installs in under five minutes, covers up to 10 repositories, and alerts users immediately if decoy credentials are touched, providing early detection against supply chain attacks like those seen with Trivy, KICS, LiteLLM, Telnyx, and tj-actions. |
| 2026-06-13 2026 | Dismantling a Critical Supply Chain Risk in VSCode Extension Marketplaces intermediate 7 min read Secrets | Writeup of critical secrets leakage in VSCode IDE extensions impacting both the VSCode and Open VSX marketplaces. Over one hundred instances of leaked Azure DevOps Personal Access Tokens (PATs) and Open VSX Access Tokens were discovered, granting attackers the ability to distribute malicious updates to a combined install base of over 150,000 users. The leakage stemmed from publisher errors, such as bundling dotfiles and hardcoding secrets directly into extension code, affecting various categories including AI provider secrets, cloud platform credentials, and database secrets. Wiz collaborated with Microsoft to implement platform-level guardrails and notify affected publishers. → wiz.io |
| 2026-06-12 2026 | 400 Arch Linux AUR Packages Hijacked to Install Rust Credential Stealer news 5 min read | Analysis of the "Atomic Arch" campaign reveals attackers hijacking over 400 Arch Linux AUR packages, including `alvr` and `premake-git`. They modified build scripts to install a Rust credential stealer, targeting developer secrets like browser cookies, session data, GitHub and Vault tokens, SSH keys, and Docker credentials. The malware also has an optional eBPF rootkit for persistence and evasion. A second wave used `js-digest`. Users are advised to check affected package lists and rotate credentials if a flagged package was installed. → thehackernews.com |
| 2026-06-12 2026 | Early Warning Signs of Supply-Chain Attacks Live in the Dark Web intermediate 5 min read | Survey of underground forum posts reveals early warning signs of supply-chain attacks by identifying compromised GitHub access, private repositories, source code exposure, API keys, OAuth tokens, CI/CD data, and vendor-related leaks. These seemingly ordinary access sales can expose secrets, deployment scripts, cloud credentials, and internal workflows, enabling attackers to compromise trusted software builds, deployments, and integrations, as demonstrated by incidents like Vercel, Sportradar, Mistral AI, Shai-Hulud, LiteLLM, and malicious VS Code extensions. → bleepingcomputer.com |
| 2026-06-12 2026 | Atomic Arch npm Campaign Adds Malicious Dependency news 4 min read | Library for detecting supply chain attacks leveraging orphaned Arch User Repository (AUR) packages, exemplified by the "Atomic Arch" campaign (Sonatype-2026-003775). This campaign hijacks abandoned AUR projects to install malicious npm packages like `atomic-lockfile`, which subsequently deploy a sophisticated Linux payload. The payload includes credential harvesting, stealth capabilities via eBPF for process and file hiding, debugger detection, and data exfiltration functionality, potentially impacting numerous AUR packages. → sonatype.com |
| 2026-06-12 2026 | GitHub Enhances npm Security with Mandatory 2FA and Provenance to Combat Supply Chain Attacks news 5 min read | Library updates enhance npm security by enforcing mandatory two-factor authentication (2FA) for high-impact packages and introducing cryptographically verifiable package provenance via GitHub Actions and OpenID Connect (OIDC). These measures aim to combat supply-chain attacks by increasing account security and providing a trusted chain of custody for published packages, aligning with NIST SP 800-218. → rescana.com |
| 2026-06-12 2026 | Shai-Hulud 2.0 Supply Chain Attack: 25K+ Repos Exposing Secrets news | A supply chain attack, dubbed Shai-Hulud 2.0, has compromised over 25,000 repositories from approximately 350 users by exploiting malicious npm packages. This campaign exposes sensitive information within these repositories. The primary focus is on detecting and mitigating the impact of these compromised packages. → wiz.io |
| 2026-06-12 2026 | Shai-Hulud 2.0 Aftermath: Trends, Victimology and Impact news 7 min read | Analysis of the Shai-Hulud 2.0 supply chain attack reveals its extended activity compared to prior worms, with continued repository creation and infection spikes. The attack primarily targeted Linux containers within CI/CD environments, with GitHub Actions being the leading platform. Key infection vectors identified include the @postman/tunnel-agent and @asyncapi/specs packages. Despite an intended focus on cloud secrets, exfiltration data suggests a bug prevented cloud secret extraction, though thousands of critical secrets were still compromised through methods like TruffleHog, impacting hundreds of companies. → wiz.io |
| 2026-06-12 2026 | Code to Cloud Attacks: From Github PAT to Cloud Control Plane news 7 min read Secrets | Library detailing attack flows where threat actors leverage compromised GitHub Personal Access Tokens (PATs) to gain initial access to cloud environments. It covers observed malicious techniques including secret discovery via code search API, execution of arbitrary code through GitHub Actions to exfiltrate credentials, and defense evasion via log deletion. The library also highlights lateral movement into cloud service provider control planes and supply-chain attack vectors like the tj-actions/changed-files compromise. → wiz.io |
| 2026-06-12 2026 | Cursor IDE Malware Extension Compromise in $500k Crypto Heist news 3 min read AI | Writeup detailing a compromise within Cursor IDE, a VS Code fork, where a malicious "Solidity Language" extension published on the Open VSX Registry led to a $500,000 cryptocurrency heist. The extension bundled a JavaScript file that executed a PowerShell script for exfiltration and crypto hijacking, highlighting risks associated with third-party IDE extensions and unofficial registries. → snyk.io |
| 2026-06-12 2026 | Maintainers of ESLint Prettier Plugin Attacked via npm Supply Chain Malware news 3 min read | Writeup detailing an npm supply chain attack targeting maintainers of popular packages like `eslint-config-prettier` and `eslint-plugin-prettier`. Attackers used typosquatting on `npmjs.com` and spear-phishing to hijack npm registry credentials, leading to the publication of malware-infected versions. Remediation efforts included deprecating malicious packages and publishing fixes. Proactive measures to protect against such attacks include enabling 2FA on npm accounts, using tools like `npq`, and configuring `.npmrc` to ignore postinstall scripts. → snyk.io |
| 2026-06-12 2026 | Secure at Inception: Introducing New Tools for Securing AI-Native Development beginner 6 min read AI | Library for securing AI-native development, introducing three innovations for the entire code lifecycle. It empowers developers to embed Snyk's security testing into agentic workflows with tools like Cursor and Co-Pilot via the MCP Server, enabling automated vulnerability detection for AI-generated code. Additionally, the AI-BOM provides comprehensive visibility and governance for AI components, addressing "shadow AI," while Toxic Flow Analysis (TFA) proactively detects novel attack vectors in agentic systems. → snyk.io |
| 2026-06-12 2026 | Agentic Container Security with Snyk MCP Server intermediate 4 min read AI | Library for agentic container security, Snyk MCP Server automates the identification of Common Vulnerabilities and Exposures (CVEs) within container images. It integrates with AI tools and IDEs to shift container security left, allowing developers to scan and remediate vulnerabilities before committing Dockerfiles. The MCP Server supports operating system vulnerabilities and open-source package issues, complementing Snyk's broader offerings in SCA, SAST, and IaC scanning. → snyk.io |
| 2026-06-12 2026 | Prioritize with Snyk’s Open Source Vulnerability Experience intermediate 3 min read | Library view in Snyk's UI prioritizes open source vulnerability remediation by grouping issues by dependency. This new default view allows users to evaluate the holistic impact of library upgrades, moving beyond individual vulnerability fixes. It aids in making informed decisions by presenting a cost/benefit analysis of resolving multiple vulnerabilities with a single version update, supporting workflows for Maven, .NET, npm, Python, Ruby, and Yarn projects. → snyk.io |
| 2026-06-12 2026 | Weaponizing AI Coding Agents for Malware in the Nx Malicious Package Security Incident news 6 min read AI | Analysis of the Nx malicious package incident details how attackers weaponized AI coding agents, including Claude Code, Gemini CLI, and Amazon's `q` command-line tool, via dangerous prompts (`--dangerously-skip-permissions`, `--yolo`, `--trust-all-tools`) to exfiltrate sensitive data like GitHub tokens, npm credentials, and SSH keys to public GitHub repositories. The attack, which involved malicious Nx and Nx Powerpack releases on npm and impacted the Nx Console VS Code extension, exploited a flawed GitHub Actions CI workflow and a compromised npm token. → snyk.io |
| 2026-06-12 2026 | Analyzing CVE-2026-32743: PX4 MAVLink Buffer Overflow DoS news | The analysis of CVE-2026-32743 highlights a critical vulnerability in PX4's MAVLink implementation, specifically a buffer overflow leading to a Denial of Service (DoS) attack. This is particularly concerning given the increasing use of autonomous drones in civilian sectors, which are now also potential targets in modern conflicts. The widespread deployment of commercial drones exposes a vulnerability in the global supply chain, where platforms used for agriculture and industry could be compromised. The summary does not mention a specific bug bounty payout amount. → infosecwriteups.com |
| 2026-06-12 2026 | [tl;dr sec] #332 - I've Joined OpenAI, fwd:cloudsec, AWS Well Architected Supply Chain Security news 10 min read Talks | Reference list of cloud security techniques, including GitHub token stealing via VSCode, Semgrep taint analysis optimization, Lambda Function URL abuse for command and control, and OIDC namespace recycling for hijacking cloud identities, alongside insights on AI vendor evaluation and AWS Well-Architected Supply Chain Security. → tldrsec.com |
| 2026-06-12 2026 | npm v12 delivers one of the biggest security improvements in years news 5 min read | Library update npm v12 will block dependency install scripts by default, significantly reducing supply chain attack vectors like Nx s1ngularity and Shai-Hulud, which exploited postinstall scripts. This change requires explicit approval for scripts via `npm approve-scripts` and also blocks implicit code execution from `binding.gyp` and insecure Git/remote-URL dependencies by default. The update, already available behind warnings in npm 11.16.0, aims to protect users who don't review package changes. → aikido.dev |
| 2026-06-12 2026 | Trust No Skill: Integrity Verification for AI Agent Supply Chains intermediate 8 min read AI | Library for Behavioral Integrity Verification (BIV) to audit AI agent skills, comparing declared metadata against executable code and natural-language instructions. BIV analyzes skills from registries like OpenClaw, identifying deviations that can range from documentation gaps to multi-stage attack chains for credential theft and remote code execution (RCE). It categorizes threats into network, file system, process execution, environment, encoding, credentials, and instruction-level threats, and differentiates between developer oversight and adversarial intent. → unit42.paloaltonetworks.com |
| 2026-06-11 2026 | GitHub Disables npm Install Scripts by Default in v12 to Prevent JavaScript Supply Chain Attacks news 6 min read | Library update disabling npm install scripts by default in v12 to mitigate JavaScript supply chain attacks like Shai-Hulud, Nx, and event-stream. This change enforces explicit trust, requiring developers to approve script execution and aligning npm with Yarn and pnpm. Additional security measures include stricter authentication, granular tokens, and trusted publishing, addressing risks from malicious transitive dependencies and improving compliance with regulations like the EU Cyber Resilience Act. → rescana.com |
| 2026-06-11 2026 | OceanLotus APT Compromises FireAnt MetaKit in Supply-Chain Attack on Stock Investors news | OceanLotus APT (also known as APT32) has targeted stock investors through a supply-chain attack, compromising FireAnt MetaKit. This sophisticated attack leverages legitimate software to distribute malicious payloads, aiming to infiltrate the systems of financial professionals. The compromise of FireAnt MetaKit, a tool used by many in the industry, represents a significant threat to the sensitive financial data and operations of its users. The full scope and impact of this attack are still being assessed. → cybersecuritynews.com |
| 2026-06-11 2026 | GitHub to Automate Disable npm Script Installs to Block Supply Chain Attacks news | GitHub is enhancing security by automatically disabling `npm script` installs. This proactive measure aims to prevent supply chain attacks by preventing malicious code from being executed during package installations. The update will prevent potentially harmful scripts from running, bolstering the safety of the npm ecosystem and protecting developers from compromised packages. → cybersecuritynews.com |
| 2026-06-11 2026 | NetRise launches Discovery Partner Program to strengthen software supply chain security delivery news 2 min read | Program NetRise's Discovery Partner Program is a partner-first initiative designed to expand access to NetRise solutions through value-added resellers, MSSPs, distributors, technology alliances, and strategic consultants. The program aims to provide partners with the expertise, training, and enablement needed to deliver strategic and implementation support for software supply chain security, helping organizations assess, manage, prioritize, and reduce software risk. It includes channel and distribution growth, technology ecosystem alliances, and federal and strategic consulting partnerships, with partner-enabled services ranging from third-party risk reporting to attack surface management audits. |
| 2026-06-11 2026 | RapidFort Launches Curated Libraries to Stop Supply Chain Attacks Before They Reach the Pipeline news | RapidFort has launched curated libraries designed to prevent software supply chain attacks. These libraries aim to identify and neutralize malicious code within open-source software before it enters development pipelines. By offering pre-vetted and secured components, RapidFort empowers developers to build software more safely and efficiently, reducing the risk of breaches originating from compromised third-party libraries. |
| 2026-06-11 2026 | OceanLotus Hits Vietnam Investors With SPECTRALVIPER in FireAnt Attack news 3 min read | Library. This catalog entry summarizes the use of the SPECTRALVIPER backdoor by the Vietnam-aligned OceanLotus threat actor. Campaigns targeting Vietnamese stock investors leveraged a supply chain attack via the FireAnt Metakit platform, exploiting a lack of integrity validation to distribute the backdoor. Another campaign targeted a Vietnamese infrastructure and transport construction firm, suspected to have utilized remote code execution vulnerabilities in a public-facing Microsoft SQL server, also deploying SPECTRALVIPER through DLL side-loading. → thehackernews.com |
| 2026-06-11 2026 | GitHub to Disable npm Install Scripts by Default to Stop Supply Chain Attacks news 2 min read | Reference detailing changes in npm version 12, disabling install scripts by default to prevent software supply chain attacks. This update modifies behavior around preinstall, install, and postinstall scripts, Git dependencies, and remote URLs to require explicit user approval for code execution. Developers can prepare by upgrading to npm 11.16.0 or newer and using `npm approve-scripts --allow-scripts-pending` to manage trusted package scripts. → thehackernews.com |
| 2026-06-11 2026 | JFrog and Anthropic Bring Enterprise-Grade Software Supply Chain Governance and Security to Claude Code news 2 min read | Platform plugin for Claude Code that integrates JFrog's trusted, universal, multi-agent platform, enabling enterprise-grade software supply chain governance and security for AI coding agents. This collaboration addresses the evolving attack surfaces of capable agents by providing controlled access to scan, curate, and secure artifacts and dependencies, thus mitigating risks from malicious packages and ungoverned AI assets within the software supply chain. The integration aims to provide a system of record with real-time control and visibility into agent decisions, supporting Agentic DevSecOps. |
| 2026-06-11 2026 | CodeBreach: Infiltrating the AWS Console Supply Chain and Hijacking AWS GitHub Repositories via CodeBuild news 13 min read RCE | Tool that exploits CodeBuild misconfigurations to hijack AWS GitHub repositories, including the JavaScript SDK powering the AWS Console. The vulnerability arose from unanchored regex patterns in CodeBuild's ACTOR_ID filter, allowing attackers to register GitHub user IDs that contained pre-existing approved IDs, thus bypassing the filter and triggering builds with malicious code. This technique is similar to attacks seen against the Nx S1ngularity project and the Amazon Q VS Code extension. → wiz.io |
| 2026-06-11 2026 | Introducing SITF: The First Threat Framework Dedicated to SDLC Infrastructure news 6 min read | Framework for modeling and mitigating SDLC infrastructure attacks, SITF categorizes over 70 techniques across Endpoint/IDE, VCS, CI/CD, Registry, and Production pillars. It visualizes attack flows, decomposes events into Risk -> Technique -> Control causal chains, and provides a controls matrix prioritized by attack stage. SITF was developed in response to escalating attacks like Ultralytics hijack, Shai-Hulud, and TrustWallet compromise, addressing gaps in existing frameworks like MITRE ATT&CK and OWASP CI/CD Top 10 for infrastructure-centric threat modeling. → wiz.io |
| 2026-06-11 2026 | What an 'Aha' Moment with an Org Admin Token Taught One DevSecCon Speaker About AI Security beginner 3 min read AI | Talk slides from DevSecCon2025 address AI security, focusing on the vulnerabilities introduced by agentic AI in software development pipelines. The session highlights the risk of supply chain attacks via MCP servers and agents, using an example where an Org Admin Token was inadvertently used for authentication instead of a read-only token, demonstrating a critical security oversight. Attendees will learn strategies for securing these new AI tools and gain an understanding that AI in pipelines demands the same rigorous security as traditional code. → snyk.io |
| 2026-06-11 2026 | npm Supply Chain Attack via Open Source maintainer compromise news 3 min read Secrets | Writeup of an npm supply chain attack where a maintainer of popular packages was compromised via phishing. The attacker gained control of the npm account and published malicious versions of packages, targeting crypto transactions by intercepting and modifying ETH values and swap/transfer requests. Affected packages and versions were identified, and a Sindre Sorhus script was provided for checking dependency trees. → snyk.io |
| 2026-06-11 2026 | Zero-day Extensive NPM Package Compromise - Shai Hulud Supply Chain Attack news 5 min read Secrets | Analysis of the "Shai-Hulud" npm supply chain attack reveals widespread compromise of packages like `@ctrl/tinycolor` and `ngx-bootstrap`. This worm-like malware targets cloud credentials, API keys, and CI/CD environments via malicious `postinstall` scripts embedded in compromised packages, exfiltrating secrets through webhooks and GitHub Actions. The attack affected multiple package namespaces and versions, necessitating comprehensive credential rotation and system audits for affected hosts. → snyk.io |
| 2026-06-11 2026 | Malicious MCP Server on npm postmark-mcp Harvests Emails news 4 min read | Library for detecting malicious npm packages, specifically highlighting the `postmark-mcp` package which was modified to exfiltrate email contents via a blind-copy (BCC) to an external domain. This supply chain attack targeted an MCP server, potentially exposing sensitive data and leading to follow-on compromises. Immediate mitigation includes uninstalling the package, rotating credentials, and blocking the reported exfiltration domain. The companion `mcp-scan` tool is recommended for identifying such risks. → snyk.io |
| 2026-06-11 2026 | Phishing Campaign Leveraging the NPM Ecosystem news 4 min read | Library of obfuscated JavaScript payloads and HTML lure files used in a phishing campaign that weaponized the npm ecosystem and the unpkg.com CDN. The attack involved publishing over 175 npm packages with names like `redirect-[a-z0-9]{6}` and a separate cluster using `mad-x.x.x.x.x.x` names. These packages, served via unpkg.com, redirected victims to credential-harvesting sites after opening crafted HTML "business documents," targeting enterprise employees primarily in Europe. → snyk.io |
| 2026-06-11 2026 | Automated Package-Publication Incident IndonesianFoods in the NPM Ecosystem Linked to Crypto Reward-Farming Scam news 5 min read | Library for detecting automated package publication incidents in the NPM ecosystem, like the "IndonesianFoods" campaign, which involved bulk publishing of low-download packages, often reusing code templates, linked to cryptocurrency reward schemes. It emphasizes automated dependency-health guards, behavior-based scanning, and registry monitoring to proactively flag suspicious activity before it enters the build, referencing tools such as Snyk Open Source and Snyk Code. → snyk.io |
| 2026-06-11 2026 | Compromised Rust crate onering performs code exfiltration news 3 min read Secrets | Writeup detailing a malicious Rust crate, "onering" version 1.4.1, which exfiltrates source code via a compromised `build.rs` script. This script collects Git commit metadata and diffs, disguises them as Sentry telemetry, and sends them to a Sentry ingest endpoint. The compromise affects both the crates.io package and the maintainer's GitHub repository, highlighting a growing trend of build-time payload execution in the Rust supply chain. → aikido.dev |
| 2026-06-11 2026 | The Governance Gap: What IDC’s 2026 Data Reveals About AI and the Software Supply Chain beginner 3 min read AI | Survey of AI governance challenges within the software supply chain, highlighting IDC's 2026 data revealing AI adoption outpaces governance readiness. The report details the rise of "Shadow AI" and the misconception that AI agents can self-police compliance, leading to risks like vulnerable open-source dependencies from npm or PyPI. The solution lies in building platform-level guardrails within the software supply chain to manage AI adoption safely. → jfrog.com |
| 2026-06-10 2026 | NPM v12 to block supply-chain attacks with new security measures beginner | Library update, npm v12, introduces explicit developer approval for formerly automatic actions during `npm install` to prevent supply-chain attacks. This change targets malicious script execution and abuse of Git dependencies, common vectors in recent attacks. Developers relying on these behaviors will need to opt-in, and upgrading to npm 11.16.0+ is recommended for warnings about upcoming breaking changes. → scworld.com |
| 2026-06-10 2026 | Five Supply Chain Security Risks Hiding Inside Your Mobile Apps beginner 4 min read | Survey of supply chain security risks inherent in mobile applications, detailing how upstream dependencies, invisible code suppliers, and dynamic mechanisms like SDKs and open-source packages pose significant threats. It highlights governance gaps stemming from preinstalled firmware, perfunctory marketplace approvals, and rapidly shifting code dependencies, drawing parallels to past incidents like SolarWinds and the detection of Android malware Keenadu embedded in firmware. The survey emphasizes the need for transparency, continuous monitoring, and integrating mobile application oversight with broader cyber disclosure practices and SBOM requirements. |
| 2026-06-10 2026 | The Miasma worm source code briefly leaked on GitHub news 2 min read | Analysis of Miasma, a credential-stealing attack framework that evolved from the Shai-Hulud worm, details its self-propagating supply-chain attacks. This framework, briefly leaked on GitHub, targets developer machines and cloud credentials to compromise repositories, packages, and AI coding tools like Claude and Copilot. It leverages GitHub for command-and-control, employs advanced multi-stage payload obfuscation, and includes a destructive "dead-man switch" that wipes user files if stolen tokens are revoked. The leak is expected to accelerate adoption and evolution of similar attack techniques. → bleepingcomputer.com |
| 2026-06-10 2026 | GitHub announces npm security changes to tackle supply-chain attacks news 2 min read | Library announces security changes in npm v12 to combat supply-chain attacks, mandating explicit approval for execution of pre/postinstall scripts, native module builds, and prepare scripts from Git/local/linked dependencies. It will also require explicit permission for fetching dependencies from Git repositories and remote URLs, disrupting techniques used in attacks like Shai-Hulud and those targeting eslint-config-prettier and Toptal's Picasso packages. Developers can prepare by upgrading to npm 11.16.0 for warnings on upcoming breaking changes. → bleepingcomputer.com |
| 2026-06-10 2026 | JFrog and Anthropic Bring Enterprise-Grade Software Supply Chain Governance and Security to Claude Code beginner | JFrog and Anthropic are collaborating to enhance the security and governance of software supply chains for Anthropic's Claude code. This partnership integrates JFrog's Artifactory and Xray solutions with Claude, an AI model designed for enterprise-level code assistance. The goal is to provide developers with AI-generated code that is both secure and compliant, addressing critical supply chain risks. This integration aims to ensure that code developed with Claude meets enterprise security standards and governance requirements from the outset. |
| 2026-06-10 2026 | JFrog and Anthropic Bring Enterprise-Grade Software Supply Chain Governance and Security to Claude Code beginner 5 min read | Plugin for Claude Code, this JFrog Platform extension enables enterprise-grade software supply chain governance for AI coding agents. It provides real-time upstream governance, enforces policies as code, and offers strengthened auditability by managing over 18 billion artifacts. The integration offers JFrog Platform Skills and MCP Tools for standardized access to security, compliance, and artifact data, supporting universal agent connectivity across environments like Cursor and VS Code Copilot. |
| 2026-06-10 2026 | JFrog and Anthropic Bring Enterprise-Grade Software Supply Chain Governance and Security to Claude Code beginner 5 min read | Library integrating JFrog Platform with Anthropic Claude Code, enabling enterprise-grade software supply chain governance for AI coding agents. This solution provides real-time upstream governance, MCP and agent skills governance, accelerated DevOps workflows, and strengthened auditability. It supports universal agent connectivity through JFrog Platform Skills and MCP Tools, allowing agents to perform operations like vulnerability scanning and provenance verification within their native environments, starting with Claude Code, Cursor, and VS Code Copilot. |
| 2026-06-10 2026 | GitHub Takes Down 73 Microsoft Repos After Miasma Worm Attack news 3 min read | Writeup of the Miasma worm attack on Microsoft repositories, detailing its infiltration of 73 GitHub projects, including Azure and MicrosoftDocs. The worm, a variant of Mini Shai-Hulud, leveraged compromised contributor accounts to inject malicious commits that executed credential-harvesting payloads when code was opened in IDEs and AI coding tools like Claude Code, Gemini CLI, Cursor, and VS Code. This attack signifies a shift in software supply chain threats, targeting the developer environment itself as an attack surface rather than just installed packages. |
| 2026-06-10 2026 | Trivy Compromised: Everything You Need to Know about the Latest Supply Chain Attack news 5 min read | Library. This entry details the "TeamPCP" supply chain attack that compromised Aqua Security's Trivy vulnerability scanner and related GitHub Actions. The attack involved injecting credential-stealing malware into official releases and workflows, leading to the exfiltration of secrets via typosquatted domains and fallback repository mechanisms. Threat actors also leveraged stolen publish tokens for npm ecosystem compromise and deployed iterative payloads. Organizations should audit Trivy versions and GitHub Action references, and consider pinning actions to full SHA hashes for long-term hardening. → wiz.io |
| 2026-06-10 2026 | KICS GitHub Action Compromised: TeamPCP Strikes Again in Supply Chain Attack news 7 min read Secrets | Writeup detailing a supply chain attack on the Checkmarx KICS GitHub Action by TeamPCP, compromising 35 tags and distributing credential-stealing malware via a `setup.sh` script. The attack, similar to the Trivy incident, leverages compromised identities and hardcoded RSA keys, with a new Kubernetes persistence mechanism for follow-on operations. The malware exfiltrates secrets from environment variables, runner memory, AWS metadata, and Kubernetes API, encrypting them and uploading them to GitHub repositories or attacker-controlled domains. → wiz.io |
| 2026-06-10 2026 | Three’s a Crowd: TeamPCP trojanizes LiteLLM in Continuation of Campaign news 3 min read Python Secrets | Writeup detailing the TeamPCP trojanization of LiteLLM versions 1.82.7 and 1.82.8. These malicious packages leveraged Python's `.pth` mechanism for stealthy persistence, exfiltrating cloud credentials, CI/CD secrets, and API keys to attacker-controlled domains. This attack follows TeamPCP's prior compromises of Aqua Security's Trivy and Checkmarx GitHub Actions, highlighting a broader supply chain attack campaign. → wiz.io |
| 2026-06-10 2026 | Tracking TeamPCP: Investigating Post-Compromise Attacks Seen in the Wild intermediate 5 min read Secrets | Analysis of TeamPCP supply chain attacks, including compromises of Trivy, KICS, and LiteLLM. The campaign deploys malware that harvests cloud credentials and secrets, using tools like TruffleHog for validation. Post-compromise activities involve extensive enumeration of AWS services, abuse of GitHub workflows (potentially via Nord Stream), and ECS Exec for code execution and data exfiltration. The threat actor prioritizes speed and volume, utilizing Mullvad VPN and InterServer hosts. → wiz.io |
| 2026-06-10 2026 | Axios NPM Distribution Compromised in Supply Chain Attack news 2 min read | Analysis of the Axios NPM supply chain attack, where compromised maintainer accounts led to malicious versions (v1.14.1, v0.30.4) introducing the `plain-crypto-js` dependency. This attack, tracked as GHSA-fw8c-xr5c-95f9 and MAL-2026-2306, involved payloads downloading RATs from sfrclak.com:8000, capable of remote shell execution and system reconnaissance across macOS, Windows, and Linux. → wiz.io |
| 2026-06-10 2026 | SHA1-Hulud, npm supply chain incident news 3 min read | Writeup of the SHA1-Hulud npm supply chain incident, a worm that infiltrates npm packages with hidden preinstall scripts. This advanced second wave of the Shai-Hulud attack targets developers and CI systems, deploying payloads that turn compromised machines into attacker-controlled GitHub Actions runners. It silently injects malicious workflows, exfiltrates GitHub and npm secrets, and harvests cloud credentials from AWS, Azure, and GCP, enabling remote command execution and broad system compromise. Some variants include destructive wiper capabilities. → snyk.io |
| 2026-06-10 2026 | How Snyk Helps Federal Agencies Prepare for the Genesis Mission Era of AI-Driven Science beginner 3 min read AI | Library for securing software supply chains and AI/ML workflows, enabling federal agencies to align with Secure by Design principles for the Genesis Mission. It provides visibility into open source components, container images, and IaC templates, integrating security into CI/CD pipelines, cloud infrastructure, and research platforms. Snyk aids in identifying vulnerabilities, enforcing policies, generating SBOMs, and meeting federal cybersecurity expectations like NIST 800-218 and EO 14028, accelerating scientific discovery without compromising trust. → snyk.io |
| 2026-06-10 2026 | Evo Adds CycloneDX Support to Give Full AI Visibility beginner 4 min read AI | Library that adds CycloneDX support for AI ModelCards, enabling the generation of AI Bill of Materials (AI-BOMs). This integration provides enterprises with machine-readable inventories that track model dependencies, provenance, licensing, architecture (e.g., transformer, CNN), task domain, input/output formats, and learning approach (e.g., supervised, self-supervised), enhancing visibility and governance for AI supply chain risks. → snyk.io |
| 2026-06-10 2026 | The Holiday Whisper: Shai-Hulud 3.0 news 3 min read | Analysis of Shai-Hulud 3.0, also known as "The Golden Path," reveals an evolved malware variant discovered in the `@vietmoney/react-big-calendar` npm package (version 0.26.2). This iteration focuses on stealth and cross-platform compatibility, refining its logic and re-obfuscating code from source to evade detection. Key technical details include targeted exfiltration to GitHub repositories with a specific description and improved error handling. Attackers are leveraging the holiday period and a transition to "trusted publishing" in the npm ecosystem. Recommended actions focus on structural hardening, such as disabling lifecycle scripts, enforcing lockfile-only installs, implementing cooldown periods for package adoption, and auditing outbound egress. → snyk.io |
| 2026-06-10 2026 | Beyond Detection: Building a Resilient Software Supply Chain (Lessons from the Shai-Hulud Post-Mortem) intermediate 5 min read | Library offering a multi-layered defense strategy for software supply chains, inspired by the Shai-Hulud npm incident. It focuses on proactive prevention with features like Snyk Studio for AI-assisted secure coding, a 21-day dependency upgrade cooldown, and Package Health Intelligence. Detection mechanisms include proactive retesting and shift-left defense with Snyk CLI. Remediation is facilitated by assessing risk exposure, zero-day visibility, and workflow automation for ticket creation, ensuring organizations can react to emerging threats like compromised credentials and malicious exfiltration scripts. → snyk.io |
| 2026-06-10 2026 | Snyk Finds Prompt Injection in 36%, 1467 Malicious Payloads in a ToxicSkills Study of Agent Skills Supply Chain Compromise news 11 min read AI | Library: ToxicSkills is an application security library that provides a comprehensive security audit of AI Agent Skills ecosystems, identifying malware, credential theft, and prompt injection attacks. The library's research, conducted on nearly 4,000 skills from ClawHub and skills.sh, reveals that over a third of these skills contain security flaws, with 13.4% exhibiting critical issues. ToxicSkills utilizes the mcp-scan engine to detect behavioral prompt injection patterns and other malicious activities, including external malware distribution, obfuscated data exfiltration, and security disablement. → snyk.io |
| 2026-06-10 2026 | OWASP Dependency-Track 5.0 Is Now Generally Available news 5 min read | Library for software supply chain integrity verification, OWASP Dependency-Track 5.0 introduces horizontal scaling, active/active high availability, and processing that survives crashes. It now flags components with mismatched published hashes to catch typosquatting and registry tampering, employs an expression-based policy engine using Common Expression Language (CEL) for sophisticated component and vulnerability auditing, and standardizes on PostgreSQL for a single database engine. This release supports larger portfolios and higher throughput, making it suitable for enterprise-scale compliance with regulations like the EU Cyber Resilience Act. → owasp.org |
| 2026-06-10 2026 | Wait, binding.gyp Can Do What? Exploring npm's Weirdest Build System advanced 15 min read RCE | Library for analyzing `binding.gyp` files, highlighting how this npm build system, invoked by `node-gyp`, can be abused to execute arbitrary code during package installation. It details the `<!(...)` command expansion syntax used in `binding.gyp` for executing shell commands and the subsequent sandbox escape vulnerability allowing arbitrary Python code execution via `eval()`, as demonstrated by the Miasma attack which targeted numerous npm packages. → aikido.dev |
| 2026-06-10 2026 | The Cairn Nobody Tends: Open-Source Dependencies Unmaintained Code and the Supply-Chain Failures beginner | This article, "The Cairn Nobody Tends," highlights the significant risks posed by unmaintained open-source dependencies within software supply chains. These neglected projects, often created by hobbyists or those who have moved on, become vulnerabilities. Attackers can exploit these unpatched weaknesses, leading to widespread security failures across the applications that rely on them. The title metaphor suggests these dependencies are like unattended cairns on a trail—once useful landmarks, now overgrown and potentially dangerous if not maintained. |
| 2026-06-09 2026 | 'Hades' Attacks on PyPI Put New Spin on Shai-Hulud news | A sophisticated malware campaign, dubbed "Hades," has targeted the Python Package Index (PyPI). Attackers are using previously unknown techniques to distribute malicious packages, potentially impacting numerous developers and organizations relying on PyPI for dependencies. This new wave of attacks highlights the evolving threat landscape within open-source software ecosystems and emphasizes the need for enhanced security measures. The specific payout for reporting these vulnerabilities is not mentioned. → darkreading.com |
| 2026-06-09 2026 | Miasma Supply Chain Worm Burrows Into 73 Microsoft Repositories news | A supply chain worm named Miasma has compromised 73 Microsoft code repositories. This sophisticated malware targets developers, attempting to steal credentials and potentially inject malicious code into software projects. The worm's ability to spread through development environments poses a significant risk to the integrity of software built using these repositories. Security researchers are actively investigating the extent of the breach and working to mitigate the threat. → darkreading.com |
| 2026-06-09 2026 | Microsoft investigates breach of open-source projects after malware injection news | Library for auditing open-source projects, particularly those related to Microsoft Azure and AI development tools, following an incident where attackers injected password-stealing malware into GitHub repositories. This breach, identified by Cloudsmith and OpenSourceMalware, affected approximately 70 Microsoft projects, highlighting supply chain attack risks and marking Microsoft's second known breach of its open-source code in weeks. → scworld.com |
| 2026-06-09 2026 | Microsoft Disables Dozens of GitHub Repos After Security Breach news 3 min read | Analysis of Microsoft's disabling of 70+ GitHub repositories after a supply chain attack targeting AI coding assistants like Gemini CLI and Cursor. The incident, potentially linked to TeamPCP's prior compromise of Durable Task, highlights risks to software supply chains and developer credentials when malicious files are inserted into trusted repositories, impacting workflows and underscoring the need to monitor AI tools alongside code. |
| 2026-06-09 2026 | Microsoft removes GitHub projects after malware compromise news 2 min read | Library repositories for Microsoft AI coding tools, including those used with Claude Code, Gemini CLI, and Visual Studio Code, were temporarily removed from GitHub after the discovery of malicious code designed to steal credentials. This software supply-chain attack, flagged by Cloudsmith and OpenSourceMalware, affected at least 70 Microsoft projects, some of which had been restored after review. The incident highlights the risks of compromised open-source projects, echoing a previous compromise of Microsoft's Durable Task project. |
| 2026-06-09 2026 | Active Exploitation Alert: Hades PyPI Supply Chain Attack Poisons 19 Python Packages with Bun-Based Credential Stealer news 5 min read | Library for detecting the Hades PyPI supply chain attack, which poisoned 19 Python packages with a Bun-based credential stealer. This threat exploits Python’s site customization mechanism to execute obfuscated JavaScript, harvesting secrets from developer workstations, CI/CD pipelines, and cloud infrastructure. It exhibits advanced persistence, anti-analysis, and propagation techniques, including prompt injection to evade AI scanners and targeting AI/ML and bioinformatics sectors for high-value intellectual property. Mitigation involves auditing Python environments, rotating credentials, and monitoring for suspicious GitHub activity. → rescana.com |
| 2026-06-09 2026 | Supply Chain Attacks Target OpenSource Packages news 2 min read | Analysis of rising supply chain attacks targeting open-source packages, highlighting risks from compromised npm and PyPI modules. Techniques like account hijacking, typosquatting, and exploiting unmaintained packages are discussed, alongside recommendations for dependency auditing, real-time monitoring, and securing developer accounts with MFA. Long-term strategies include SBOM generation and reducing unnecessary dependencies. → petri.com |
| 2026-06-09 2026 | Active Exploitation Alert: Shai-Hulud Supply Chain Attack Compromises 100 NPM and PyPI Packages with Self-Spreading Malware news 4 min read | Library for detecting and mitigating the Shai-Hulud supply chain attack, which compromised over 100 NPM and PyPI packages like those from TanStack and UiPath. The campaign, attributed to TeamPCP, uses self-spreading malware to exfiltrate credentials, install persistence mechanisms via IDE hooks and OS services, and features a destructive wipe routine triggered by token revocation. The library details TTPs including memory scraping, multi-layered obfuscation, and GitHub GraphQL API exfiltration. → rescana.com |
| 2026-06-09 2026 | STX RAT Supply Chain Attack Hits Wallets and X-VPN news 4 min read | Library for detecting the STX RAT supply chain attack, which abuses DLL sideloading with CRYPTBASE.dll via trojanized installers for cryptocurrency software and X-VPN. It targets credentials and sensitive data through a Bitbucket repository and rotating command-and-control domains under supp0v3.com. The library includes YARA rules and detection logic for the sideloading method, in-memory STX RAT execution, and C2 communication. → socprime.com |
| 2026-06-09 2026 | Over 100 NPM PyPI Packages Hit in New Shai-Hulud Supply Chain Attacks news 2 min read | Analysis of Shai-Hulud supply chain attacks details the evolving tactics of the TeamPCP hacking group. Recent campaigns have compromised over 100 NPM and PyPI packages, notably with the "Miasma" variant targeting Red Hat's ecosystem and infecting JavaScript ecosystems. This multi-stage dropper, descendant of Mini Shai-Hulud, steals credentials and API keys to self-replicate. The "Hades" variant, targeting PyPI, executes JavaScript code via a weaponized `*.pth` file and displays similar credential-harvesting and self-spreading behaviors, even mutating its execution chain to evade detection. → securityweek.com |
| 2026-06-09 2026 | Six Accounts, One Actor: Inside the prt-scan Supply Chain Campaign news 7 min read | Analysis of the prt-scan campaign details an AI-powered actor exploiting GitHub's pull_request_target workflow trigger. The attacker opened over 500 malicious PRs across six waves, compromising at least two npm packages. Payloads evolved from bash scripts to AI-generated, language-aware wrappers, attempting to steal GitHub tokens, enumerate secrets, and exfiltrate credentials. Despite elaborate multi-phase payloads, the attack revealed fundamental misunderstandings of GitHub's threat model, limiting overall success but highlighting the growing threat of AI-assisted supply chain attacks. → wiz.io |
| 2026-06-09 2026 | Primer on GitHub Actions Security - Threat Model, Attacks and Defenses (Part 1/2) beginner 8 min read Recon | Library detailing GitHub Actions security, covering threat models, risks like pull request pwnage and script injection, and defensive playbooks. It analyzes dangerous triggers such as `pull_request_target`, explaining how vulnerabilities in these can lead to compromises like the Trivy supply chain breach, and offers mitigation strategies. → wiz.io |
| 2026-06-09 2026 | How to Harden GitHub Actions: An Updated Guide intermediate 13 min read Recon | Library for hardening GitHub Actions, this updated guide details how to mitigate risks demonstrated by incidents like tj-actions, TeamPCP/Trivy-action, and Axios. It covers organization-level administrative settings such as read-only workflow permissions and limiting actions to verified creators or an allowlist with SHA pinning. The guide also discusses branch protection, secrets management with repository, organization, and environment-level secrets, and the importance of immutable releases for action maintainers. → wiz.io |
| 2026-06-09 2026 | From Code to Pipeline: Wiz Code Now Secures Your Build Environment beginner 7 min read | Library for securing CI/CD pipelines, Wiz Code now detects risks associated with AI agents, including prompt injection vulnerabilities in platforms like GitHub Actions. It models workflows, jobs, and runners, identifying dangerous triggers like `pull_request_target` and excessive permissions. The library extends composition analysis to CI, providing a CI-BOM for third-party actions and associating audit log events with specific pipeline contexts to offer unified visibility into traditional misconfigurations and AI-driven threats. → wiz.io |
| 2026-06-09 2026 | Context.ai OAuth Token Compromise news 4 min read AuthN | Analysis of the Context.ai OAuth Token Compromise highlights a supply chain attack vector where compromised tokens for the AI tool enabled access to downstream SaaS platforms like Vercel. Attackers leveraged broad OAuth permissions to access Google Workspace, exemplifying a broader trend of abusing trusted third-party integrations. The analysis details detection methods across Google Workspace, Azure AD, and Okta, alongside investigation steps for affected accounts and user activity, and emphasizes revoking access and rotating credentials to mitigate risks. → wiz.io |
| 2026-06-09 2026 | Supply Chain Campaign Targets SAP npm Packages with Credential-Stealing Malware news 5 min read Secrets | Library for detecting supply chain attacks targeting SAP npm packages, specifically the "Mini Shai Hulud" campaign by TeamPCP. It details how malicious preinstall scripts in packages like `@cap-js/sqlite` and `@cap-js/postgres` execute obfuscated payloads. These payloads steal credentials from developer environments and CI/CD pipelines, targeting GitHub, npm, cloud providers, Kubernetes, and HashiCorp Vault. Exfiltration occurs via attacker-controlled GitHub repositories, with fallback mechanisms leveraging specific commit messages and GitHub GraphQL API. The malware also includes browser credential theft and propagation logic, with a region guardrail that terminates execution on Russian systems. → wiz.io |
| 2026-06-09 2026 | The (In)security Landscape of AI-Powered GitHub Actions (Part 2/2) intermediate 8 min read AI | Analysis of AI-powered GitHub Actions reveals critical vulnerabilities, including bypassed permission checks that allow external attackers to trigger AI execution and a novel secret exfiltration vector targeting dynamically created credential files. Popular actions like `anthropics/claude-code-action` and `google-github-actions/run-gemini-cli` were found to have misconfigurations, potentially affecting numerous high-star repositories. Techniques like "Dangling GitHub Apps" and "Dependabot Deputy Confusion Injection" highlight the risks associated with naive string-based permission validation and the manipulation of trusted bot identities. → wiz.io |
| 2026-06-09 2026 | How a Malicious Google Skill on ClawHub Tricks Users Into Installing Malware news 5 min read AI | Library for securing AI agent skills; detects malicious instructions in SKILL.md files, preventing attacks like the OpenClaw "google-qx4" skill which tricked users into downloading malware. It addresses vulnerabilities in AI supply chains, specifically targeting agent-driven social engineering, and offers solutions like Evo by Snyk and mcp-scan to monitor agent behavior and uncover hidden AI components. → snyk.io |
| 2026-06-09 2026 | Why Your “Skill Scanner” Is Just False Security (and Maybe Malware) news 6 min read AI | Library for AI agent security scanning, focusing on the limitations of regex-based tools like SkillGuard, Skill Defender, and Agent Tinman against nuanced threats such as prompt injection and obfuscated payloads. It highlights the inadequacy of pattern matching for natural language and advocates for AI-native approaches, referencing the `mcp-scan` tool from Snyk's Evo platform for intent analysis and behavioral assessment of `SKILL.md` files. → snyk.io |
| 2026-06-09 2026 | Securing the Agent Skill Ecosystem: How Snyk and Vercel Are Locking Down the New Software Supply Chain intermediate 8 min read AI | Library integrating Snyk's security intelligence into Vercel's skills.sh marketplace, auditing AI agent skills for vulnerabilities like prompt injection and "toxic flows" using LLM-based judges and deterministic rules. The system analyzes both execution logic and natural language instructions, providing a "Security Verified" badge and continuously re-evaluating skills to mitigate supply chain risks in the rapidly growing agent ecosystem. → snyk.io |
| 2026-06-09 2026 | How “Clinejection” Turned an AI Bot into a Supply Chain Attack advanced 9 min read AI | Analysis of the "Clinejection" vulnerability chain details how an AI bot in the Cline repository was exploited via indirect prompt injection and GitHub Actions cache poisoning to facilitate a supply chain attack. This attack, discovered by Adnan Khan and later exploited by an unknown actor, leveraged a GitHub issue to trick the AI triage bot into executing malicious code from a compromised commit. The attacker then used cache poisoning with the Cacheract tool to gain access to production credentials, ultimately publishing a malicious version of the Cline CLI to npm, which installed the OpenClaw AI agent. → snyk.io |
| 2026-06-09 2026 | The 89% Problem: How LLMs Are Resurrecting the "Dormant Majority" of Open Source beginner 6 min read | Database of package health data that bridges the gap between open source intelligence and package health, providing developers and AI agents with data points on security, popularity, maintenance, and community engagement. This database helps identify risks associated with the "Dormant Majority" of abandoned open source projects, which AI systems may recommend due to training data biases. It aids in preventing insecure package selections, such as the archived `gorilla/sessions` package, and mitigates risks like AI package hallucinations and slopsquatting by enforcing dependency safety at introduction. → snyk.io |
| 2026-06-09 2026 | How a Poisoned Security Scanner Became the Key to Backdooring LiteLLM news 9 min read Python RCE | Toolkits and writeups detail the compromise of the LiteLLM Python package on PyPI, where versions 1.82.7 and 1.82.8 were found to contain malicious code. This incident, tracked by Snyk as SNYK-PYTHON-LITELLM-15762713, resulted from a supply chain attack originating with a compromised Trivy security scanner. The attack leveraged a .pth file mechanism for execution and involved multi-stage data collection, AES-256 and RSA encryption, exfiltration to `models.litellm.cloud`, and persistence via systemd user services and Kubernetes lateral movement. The threat actor, TeamPCP, utilized consistent infrastructure across this and prior attacks on Trivy and Checkmarx KICS. → snyk.io |
| 2026-06-09 2026 | Axios npm Package Compromised: Supply Chain Attack Delivers Cross-Platform RAT news 7 min read RCE | Library versions 1.14.1 and 0.30.4 of the popular Axios npm package were briefly compromised, allowing a supply chain attack to deliver a cross-platform RAT. The malicious versions added a hidden dependency, plain-crypto-js@4.2.1, which executed a double-obfuscated dropper script during installation. This script detected the OS, downloaded platform-specific RAT payloads, and then self-erased, leaving minimal traces. The attack targeted systems that ran `npm install` within a two-hour window on March 31, 2026, and also affected packages `@qqbrowser/openclaw-qbot` and `@shadanai/openclaw`. → snyk.io |
| 2026-06-09 2026 | Meet Hades: The malware that lies to AI security agents advanced 4 min read | Writeup of the Hades campaign, a supply-chain attack compromising Python packages and targeting AI security agents. This sophisticated worm uses obfuscated scripts within `__init__.py` to execute multi-layer payloads, leveraging the Bun toolkit to bypass traditional controls. Hades exploits vulnerabilities in popular libraries like ensmallen and computational biology packages, while employing adversarial prompt injection to deceive LLM code analysis systems into classifying malicious code as clean. It propagates via GitHub, targets cloud credentials and AI agent configurations, and utilizes Sigstore to generate signed provenance bundles for compromised packages. → infoworld.com |
| 2026-06-09 2026 | Thwarting the Cybercriminals Targeting Your Service Supply Chain news 5 min read | Library for securing service supply chains, addressing threats beyond traditional hardware and software vulnerabilities. It highlights how attackers exploit trusted service relationships, referencing incidents at M&S and Co-op. The library also covers the risks introduced by agentic AI, such as custom, third-party, and hybrid AI solutions, and advocates for continuous security practices and thorough vetting of service providers to mitigate these evolving threats. |
| 2026-06-08 2026 | Red Hat npm Packages Hit by Miasma Credential-Stealing Attack news 4 min read | Analysis of the Miasma campaign details a supply-chain attack targeting @redhat-cloud-services npm packages. Attackers compromised a CI/CD pipeline to inject trojanized code, leveraging GitHub Actions OIDC to publish poisoned packages with valid signatures. The malware uses obfuscation, the Bun runtime, and targets credentials from GitHub, cloud providers, and HashiCorp Vault, with a destructive safeguard. → socprime.com |
| 2026-06-08 2026 | VS Code adds 2-hour delay for extension updates to combat supply chain threats news | Library update: VS Code implements a two-hour delay for extension updates, excluding trusted publishers like Microsoft and GitHub, to mitigate software supply chain attacks. This defensive measure, mirroring practices in RubyGems, Bun, npm, pnpm, and Yarn, aims to reduce the exposure window for potentially compromised or malicious releases before they are automatically installed. → scworld.com |
| 2026-06-08 2026 | Microsofts GitHub repositories taken offline amid Miasma supply chain attack news 2 min read | Analysis of the Miasma supply chain attack that led to Microsoft's GitHub repositories being taken offline. The self-replicating malware strain, evolving from the Mini Shai-Hulud worm, compromised dozens of repositories across Azure services, developer tools, and documentation. Attackers stole developer credentials, cloud secrets, and tokens to inject malicious code directly into popular GitHub repositories and open-source ecosystems like Mantine. This campaign bypasses traditional defenses by operating within legitimate channels, leveraging trusted accounts and signing credentials to distribute malicious updates, impacting projects associated with vendors such as Red Hat, Bitwarden, Mistral, SAP, and OpenAI. |
| 2026-06-08 2026 | How Cyber Attacks across the Supply Chain can be Smartly Thwarted beginner 3 min read | Library on thwarting supply chain cyber-attacks, detailing rigorous vendor risk management, least privilege principles, multi-factor authentication, continuous monitoring, software supply chain security practices like SBOMs, employee awareness training, incident response planning, and Zero Trust architecture. |
| 2026-06-08 2026 | Practical Package Security: The Unofficial Guide beginner 6 min read | Guide on practical package security, this resource addresses risks in third-party package consumption. It details mitigations like minimizing dependencies, adopting cooldown periods for updates, utilizing lockfiles and hashes, employing wrapper tools, and restricting install-time execution. Organizational controls include protecting execution environments with remote developer environments and zero trust production, and controlling installations via registry pull-through proxies or curated registries. Examples like TeamPCP / Trivy-action and Axios supply chain compromises highlight the urgency of these practices. → wiz.io |
| 2026-06-08 2026 | The Jenkins Threat Landscape intermediate 7 min read | Library that details the Jenkins threat landscape, focusing on core vulnerabilities, the plugin ecosystem, and common misconfigurations. It highlights that most compromises exploit insecure usage patterns and weak access controls, rather than novel software flaws. Observed attack flows leverage exposed Jenkins instances for script execution, abuse CI/CD pipelines for secret extraction, and exploit plugin/core vulnerabilities, often chaining these techniques for broad environment compromise. → wiz.io |
| 2026-06-08 2026 | Mini Shai-Hulud Strikes Again: TanStack + more npm Packages Compromised news | The Mini Shai-Hulud campaign has compromised several npm packages, including those within the TanStack ecosystem. This latest supply chain attack specifically targets developer tooling. Security researchers are advising developers to detect and mitigate these malicious packages to protect against potential threats. No specific bounty payout amounts were mentioned. → wiz.io |
| 2026-06-08 2026 | The Worm That Keeps on Digging: TeamPCP Hits @antv in Latest Wave news 2 min read Secrets | Analysis of the "MiniShaiHulud" campaign details a sophisticated software supply chain attack attributed to "TeamPCP." The campaign targeted npm packages, GitHub Actions, and a VSCode extension, with malware designed to steal credentials like GitHub tokens and SSH keys, and establish persistence via a Python backdoor. Malicious payloads were concealed in orphaned GitHub commits, and exfiltration occurred through attacker-generated repositories with the description "niagA oG eW ereH :duluH-iahS." The backdoor communicates using the trigger "firedalazer." → wiz.io |
| 2026-06-08 2026 | durabletask: TeamPCP's Latest PyPi Compromise news 2 min read Python | Writeup of the durabletask supply chain attack, where malicious versions 1.4.1, 1.4.2, and 1.4.3 of the Microsoft Python client were published to PyPi via a compromised GitHub account. The attack leveraged dumped GitHub secrets to obtain a PyPi token, enabling the release of compromised packages. Wiz recommends immediate identification of exposure by searching for specific filenames and infection markers, rotating all credentials, auditing AWS SSM and Kubernetes logs, checking password manager sessions, and blocking C2 infrastructure. → wiz.io |
| 2026-06-08 2026 | Commit to Compromise: A New Threat Actor Targeting the Cryptocurrency Industry's Software Development Infrastructure news 13 min read | Writeup on JINX-0164, a threat actor targeting cryptocurrency organizations with social engineering via LinkedIn, custom macOS malware like AUDIOFIX, and CI/CD infrastructure hijacking. The actor leverages credential theft from endpoints, impersonates developers in Git commits, and injects malicious code into repositories to achieve lateral movement and execute supply chain attacks, such as with the `@velora-dex/sdk` package on npm. → wiz.io |
| 2026-06-08 2026 | Malicious Release of elementary-data PyPI Package Steals Cloud Credentials from Data Engineers news 8 min read Secrets | Library for detecting and mitigating supply chain attacks, exemplified by the malicious elementary-data PyPI package compromise. The attack vector exploited a GitHub Actions script injection flaw to publish a credential-stealing package containing a disguised Python `.pth` file. This payload harvested sensitive data including cloud credentials (AWS, GCP, Azure), SSH keys, container secrets, cryptocurrency wallets, and system files, exfiltrating them to a C2 server. → snyk.io |
| 2026-06-08 2026 | "A Mini Shai-Hulud Has Appeared": Bun-Based Stealer Hits SAP @cap-js and mbt npm Packages news 13 min read Secrets | Analysis of the "Mini Shai-Hulud" campaign targeting SAP's npm packages, including `@cap-js/db-service`, `@cap-js/sqlite`, `@cap-js/postgres`, and `mbt`. Attackers published malicious versions that utilized the Bun runtime to execute an obfuscated credential stealer, with observed self-propagation code and the ability to hijack CI pipelines. This campaign builds upon previous Shai-Hulud incidents, focusing on credential theft and persistence injection. → snyk.io |
| 2026-06-08 2026 | lightning PyPI Compromise: A Bun-Based Credential Stealer in Python news 11 min read Secrets | Library compromised with malicious versions of `lightning` (2.6.2, 2.6.3) that download and execute a Bun-based credential stealer. This loader uses obfuscated JavaScript, similar to a prior npm campaign, and harvests tokens from GitHub, npm, and cloud metadata services. It also attempts repository poisoning via GitHub GraphQL mutations and self-propagation on npm. Snyk has published advisory SNYK-PYTHON-LIGHTNING-16323121 for this CWE-506 (Embedded Malicious Code) incident. → snyk.io |
| 2026-06-08 2026 | TanStack Npm Packages Compromised Inside The Mini Shai Hulud Supply Chain Attack news 12 min read Secrets | Analysis of CVE-2026-45321, detailing the Mini Shai-Hulud supply chain attack that compromised TanStack npm packages. The incident involved three chained vulnerabilities: a "Pwn Request" via `pull_request_target` exploiting TanStack's bundle-size workflow, GitHub Actions cache poisoning of the pnpm package store, and OIDC token extraction from runner memory to publish malicious packages with valid SLSA provenance. This attack, attributed to TeamPCP, marks the first documented instance of malicious npm packages achieving indistinguishable provenance. → snyk.io |
| 2026-06-08 2026 | Malicious node-ipc versions published to npm in suspected maintainer account compromise news 6 min read | Library detailing the compromise of node-ipc npm package versions 9.1.6, 9.2.3, and 12.0.1, which contained an obfuscated credential-stealing payload. The attack likely involved abusing a legitimate npm maintainer account, potentially through expired domain takeover and account recovery, rather than a CI/CD pipeline breach. The payload targets over 90 credential categories, including cloud, SSH, and Kubernetes secrets, exfiltrating data to attacker-controlled infrastructure. Organizations are advised to identify and remove affected versions, rotate exposed secrets, and harden their package consumption practices. → snyk.io |
| 2026-06-08 2026 | Mini Shai-Hulud Hits AntV: 300+ Malicious npm Packages Published via Compromised Maintainer Account news 8 min read | Library of malicious npm packages distributed via the Mini Shai-Hulud campaign targeted the AntV data visualization ecosystem, involving over 300 compromised package versions. The attack leveraged a compromised maintainer account to inject obfuscated Bun JavaScript payloads triggered by `preinstall` hooks. These payloads harvest developer secrets and cloud credentials from AWS, GCP, Azure, GitHub, and others, establish C2 persistence through various mechanisms including IDE hooks and OS daemons, and attempt self-propagation using stolen npm tokens. The campaign also utilized orphan commits and Sigstore to forge build provenance, deceiving security tools. → snyk.io |
| 2026-06-08 2026 | The AntV Supply Chain Campaign Expands: Microsoft's `durabletask` PyPI Package Compromised news 2 min read | Library compromise affecting Microsoft's `durabletask` Python package on PyPI, identified as SNYK-PYTHON-DURABLETASK-16761538, features a malicious payload including an infostealer targeting Linux systems, a worm for propagation, and a disk wiper. This incident is linked to the broader AntV Shai Hulud supply chain campaign, with threat actors expanding their targeting to include packages associated with major technology companies. Developers should verify their `durabletask` version and scan projects with Snyk. → snyk.io |
| 2026-06-08 2026 | Securing The AI Revolution: How Snyk And Our Partners Are Scaling For The Future news 3 min read AI | Library for embedding application security within AI-driven development workflows. It details Snyk's integration with partners like Anthropic, Cursor, AWS, Atlassian, and OpenAI to govern AI-generated code. The entry highlights Snyk's Partner Services Delivery Program and Partner Accelerator Fund, designed to help partners build high-margin professional services around the Snyk AI Security Platform, enabling them to offer implementation, integration, and remediation services for AI/AppSec maturity. → snyk.io |
| 2026-06-08 2026 | Laravel Lang Supply Chain Advisory news 8 min read | Library of compromised Laravel localization packages on Packagist, specifically those under the `laravel-lang` namespace. An attacker used a leaked GitHub PAT to republish over 700 historical versions with a malicious `helpers.php` file. This file, registered in `autoload.files`, executed on every PHP request, fetching a second-stage payload from `flipboxstudio.info` that steals cloud keys, Kubernetes and Vault secrets, CI/CD tokens, SSH material, environment files, browser data, password manager vaults, crypto wallets, and messaging tokens. Affected environments should be treated as compromised until proven otherwise. → snyk.io |
| 2026-06-08 2026 | How Relay Network Adopted AI Coding Securely and Built the Foundation for Agentic Development intermediate 7 min read AI | Library integrating Snyk into GitHub Copilot enables Relay Network to achieve secure-at-inception development. This approach embeds security findings and remediation directly into the coding workflow, reducing delays and allowing developers to fix vulnerabilities in real-time before committing code. Custom pre-commit hooks further enhance this by scanning all newly introduced code, facilitating rapid adoption and dramatically lowering Mean Time To Remediate (MTTR) for critical issues. → snyk.io |
| 2026-06-08 2026 | Miasma supply chain attack: malicious code found in @redhat-cloud-services npm packages news 7 min read | Analysis of the Miasma supply chain attack details malicious code embedded in at least 32 @redhat-cloud-services npm packages, impacting the Red Hat Hybrid Cloud Console. The compromised releases feature a preinstall script that executes an obfuscated payload, harvesting developer and cloud credentials and attempting to self-propagate. The campaign utilizes a worm-like descendant of the (Mini) Shai-Hulud framework, targeting GCP and Azure identities. The root cause involves a compromised Red Hat employee GitHub account pushing malicious commits, bypassing code review and generating packages with valid SLSA provenance. → snyk.io |
| 2026-06-08 2026 | Miasma: Supply Chain Attack Targeting RedHat npm Packages news 3 min read | Analysis of the Miasma campaign reveals a supply chain attack targeting @redhat-cloud-services npm packages, with over 32 releases containing unauthorized modifications. The malware, derived from TeamPCP's Mini Shai-Hulud, uses obfuscated JavaScript payloads and installation-time execution via preinstall scripts. It focuses on extracting cloud identities from GCP and Azure, generating unique encrypted payloads per infection, and was injected via a compromised Red Hat employee GitHub account. Security teams should investigate developer environments, audit for affected packages and GitHub Actions, rotate credentials, and strengthen supply chain defenses through allowlisting, SBOM generation, and improved monitoring. → wiz.io |
| 2026-06-08 2026 | Node-gyp Supply Chain Compromise: A Self-Propagating npm Worm That Hides in binding.gyp news 10 min read RCE | Library for detecting the Node-gyp Supply Chain Compromise, a self-propagating npm worm that exploits `binding.gyp` files for install-time code execution. This worm, classified as Embedded Malicious Code at Critical severity, harvests developer and CI/CD credentials across multiple cloud providers and password managers, exfiltrates them via GitHub repositories, and uses GitHub Actions for persistence, as reported by Snyk and StepSecurity who named the technique "Phantom Gyp" and the campaign "Miasma." → snyk.io |
| 2026-06-08 2026 | [tl;dr sec] #327 - Finding Zero-days with Any Model, Practical Package Security, Measuring the AI Offense-Defense Gap beginner 15 min read AI | Library for finding vulnerabilities in codebases, deepsec employs AI coding agents like Claude Opus 4.7 and GPT-5.5, running on user infrastructure. It conducts regex sweeps, traces data flows, and assesses severity with a refusal-detection classifier, reducing false positives through a revalidation step and offering plugin system for tuning and parallel execution. → tldrsec.com |
| 2026-06-08 2026 | Red Hat npm Packages Compromised to Spread a Credential-Stealing Worm news 5 min read Secrets | Library detailing the compromise of 32 @redhat-cloud-services npm packages with Miasma, a credential-stealing worm variant similar to Mini Shai-Hulud. The attack exploited a compromised GitHub account to bypass npm's trusted publishing via GitHub Actions OIDC, injecting malicious `_index.js` payloads that steal cloud credentials, CI secrets, and SSH keys. This incident highlights vulnerabilities in CI/CD pipelines and the potential for open-sourced malware frameworks like Mini Shai-Hulud to be adapted by various threat actors. → aikido.dev |
| 2026-06-08 2026 | Why EDR and proxy won’t save you from supply chain malware intermediate 3 min read | Library for securing the developer supply chain, Aikido Device Protection operates directly on the machine to monitor package installation and runtime behavior. It addresses the critical gap left by traditional EDR and proxy solutions, which fail to detect malicious code embedded within trusted runtimes like npm or Python packages. Examples include post-install scripts stealing credentials or backdoored initialization files, bypassing standard security perimeters and process monitoring by mimicking legitimate operations. → aikido.dev |
| 2026-06-08 2026 | Initial Access Changed, The Attack Path Did Not: Findings From The Verizon 2026 DBIR news 9 min read AuthN Secrets | Survey of 2026 DBIR findings highlighting credential abuse and exploited vulnerabilities as primary attack vectors, emphasizing the critical role of leaked credentials, API keys, and tokens in both initial access and lateral movement. The analysis details how DevSecOps workflows, third-party integrations like OAuth, and the increasing use of AI by attackers create extensive credential exposure paths, turning leaked secrets into reusable attacker assets that enable ransomware and system intrusions. Incident response requires thorough credential exposure analysis to understand the blast radius and revoke compromised access. → blog.gitguardian.com |
| 2026-06-08 2026 | Four Credential-Harvesting Campaigns Hit Open Source Ecosystems in Two Weeks news 3 min read Secrets | Survey of four recent credential-harvesting campaigns—Megalodon, Laravel-Lang, TrapDoor, and Miasma—targeting open source ecosystems, including GitHub, npm, PyPI, Crates.io, and Composer. These attacks compromised repositories and packages, exploiting CI workflows, Git tag rewriting, and various execution paths to exfiltrate sensitive data like cloud credentials, SSH keys, and AI coding assistant instructions, without relying on zero-days. → blog.gitguardian.com |
| 2026-06-08 2026 | Introducing Package Traffic Controller: Software Supply Chain Security at the Network Edge beginner 4 min read | Library that enforces software supply chain security at the network edge. Package Traffic Controller intercepts all outbound package download requests, rerouting them transparently through Artifactory for inspection against security, license, and quality policies. This approach prevents shadow downloads from AI agents or other non-development users, ensuring compliance without disrupting developer workflows, and provides auditable logging of all artifact interactions. → jfrog.com |
| 2026-06-08 2026 | NVIDIA NIM Models Are Now Governed Assets in Your Supply Chain intermediate 5 min read AI | Library for integrating NVIDIA NIM models into your software supply chain. This solution allows governance, versioning, and security controls for NIM models, similar to other artifacts like Docker images and npm packages. It unifies discovery of AI assets from NVIDIA NIM and Hugging Face within a single catalog, enabling explicit allow/block policies and providing a comprehensive audit trail. The library streamlines the process of bringing models from NGC to production, ensuring compliance and security without creating separate registries or governance gaps. → jfrog.com |
| 2026-06-08 2026 | The npm Threat Landscape: Attack Surface and Mitigations (Updated June 2) news 27 min read | Library for monitoring npm supply chain attacks, detailing incidents like the Shai-Hulud worm, Mini Shai-Hulud campaigns, and the @redhat-cloud-services namespace compromise. It analyzes evolving adversary TTPs including wormable propagation, infrastructure-level persistence, and multi-stage payloads, offering remediation playbooks for credential rotation and dependency purging. The library highlights attacks against various ecosystems, including enterprise infrastructure, AI tooling, and specialized packages, emphasizing the weaponization of trust in modern software development. → unit42.paloaltonetworks.com |
| 2026-06-08 2026 | A year of open source vulnerability trends: CVEs, advisories, and malware news 5 min read | Analysis of 2025 open-source vulnerability trends reveals a significant increase in npm malware advisories, including campaigns like SHA1-Hulud, and a 35% surge in CVE records published by GitHub's CNA. While reviewed advisories decreased, newly reported vulnerabilities increased, with cross-site scripting (CWE-79) remaining prevalent, alongside notable rises in resource exhaustion (CWE-400, CWE-770), unsafe deserialization (CWE-502), and server-side request forgery (CWE-918). CWE tagging became more specific, improving triage accuracy, and the use of CVSS and EPSS scoring is recommended for prioritizing responses to vulnerabilities like CWE-863 ("Incorrect Authorization"). → github.blog |
| 2026-06-08 2026 | Securing the open source supply chain across GitHub intermediate 3 min read | Library for securing open source supply chains, focusing on GitHub Actions. It details how to enable CodeQL for workflow reviews, implement best practices like pinning third-party Actions to SHAs and avoiding `pull_request_target` triggers, and leverage OpenID Connect tokens for authorization instead of secrets. The library also highlights GitHub's partnership with OpenSSF for trusted publishing across npm, PyPI, NuGet, RubyGems, and Crates, and discusses ongoing efforts in malware detection and response to evolving threats like Shai-Hulud. → github.blog |
| 2026-06-08 2026 | We hardened zizmor's GitHub Actions static analyzer intermediate 4 min read Secrets | Library that hardened zizmor, a static analyzer for GitHub Actions workflows, by fixing parsing bugs related to YAML anchors and surfacing deserialization edge cases. This work addressed issues like malformed findings and silent data mishandling, improving zizmor's analysis of workflows from 6,612 high-value open-source repositories and aligning its expression evaluator with GitHub's test suite. The improvements enhance protection against supply-chain attacks, such as the aquasecurity/trivy-action exploit. → blog.trailofbits.com |
| 2026-06-08 2026 | RubyGems adds dependency cooldown to counter supply chain attacks news 14 min read | Library with support for dependency cooldowns, a feature designed to mitigate supply chain attacks by delaying the installation of newly released packages. This functionality, now integrated into RubyGems, mirrors similar implementations in the JavaScript (npm) and Python (pip, uv) ecosystems, as well as tools like Deno, Yarn, and Bun. Dependency cooldowns require packages to be a specified age (e.g., 7 days) before installation, providing time for security teams and maintainers to detect malicious versions. While disabled by default, this feature allows developers to enforce a delay, preventing immediate installation of potentially compromised code. |
| 2026-06-07 2026 | New Shai-Hulud Miasma Wave Hits Hundreds of npm Packages news 6 min read | Library of malicious npm package versions, part of the Shai-Hulud Miasma wave, abuses `binding.gyp` to execute payloads during `npm install`. These packages steal developer and CI/CD credentials, validate access, and self-propagate by publishing new malicious versions. Organizations that installed affected versions (tracked as sonatype-2026-003581) should treat impacted environments as compromised, rotate all credentials, and audit repositories for unauthorized changes. → sonatype.com |
| 2026-06-07 2026 | Miasma Worm Supply Chain Attack: 73 Microsoft GitHub Repositories Compromised via AI Coding Tools news 6 min read | Library for detecting and mitigating supply chain attacks like the Miasma worm, which compromised 73 Microsoft GitHub repositories by exploiting compromised credentials and triggering malicious JavaScript payloads via AI coding tools like Claude Code, Gemini CLI, Cursor, and VS Code. The worm harvested credentials for AWS, Azure, GCP, Kubernetes, npm, and GitHub, propagating itself autonomously and disrupting CI/CD pipelines like Azure/functions-action. It showcases advanced evasion techniques including backdated commits and [skip ci] flags, targeting developer workflows and AI agent interactions. → rescana.com |
| 2026-06-06 2026 | Node-gyp Supply Chain Compromise news 10 min read | Library for detecting and mitigating the Node-gyp Supply Chain Compromise, a self-propagating npm worm that abuses `binding.gyp` files for install-time code execution. This attack bypasses standard script-based security tooling by leveraging `node-gyp`'s configuration phase to run arbitrary commands, including a multi-stage Bun-based loader that harvests developer and CI/CD credentials from various cloud providers and password managers. The worm then exfiltrates these secrets and self-propagates by republishing compromised packages, as initially reported by StepSecurity with the "Phantom Gyp" technique and the "Miasma" campaign. → snyk.io |
| 2026-06-06 2026 | Miasma Malware Hits 32 Red Hat Packages via Compromised GitHub Account news 2 min read | Writeup detailing the Miasma malware supply chain attack that compromised 32 Red Hat packages on npm. Hackers gained access via a compromised GitHub account, pushing malicious orphan commits to RedHatInsights repositories. The malware, based on Mini Shai-Hulud, acts as a self-propagating worm and credential stealer, targeting cloud login keys for AWS, Azure, and GCP, as well as SSH keys and AI tool secrets. The worm also seeks to infect other npm packages from the compromised developer's identity. → hackread.com |
| 2026-06-06 2026 | Miasma Worm Hits 73 Microsoft GitHub Repositories in Major Supply Chain Attack news 3 min read | Writeup detailing the Miasma worm's supply chain attack that compromised 73 Microsoft GitHub repositories, including those for Azure Functions and the Durable Task ecosystem. The attack, a variant of the Mini Shai-Hulud worm, re-compromised the "durabletask" PyPI package and leveraged developer tools like Claude Code, Gemini CLI, Cursor, and VS Code, along with npm test scripts, to propagate by exploiting trust in authenticated maintainers and signed packages. → thehackernews.com |
| 2026-06-06 2026 | Patching fast and slow: Ruby devs delay to defend against supply chain attack news 1 min read | Library update from RubyGems introduces a cooldown feature for Bundler, adding a delay before installing recently updated packages. This defense mechanism combats software supply chain attacks by providing a window for identifying malicious code injected into Ruby gems before developers install them, with an option to override for critical patches. → csoonline.com |
| 2026-06-05 2026 | IronWorm and New Miasma Worm Variant Hit npm in Supply Chain Attacks news 5 min read | Library for detecting and mitigating supply chain attacks in the npm ecosystem, including the IronWorm information stealer and Miasma worm variants. These attacks leverage trojanized packages, compromised accounts like "asteroiddao," and novel techniques such as "Phantom Gyp" to steal credentials from developers and CI/CD environments, targeting data related to OpenAI Codex, AWS, Docker, Kubernetes, and AI assistants. The malware uses eBPF rootkits for stealth and abuses GitHub Actions workflows for exfiltration and propagation. → thehackernews.com |
| 2026-06-05 2026 | Patching fast and slow: Ruby devs delay to defend against supply chain attack news 1 min read | Library update from RubyGems introduces a "cooldown" feature to Bundler, allowing developers to delay installation of newly published Ruby packages. This defense mechanism combats software supply chain attacks by providing a grace period for malicious code to be identified before it's installed by unsuspecting users, though critical patches can still be applied immediately. → infoworld.com |
| 2026-06-05 2026 | Hola browser supply chain attack delivers cryptocurrency miner news | Writeup on the Hola browser supply chain attack, where the Windows version was compromised to install an undeclared Monero cryptocurrency miner. The miner, disguised as "me.exe" and later "HolaMonitorService.exe," created an auto-starting Windows service and ran during idle periods. The attack was discovered during AppEsteem certification testing. → scworld.com |
| 2026-06-05 2026 | 600000 Monthly Downloads Affected: Miasma Supply Chain Attack Is Back on npm news 2 min read | Writeup of the Miasma supply chain attack, a Shai-Hulud variant targeting npm packages with over 600,000 monthly downloads. This multi-stage dropper bypasses `postinstall` logic by using a weaponized `binding.gyp` file to steal GitHub tokens, npm tokens, cloud credentials (AWS, GCP, Azure), and local environment information. The malware signature "Miasma – The Spreading Blight" was observed in over 118 infected GitHub repositories. → ox.security |
| 2026-06-05 2026 | Kaspersky Discovers Supply Chain Attack Delivering Backdoors via Official Daemon Tools Website news | Library for detecting supply chain attacks, specifically detailing a recent incident where Kaspersky discovered backdoors delivered via the official Daemon Tools website. This library helps identify and mitigate risks associated with compromised software distribution channels, preventing unauthorized access and malicious code execution. |
| 2026-06-05 2026 | Rust-Written IronWorm Hits NPM Supply Chain news | A new malware called IronWorm, written in Rust, has been discovered targeting the NPM (Node Package Manager) supply chain. This malicious software infiltrates the development ecosystem by compromising popular packages. The goal of IronWorm is to steal sensitive information from developers and their projects, posing a significant risk to the security of software built using these compromised dependencies. Further details on its specific infection vectors and the full extent of its capabilities are still under investigation. → darkreading.com |
| 2026-06-05 2026 | IronWorm Supply Chain Malware Hits npm news | Library for analyzing supply chain attacks like IronWorm, a self-replicating Rust-built malware that infected 36 npm packages, targeting environment variables, cloud credentials, and crypto wallets. This campaign, detected by JFrog, utilized binary executables within postinstall scripts and spread by stealing credentials to publish new malicious packages, impacting over 32,000 monthly downloads. Actions include rotating keys and enabling 2FA. → ox.security |
| 2026-06-04 2026 | IronWorm Supply Chain Attack Uses Malicious npm Packages to Steal Developer Secrets news | A supply chain attack dubbed "IronWorm" is targeting developers through malicious npm packages. These compromised packages are designed to steal sensitive developer secrets. The attack highlights a growing threat vector where attackers inject malicious code into widely used software development tools and libraries, compromising the integrity of the software supply chain and potentially leading to widespread data breaches and unauthorized access. Further details on the specific methods and impact are available at the provided link. → cybersecuritynews.com |
| 2026-06-04 2026 | Hola Browser for Windows compromised to deliver cryptominer news 2 min read | Library compromised to deliver cryptominer. The Windows version of Hola Browser, built on Chromium, experienced a supply chain attack where an undeclared executable named ‘me.exe’ was installed, later identified as a Monero cryptocurrency miner. This malicious component added Windows Defender exclusion rules, copied itself as ‘HolaMonitorService.exe,’ created an auto-starting service, and ran during idle periods. Hola confirmed the supply chain compromise, stating approximately 0.1% of users were affected without evidence of data theft. → bleepingcomputer.com |
| 2026-06-04 2026 | New IronWorm malware hits 36 packages in npm supply-chain attack news 2 min read | Library infections by the IronWorm malware on npm's registry targeted 36 packages, stealing OpenAI, AWS, and npm credentials, SSH keys, and cryptocurrency wallet data. Written in Rust, IronWorm utilizes an eBPF rootkit and communicates via Tor, self-propagating by publishing trojanized package versions using stolen npm Trusted Publishing credentials. The malware leverages GitHub Actions to exfiltrate secrets as build artifacts and exhibits similarities to the Shai Hulud supply-chain attack. → bleepingcomputer.com |
| 2026-06-04 2026 | Miasma Attack Hits Red Hat npm Packages news 7 min read | Library of obfuscated JavaScript code embedded within @redhat-cloud-services npm packages, identified as the Miasma attack. This malicious code, running via preinstall scripts, acts as a self-propagating worm and credential stealer, targeting developer and cloud credentials, and exploiting compromised GitHub accounts to achieve valid SLSA provenance for its releases. The attack compromised at least 32 package releases, averaging 80,000 weekly downloads, and is tracked by Snyk advisories, with the lead advisory rated Critical (CVSS v4.0) and exploit maturity as Attacked. → snyk.io |
| 2026-06-04 2026 | NCSC Releases Software Supply Chain Attacks Guidance beginner 3 min read | Guide from the NCSC details four attacker techniques used in software supply chain attacks: maintainer account compromise (seen in the Axios npm attack), abandoned package takeover, typosquatting, and self-propagation. It emphasizes the structural vulnerability of modern development's reliance on numerous third-party packages, particularly in ecosystems like Node.js and Python. Defenders are urged to implement visibility through software bills of materials, detection via anomaly monitoring and dependency scanning, and a remediation posture that includes pausing automatic updates, manual review, and MFA enforcement, especially on package registry accounts. → thecyberexpress.com |
| 2026-06-04 2026 | Supply chain attack compromises Red Hat software packages on npm news 2 min read | Analysis of a supply chain attack that compromised over 30 Red Hat Cloud Services packages on npm, allowing attackers to distribute malicious code through a trusted channel. The malware harvested cloud service credentials (AWS, Google, Microsoft), pipeline tokens, and developer tool passwords, transmitting them to attackers by mimicking Anthropic service addresses. It also established persistent background processes and embedded hooks in AI coding assistants, with a risk of file deletion if credentials are revoked prematurely. |
| 2026-06-04 2026 | Software supply chain attacks: check your dependencies beginner 5 min read | Analysis of software supply chain attacks detailing how attackers compromise open-source packages, like those in Node.js, Rust, and Python ecosystems, to spread malware. It discusses techniques such as maintainer account compromise, abandoned package takeover, typosquatting, and self-propagation, and advises on identifying affected systems by reviewing dependencies, monitoring CI/CD activity, and scanning for known issues. Recommended mitigation steps include pausing automatic updates, manually approving new versions, rotating credentials, enforcing MFA, and strengthening development lifecycles. |
| 2026-06-03 2026 | ThreatLocker Highlights Key Cyber Threat Activity and Research from May 2026 news 3 min read | Analysis of May 2026 cyber threat activity by ThreatLocker highlights significant software supply chain attacks, including those targeting GitHub, Nx Console, and TanStack, alongside zero-day exploits like MiniPlasma, Linux Copy Fail, and Dirty Frag. The report underscores the abuse of trust in software ecosystems, code-signing infrastructure, and identity systems, recommending Zero Trust principles and application allowlisting/ringfencing to mitigate risks from both traditional threats and emerging AI-assisted attacks. |
| 2026-06-03 2026 | Red Hat hit by npm supplychain attack - here's how to stay safe news 4 min read | Library for detecting and mitigating npm supply-chain attacks, specifically addressing the Red Hat @redhat-cloud-services namespace compromise. It highlights the use of npm preinstall hooks by malware like Miasma and Mini Shai-Hulud to steal credentials from environments including GitHub, AWS, and Kubernetes. Recommendations include rotating secrets, auditing activity, and rebuilding potentially contaminated systems. |
| 2026-06-03 2026 | Preinstall to persistence: Inside the Red Hat npm Miasma credential-stealing campaign news 10 min read | Library for detecting the "Miasma" supply chain attack, which compromised 32 npm packages under the @redhat-cloud-services scope. The attack used obfuscated dropper scripts to download the Bun JavaScript runtime and steal credentials from GitHub, npm, AWS, Azure, GCP, HashiCorp Vault, and Kubernetes. It also attempted privilege escalation via passwordless sudo and self-propagation by publishing poisoned packages with forged SLSA provenance, and included a destructive tripwire to wipe the home directory. → microsoft.com |
| 2026-06-03 2026 | Sonatype flags 176 npm packages in dependency attack news | Sonatype has identified 176 npm packages compromised in a dependency attack. Attackers injected malicious code into these packages, posing a significant risk to software supply chains. This incident highlights the ongoing threat of malicious actors targeting open-source ecosystems. Developers relying on these packages are urged to audit their dependencies and consider alternatives to mitigate potential vulnerabilities. No bounty payout amount was explicitly stated in the provided content. |
| 2026-06-03 2026 | Sonatype flags 176 npm packages in dependency attack news | Sonatype has identified a significant supply chain attack involving 176 npm packages. These packages, ranging from utilities to frameworks, were found to contain malicious code, posing a risk to developers using them. The discovered vulnerabilities allow for the potential execution of arbitrary code, leading to unauthorized access and data breaches. This incident highlights the ongoing threats within the open-source software ecosystem and underscores the importance of robust security practices for managing dependencies. |
| 2026-06-03 2026 | Dozens of Red Hat npm packages targeted in supply- chain attack news | Dozens of Red Hat npm packages were compromised in a sophisticated supply-chain attack. The vulnerability allowed attackers to inject malicious code into the development pipeline, potentially affecting a wide range of users and projects relying on these packages. Details about the specific vulnerabilities and the extent of the compromise are still emerging, but the incident highlights the ongoing risks associated with software supply chains. No bounty payout amount is mentioned in the provided content. → cybersecuritydive.com |
| 2026-06-03 2026 | OpenAI Codex Supply Chain Attack Exposes Growing Risks in AI Development Environments news | A supply chain attack targeted OpenAI's Codex, exposing vulnerabilities in AI development. The incident, which involved a compromised private GitHub repository, highlights the increasing risks associated with the complex dependencies and third-party code used in building AI systems. Attackers could potentially leverage such breaches to inject malicious code, leading to data theft or system manipulation. This event underscores the critical need for enhanced security measures throughout the AI development lifecycle, from code repositories to model training environments, to protect against sophisticated threats. → securityboulevard.com |
| 2026-06-03 2026 | Red Hat Confirms Supply Chain Breach Impacting @redhat-cloud-services npm Packages news | Red Hat Confirms Supply Chain Breach Impacting @redhat-cloud-services npm Packages https://ift.tt/YeO8mcy → gbhackers.com |
| 2026-06-02 2026 | Megalodon Supply Chain Attack Infects Over 5500 GitHub Repositories with Backdoors and Stealers news | A sophisticated supply chain attack, dubbed Megalodon, has compromised over 5,500 GitHub repositories. The attackers injected malicious code, specifically backdoors and stealer malware, into these repositories. This widespread infection poses a significant risk to the software development ecosystem, as compromised code can be propagated to numerous downstream projects and users. The attack highlights the persistent threat of supply chain vulnerabilities and the need for robust security measures in software development pipelines. |
| 2026-06-02 2026 | Claude Code GitHub Actions Flaw Created Supply Chain Attack Risk news 4 min read | Library components for Claude Code GitHub Actions were found to have vulnerabilities that could lead to supply chain attacks. These flaws allowed attackers to bypass permission controls and inject untrusted input into trusted workflows, potentially exposing sensitive credentials like GitHub Actions OIDC tokens. The most severe scenario could have introduced malicious code into Anthropic's own claude-code-action repository, impacting downstream users. Organizations should upgrade to the latest version and review workflow permissions to mitigate these risks. → esecurityplanet.com |
| 2026-06-02 2026 | Supply Chain Cyber Threats: How Malicious AI Puts Logistics Data at Risk news | Malicious AI poses a significant threat to logistics data within supply chains. Attackers can leverage AI to find vulnerabilities and launch sophisticated attacks, potentially disrupting operations and compromising sensitive information. This poses a risk to the integrity and security of supply chain data. |
| 2026-06-02 2026 | Why supply chain attacks work and what detection can actually do about it intermediate 4 min read | Analysis of supply chain attacks highlights the exploitation of trust, as demonstrated by TeamPCP's campaigns across GitHub, PyPI, npm, and Docker Hub. Their methods, including poisoned VS Code extensions like Nx Console and automated worms like Mini Shai-Hulud, bypass traditional security measures by targeting developers and leveraging CI/CD pipelines. While initial compromise detection is challenging, robust endpoint and SIEM monitoring remain crucial for identifying anomalous post-compromise activity driven by stolen credentials. → scworld.com |
| 2026-06-02 2026 | State of Supply Chain Security: Roundup of the Big Hits beginner 3 min read | Roundup of significant cyber incidents highlights the escalating threats to software supply chains and third-party vendors. The Maersk NotPetya attack in 2017, originating from a compromised M.E.Doc update, crippled global operations and underscored the need for patch management and business continuity. More recent attacks in 2025 impacted UK grocery chains like Marks & Spencer and manufacturer JLR, causing substantial revenue losses and production halts. These events emphasize the critical need for asset visibility, dependency tracking, continuous compliance monitoring, software security, and robust vendor risk management in increasingly interconnected ecosystems, especially with the expanding attack surface driven by AI adoption. |
| 2026-06-02 2026 | Attack targeting OpenAI Codex users exposes AI software supply chain risks news 3 min read | Writeup of the codexui-android npm package attack, revealing AI software supply chain risks. Attackers hid malicious code within a seemingly legitimate OpenAI Codex remote user interface package, exfiltrating developer authentication tokens, including long-lived refresh tokens. This incident highlights vulnerabilities in build and distribution pipelines, where published software artifacts may differ from public source code, leading to persistent access to AI developer tools and the resources they control. → infoworld.com |
| 2026-06-02 2026 | ReversingLabs Spectra Assure Wins 2026 Fortress Cybersecurity Award in Software Supply Chain Security news 2 min read | Library for securing the software supply chain. ReversingLabs Spectra Assure, recognized with a 2026 Fortress Cybersecurity Award, provides deep binary analysis for visibility and control against threats, addressing a 73% increase in malicious open-source packages. It offers significant efficiency improvements, reducing third-party risk management from months to a week and employee software approval times from hours to minutes. |
| 2026-06-02 2026 | New npm Supply Chain Attack: @redhat-cloud-services Compromised news 4 min read | Analysis of a multi-stage dropper infecting the `@redhat-cloud-services` organization in npm, identified as a variant of the Shai-Hulud malware. This infostealer targets GitHub tokens, npm tokens, AWS, GCP, and Azure cloud credentials, and local environment information. It employs enhanced obfuscation, multi-stage loading, and uses `api.anthropic.com` as a decoy C2 server, exfiltrating data to newly created GitHub repositories with the description "Miasma: The Spreading Blight." The malware exhibits destructive behavior, potentially nuking the compromised machine if stolen tokens are revoked. → ox.security |
| 2026-06-02 2026 | Compromised Red Hat npm packages downloaded over 80000 times in one week supply chain attack still ongoing news 2 min read | Writeup of a Red Hat npm supply chain attack, where compromised packages were downloaded over 80,000 times. The attack leveraged a variant of the Mini Shai-Hulud worm to steal GitHub secrets, npm tokens, cloud credentials, and other sensitive information, with a copycat worm exhibiting similar tradecraft and targeting GCP and Azure identities. → techradar.com |
| 2026-06-02 2026 | Red Hat removes tainted packages after software pipeline compromise news 2 min read | Writeup of Red Hat's response to a supply chain attack involving the Mini Shai-Hulud worm variant, Miasma, which was distributed via a compromised GitHub account. The attack affected 32 packages and targeted developers with credential-stealing malware. This incident follows a series of similar supply chain compromises, including attacks on LiteLLM, the axios JavaScript library, and breaches affecting GitHub and OpenAI employees via malicious extensions. → therecord.media |
| 2026-06-02 2026 | Critical Supply Chain Attack Compromises 32 Red Hat @redhat-cloud-services NPM Packages with Credential-Stealing Malware news 5 min read | Library exploiting the @redhat-cloud-services NPM package supply chain attack, which injected Mini Shai-Hulud malware to steal credentials and propagate via GitHub Actions OIDC and NPM's bypass_2fa. This attack compromised 32 Red Hat packages, impacting over 116,000 weekly downloads and necessitating immediate rotation of all exposed secrets and affected package replacements. → rescana.com |
| 2026-06-02 2026 | 34 Malicious Packages Steal Cloud Keys Wallets and SSH Credentials news | Thirty-four malicious npm packages have been discovered that steal sensitive information from developers. These packages, disguised as legitimate tools, are designed to exfiltrate cloud API keys, cryptocurrency wallet credentials, and SSH keys. The compromised packages were published on the npm registry, a popular repository for JavaScript. This incident highlights the ongoing threat of supply chain attacks and the importance of vigilant security practices when using third-party code. No specific bounty payout amount was mentioned in the provided content. → gbhackers.com |
| 2026-06-02 2026 | Supply Chain Attack Hits 32 Red Hat NPM Packages news 2 min read | Analysis of a supply chain attack on 32 Red Hat NPM packages details a credential-stealing worm that exploited compromised CI/CD pipelines via GitHub Actions OIDC. The malicious preinstall hook executed during NPM install, harvesting sensitive data like GitHub secrets, npm tokens, and cloud credentials, similar to the Mini Shai-Hulud worm. Attackers exfiltrated data to attacker-controlled servers or GitHub repositories, with initial findings indicating at least 210 repositories may contain stolen credentials. Red Hat has since released clean versions of the affected packages. → securityweek.com |
| 2026-06-02 2026 | Attack targeting OpenAI Codex users exposes AI software supply chain risks news 3 min read | Analysis of codexui-android, a malicious npm package targeting OpenAI Codex users, reveals AI software supply chain risks. This package, downloaded thousands of times weekly, appeared legitimate but exfiltrated developer authentication tokens, including long-lived refresh tokens, by injecting malicious code into the distributed artifact, not the public GitHub source. This highlights a blind spot where build and distribution pipelines, rather than source code, become the attack vector, necessitating verification of package provenance and source code consistency. → csoonline.com |
| 2026-06-02 2026 | Miasma Revives Shai-Hulud Supply Chain Attack Tactics news 3 min read | Library for detecting and mitigating Miasma, a supply chain attack campaign evolving from Shai-Hulud. Miasma targets npm packages, specifically compromised redhat-cloud-services, to steal credentials, harvest secrets, and propagate through development environments. It utilizes install-time execution, encrypted exfiltration via GitHub API commits, and exploits GitHub Actions for persistence and privilege escalation, even evading endpoint protection like CrowdStrike. → thecyberexpress.com |
| 2026-06-02 2026 | Unpatched software is now the top way into banks news 3 min read | Survey of the 2026 Verizon Data Breach Investigations Report, highlighting unpatched software as the leading entry vector into banks, surpassing stolen credentials for the first time. The report also identifies increasing third-party vendor involvement in breaches and the growing threat of AI-assisted attacks exploiting known software flaws. |
| 2026-06-02 2026 | Multiple redhat-cloud-services npm Packages compromised news 9 min read | Library analyzing multiple @redhat-cloud-services npm packages compromised with malware, executing on install before application code. The payload uses ROT-21, AES-128-GCM, obfuscator.io, and a B5 cipher to evade detection and harvest secrets from GitHub Actions, AWS, GCP, Azure, Kubernetes, Vault, npm, and CircleCI. It also acts as a self-propagating worm, using stolen npm tokens and `bypass_2fa` to republish backdoored packages. Analysis involved static and dynamic techniques, including StepSecurity Harden-Runner. → stepsecurity.io |
| 2026-06-02 2026 | Containers on fire: from container escapes to supply chain attacks beginner | This article, "Containers on fire: from container escapes to supply chain attacks," explores the security risks associated with containerized environments. It discusses vulnerabilities such as container escapes, which allow attackers to break out of isolated containers, and supply chain attacks, which compromise the integrity of software components used within containers. The content likely delves into the methods attackers exploit and the potential impact of these security breaches on organizations utilizing container technology. |
| 2026-06-01 2026 | OpenAI Codex tool with over 29000 downloads linked to malicious npm supply chain attack stealing authentication tokens news 2 min read | Library exposing a supply-chain attack targeting OpenAI Codex users. A malicious npm package, "codexui-android," with over 29,000 downloads, exfiltrated non-expiring refresh tokens. Researchers also identified two Android apps, OpenClaw Codex Claude AI Agent and Codex, with tens of thousands of downloads, which similarly targeted Codex users by sending credentials to attacker-controlled servers. → techradar.com |
| 2026-06-01 2026 | Dozens of Red Hat packages backdoored through its offical NPM channel news 1 min read | Writeup detailing a supply-chain attack targeting Red Hat's official NPM channel. Threat actors compromised the `@redhat-cloud-services` namespace, publishing over 30 backdoored packages. These packages execute obfuscated payloads during `npm install`, stealing credentials like GitHub action secrets, npm tokens, Kubernetes, and Vault material. The malware then spreads by republishing compromised packages to other accounts, with infected systems encrypting and exfiltrating data via web requests or to compromised GitHub repositories. → arstechnica.com |
| 2026-06-01 2026 | Miasma: Supply Chain Attack Targeting RedHat npm Packages news 3 min read | Analysis of Miasma details a supply chain attack targeting @redhat-cloud-services npm packages, compromising at least 32 releases. The attack involved unauthorized code modifications, obfuscated JavaScript payloads using eval() and ROT-based decoding, and new data collectors for GCP and Azure identities. This variant, similar to TeamPCP's (Mini) Shai-Hulud malware, employs unique encrypted payloads per infection. The root cause appears to be a compromised Red Hat employee GitHub account that injected malware via orphan commits and manipulated GitHub Actions to publish packages with valid SLSA provenance attestations. → wiz.io |
| 2026-06-01 2026 | Miasma Supply Chain Attack Compromises Red Hat npm Packages with Credential-Stealing Worm news 4 min read | Analysis of the Miasma supply chain attack details how compromised @redhat-cloud-services npm packages, including `@redhat-cloud-services/vulnerabilities-client` and others, were injected with an obfuscated preinstall hook. This hook targeted developer machines and CI/CD environments to steal credentials like GitHub Actions secrets, npm tokens, and cloud identities, employing tactics similar to the Mini Shai-Hulud worm. The malware exfiltrated data encrypted to `api.anthropic[.]com:443/v1/api` and leveraged GitHub commits for further propagation, with evidence suggesting a Red Hat employee's compromised GitHub account as the initial entry point. → thehackernews.com |
| 2026-06-01 2026 | CrowdStrike and Google take down botnet used by hackers to target software developers in supply chain attacks news | CrowdStrike and Google have successfully dismantled a botnet that was being used by hackers to conduct supply chain attacks specifically targeting software developers. These malicious actors exploited vulnerabilities to compromise the development environment, potentially impacting a wide range of software products. The coordinated takedown aims to disrupt this threat and protect the software development ecosystem from further exploitation. No bug bounty payout amount was mentioned in the provided content. → msn.com |
| 2026-06-01 2026 | OpenAI Codex Authentication Tokens Stolen in codexui-android npm Supply Chain Attack news 4 min read | Library for securing OpenAI Codex authentication tokens, affected by a supply chain attack via the `codexui-android` npm package and Android apps like OpenClaw Codex Claude AI Agent and Codex (BrutalStrike). The malicious code exfiltrates tokens from `~/.codex/auth.json` to `sentry.anyclaw.store`, granting attackers persistent access due to non-expiring refresh tokens. This highlights a growing trend of targeting AI developer tooling for credential theft. → thehackernews.com |
| 2026-06-01 2026 | Microsoft discovers new npm attack in 14 packages news 2 min read | Library containing malware that targeted developers via 14 malicious npm packages designed to steal credentials for AWS, HashiCorp Vault, and GitHub Actions. The attack utilized typosquatting and copied metadata from legitimate projects, employing npm installation hooks and the Bun runtime for execution to compromise cloud and CI/CD platforms, enabling lateral movement and further data exfiltration. → techzine.eu |
| 2026-06-01 2026 | Mercor Hit: 4TB Stolen via LiteLLM (95M Downloads) [2026] news 17 min read | Library providing a unified interface to over 100 LLM providers, LiteLLM was compromised, leading to a 4TB data exfiltration from Mercor. The attack chain involved compromising Trivy, injecting malicious code into LiteLLM, and exfiltrating credentials from downstream environments. This incident highlights the risks of fast-moving open-source projects in AI infrastructure and the critical importance of pinned dependencies to prevent supply-chain attacks. |
| 2026-06-01 2026 | Emerging Threats to AI-Assisted Software Supply Chains Highlight Security Demand beginner | AI-assisted software development introduces new security vulnerabilities to the software supply chain. These threats can be exploited to compromise AI models, inject malicious code, or manipulate training data, leading to insecure software. The rise of these risks underscores the critical need for robust security measures throughout the AI development lifecycle to ensure the integrity and safety of AI-assisted software. → tipranks.com |
| 2026-05-31 2026 | SlowMist Says TrapDoor is One of 2026s Largest Supply Chain Attacks news 2 min read | Analysis of the TrapDoor supply chain attack, identified by Socket and detailed by SlowMist, reveals a sophisticated campaign targeting crypto and AI developers via malicious packages on npm, PyPI, and Crates.io. The attack utilized hidden code within installation and build processes, leveraging trusted developer services like GitHub Pages to exfiltrate sensitive data including SSH keys, cloud credentials, and crypto wallets. The npm variant, particularly advanced, manipulated Git hooks and AI coding assistant files like `.cursorrules` and `CLAUDE.md`, employing prompt injection to spread malicious instructions. |
| 2026-05-31 2026 | 14 malicious npm packages impersonated OpenSearch Elasticsearch libraries news 3 min read | Writeup on 14 malicious npm packages impersonating OpenSearch and Elasticsearch libraries, demonstrating a supply chain attack vector targeting developers. These packages, designed to mimic legitimate OpenSearch and Elasticsearch modules, pose a significant risk to software integrity and development pipelines. → theregister.com |
| 2026-05-31 2026 | CISA warns that Nx Console and GitHub repositories abused in multiple supply chain compromises tools across enterprise cloud and DevOps environments exploited news 2 min read | Analysis of supply chain attacks by CISA details exploitation of Nx Console VSCode extension and GitHub repositories via the Megalodon campaign. Threat actors pilfered CI/CD secrets and cloud credentials by poisoning workflows. Recommended mitigations include auditing contributor activity, forensic reviews, rotating secrets, pinning trusted package versions, and delaying package pulls for community detection. → techradar.com |
| 2026-05-31 2026 | Solana Sui and Aptos wallet data targeted in TrapDoor package attack news 3 min read | Library containing malicious packages on npm, PyPI, and Crates.io designed for the TrapDoor supply-chain attack. These packages disguised as developer utilities target Solana, Sui, and Aptos wallet data, along with SSH keys, GitHub tokens, and cloud credentials. Attackers also abused AI configuration files like `.cursorrules` and `CLAUDE.md` to exfiltrate secrets during AI coding sessions. |
| 2026-05-31 2026 | Hackers caught hiding OpenAI token-stealing malware in Codex npm package news | Hackers have embedded malware designed to steal OpenAI API tokens within the popular Codex npm package. This malicious code was discovered by security researchers, who identified it as a sophisticated attempt to gain unauthorized access to users' AI models and data. The discovery highlights a growing trend of supply chain attacks targeting software development tools. Further investigation is ongoing to determine the full scope of the breach and the potential impact on users. → cybernews.com |
| 2026-05-31 2026 | Perplexity launches Bumblebee: How its new read-only dev scanner differs from Chainguard news 4 min read | Tool, Bumblebee, is a read-only scanner by Perplexity designed to check developer machines for risky packages, extensions, and AI tool configurations during supply-chain incidents. It targets four surfaces including language package managers like npm, pnpm, Yarn, Bun, PyPI, Go modules, RubyGems, and Composer. Unlike other tools, Bumblebee avoids executing scripts and directly inspects metadata files, preventing potential attacks triggered by scanner execution. It differentiates itself from Chainguard by focusing on the developer workstation environment rather than containers and build pipelines. |
| 2026-05-30 2026 | The hidden AI security flaw behind four major supply chain attacks news 12 min read | Library for hardening software supply chains against AI-related supply chain attacks, this resource details vulnerabilities in build systems and release workflows that bypass traditional AI model security testing. It highlights incidents impacting OpenAI, Anthropic, Meta, and TanStack, specifically mentioning the TanStack Mini Shai-Hulud worm's exploitation of GitHub Actions and cache poisoning, and the LiteLLM attack's reliance on credential reuse in PyPI. The library emphasizes the need for pipeline-focused red teams, behavioral validation of build processes, dependency credential hygiene, mandatory human review before releases, and strict input sanitization in build tools to mitigate risks like command injection. |
| 2026-05-30 2026 | Download pumping: New npm deception technique for supply chain attacks news | A new npm deception technique called "download pumping" has been discovered, posing a threat to supply chain security. This method involves malicious packages registering fake download metrics to appear more popular and trustworthy than they are. Researchers observed campaigns where attackers used this technique to obscure malicious code within seemingly legitimate packages, making them harder to detect and leading to potential system compromises. This discovery highlights the evolving tactics used in supply chain attacks and the need for enhanced vigilance in package vetting. → securityboulevard.com |
| 2026-05-30 2026 | Malicious npm packages abuse dependency confusion to profile developer environments news 13 min read | Library for detecting malicious npm packages that exploit dependency confusion to profile developer environments. These packages impersonate internal corporate namespaces and use obfuscated reconnaissance payloads downloaded from attacker-controlled C2 servers. They leverage npm lifecycle hooks for automatic execution during `npm install`, employing anti-analysis techniques and targeting various operating systems. The attack chain involves namespace squatting, spoofed enterprise metadata, and inflated version numbers, with a reconnaissance-only mode that collects system information and credentials for potential follow-on exploitation. → microsoft.com |
| 2026-05-29 2026 | Typosquatted npm packages used to steal cloud and CI/CD secrets news 7 min read | Library detailing an npm supply chain attack where typosquatted packages like "opensearch-setup" and "elastic-opensearch-helper" were used to steal AWS credentials, HashiCorp Vault tokens, and CI/CD secrets. The malicious packages leverage npm lifecycle hooks to execute a credential harvester that targets AWS IMDSv2, ECS task metadata, Secrets Manager across multiple regions, and npm publish tokens, enabling cloud lateral movement and downstream supply-chain pivoting. → microsoft.com |
| 2026-05-29 2026 | Malicious Sicoob NuGet Steals Banking Credentials as npm Packages Target Cloud Secrets news 4 min read | Library exploiting Sicoob NuGet and npm packages targets sensitive data. Malicious versions of "Sicoob.Sdk" exfiltrate client IDs and PFX certificates, while npm packages like "@vpmdhaj/devops-tools" harvest AWS credentials, Vault tokens, and CI/CD secrets. These attacks employ techniques such as typosquatting, dependency confusion, and brandjacking to achieve manufactured legitimacy and compromise developer workflows, echoing broader supply chain attack campaigns. → thehackernews.com |
| 2026-05-29 2026 | CISA adds Daemon Tools TanStack and Nx Console compromised versions to KEV catalog news | Catalog listing of CVE-2026-8398, CVE-2026-45321, and CVE-2026-48027, impacting Daemon Tools Lite, TanStack npm packages, and Nx Console. These vulnerabilities, identified by CISA for inclusion in the Known Exploited Vulnerabilities catalog, resulted from supply chain attacks. Compromised Daemon Tools installers utilized valid code-signing certificates, while TanStack packages were maliciously published via GitHub Actions. The Nx Console vulnerability involved a malicious version appearing on the Visual Studio Marketplace and OpenVSX. → scworld.com |
| 2026-05-29 2026 | CISA urges security teams to check for software development compromises news | CISA is issuing an urgent alert to security teams, advising them to proactively scan their systems for compromises within their software development environments. This directive highlights the critical need to safeguard the integrity of the software supply chain. The agency's recommendation stems from concerns about potential vulnerabilities and breaches that could affect the development process, leading to widespread risks for downstream users. Security teams are encouraged to implement robust checks and balances to ensure the safety and trustworthiness of their software development practices. → cybersecuritydive.com |
| 2026-05-29 2026 | AI Software Supply Chain Threats Escalate in 2026 beginner 4 min read | Analysis of JFrog's Software Supply Chain Security State of the Union 2026 report reveals escalating AI-driven threats, including nearly 500 malicious AI models capable of credential theft and system compromise, a 451% surge in malicious npm packages, and attackers targeting developer tools and CI/CD pipelines. The report highlights governance gaps around AI coding assistants and IDE extensions, alongside an increase in insecure AI-generated code, leading to vulnerabilities like XSS and SQL injection. This growing "vulnerability noise" complicates risk prioritization, with over 48,000 new CVEs disclosed in 2025. → esecurityplanet.com |
| 2026-05-29 2026 | Typosquatted npm Packages Steal Cloud and CI/CD Secrets beginner 3 min read | Library that details a coordinated npm supply chain attack leveraging typosquatted packages like "opensearch-setup" and "elastic-opensearch-helper" to steal cloud and CI/CD secrets. The malware uses npm lifecycle hooks for silent execution, with payloads designed to harvest AWS credentials, HashiCorp Vault tokens, GitHub Actions secrets, and npm publish tokens. Attackers exploit techniques like metadata spoofing, version number inflation, and embedded Bun runtimes to evade detection, with a unique "X-Supply: 1" header as a potential indicator of compromise. → gbhackers.com |
| 2026-05-29 2026 | How the Glassworm Takedown Secures Digital Supply Chains beginner 3 min read | Operation. This summary describes the Glassworm botnet takedown, a coordinated effort by CrowdStrike, Google, and Shadowserver to dismantle a threat targeting developers. Glassworm employs trojanized VSCode extensions, compromised npm and Python packages, and poisoned GitHub repositories to inject malicious code. Its resilience is attributed to a decentralized command and control architecture utilizing the Solana blockchain, BitTorrent DHT, Google Calendar events, and commercial virtual servers, making it resistant to conventional takedown methods. |
| 2026-05-29 2026 | Supply chain attacks hide malicious code inside the software you trust beginner | Supply chain attacks insert malicious code into legitimate software, making it appear trustworthy. This sophisticated technique targets the development and distribution process, compromising the integrity of software before it reaches end-users. Attackers exploit vulnerabilities in third-party components, build systems, or distribution channels to inject malware. Once deployed, this hidden code can steal data, disrupt operations, or establish persistent access to systems. Protecting against these attacks requires rigorous security measures throughout the software lifecycle, including code verification, dependency scanning, and secure development practices. |
| 2026-05-28 2026 | GlassWorm Malware Takedown: Disruption of Developer Supply Chain Attacks Targeting VSCode npm Python and GitHub news 6 min read | Library detailing the disruption of the GlassWorm malware campaign, which targeted the developer supply chain. The malware utilized trojanized VSCode extensions, compromised npm and Python packages, and poisoned over 300 GitHub repositories using stolen credentials. GlassWorm RAT, its payload, harvested credentials from various developer tools and crypto-wallets, deploying SOCKS proxies and VNC clients. Its resilient C2 infrastructure leveraged the Solana blockchain, BitTorrent DHT, Google Calendar, and traditional VPS providers, requiring a coordinated takedown on May 26, 2026. → rescana.com |
| 2026-05-28 2026 | CrowdStrike Google Shut Down Glassworm Malware Operation - Open Source For You news 1 min read | Analysis of the Glassworm botnet operation, disrupted by CrowdStrike and Google, details the targeting of the open-source software supply chain. Attackers poisoned over 300 GitHub repositories, abused compromised NPM and Python packages, and used trojanized VS Code extensions on the Open VSX marketplace to spread malware and steal credentials. The operation highlights the growing threat to developer infrastructure and open-source ecosystems. → opensourceforu.com |
| 2026-05-28 2026 | New Edamame Platform Aims to Catch AI Coding Agents Going Off the Rails beginner 3 min read | Platform for detecting AI coding agent drift and malicious behavior, Edamame monitors workstation posture, hardens environments, and integrates with agents like Cursor and Claude. Its divergence and attack-pattern detection engines analyze telemetry for credential exfiltration, token theft, and sandbox exploitation, providing runtime verification for coding agent workloads and identifying supply-chain attacks. → securityweek.com |
| 2026-05-28 2026 | Multiple German hospitals impacted in billing provider data breach news 2 min read | Breach detailing how hackers compromised Unimed, a German medical billing provider, impacting multiple university hospitals and leading to the theft of vast amounts of patient data, including billing disputes and personal information, affecting thousands of individuals across cities like Freiburg and Cologne. |
| 2026-05-27 2026 | CrowdStrike Google shatter Glassworm botnet news 3 min read | Tool for identifying and remediating application vulnerabilities, leveraging AI to detect issues before production. This resource discusses the impact of LLMs on API attacks, the challenges in data sovereignty, and the trend towards "headless" SaaS architectures, exemplified by Salesforce and Anthropic. It also touches on the hardware crunch impacting IT infrastructure and the evolving landscape of cloud-native platforms. → theregister.com |
| 2026-05-27 2026 | Glassworm Group: Software Supply-Chain Attackers Disrupted news 3 min read | Analysis of the Glassworm Group's software supply-chain attacks details their use of GlasswormRAT, a Node.js-based remote access Trojan, to poison code repositories like VS Code Marketplace and Open VSX. The group leverages stolen developer credentials to force-push malicious code into default branches of over 300 GitHub repositories, targeting Windows, Mac, and Linux systems. Their resilient command-and-control infrastructure utilized the Solana blockchain, BitTorrent, and Google Calendar for C2 server resolution. Indicators of compromise include connections to CrowdStrike-operated IP address 164.92.88.210. → bankinfosecurity.com |
| 2026-05-27 2026 | CrowdStrike and Google take down botnet used by hackers to target software developers in supply chain attacks news 2 min read | Analysis of the Glassworm botnet, a threat actor that targeted open source developers and their supply chains for two years. CrowdStrike, Google, and Shadowserver collaborated to disrupt Glassworm's operations by taking down four command-and-control channels. Glassworm employed strategies like distributing malicious extensions, malvertising, and credential stuffing to compromise over 300 GitHub repositories. The botnet leveraged infrastructure including the Solana blockchain, BitTorrent, and Google Calendar. → techcrunch.com |
| 2026-05-27 2026 | Glassworm botnet disrupted after resilient C2 infrastructure takedown news 2 min read | Analysis of Glassworm botnet disruption details its resilient C2 infrastructure, which leveraged Solana blockchain transactions, BitTorrent DHT, Google Calendar, and direct server connections. Researchers from CrowdStrike, Google, and The Shadowserver Foundation simultaneously took down these four channels, preventing infected machines from receiving new instructions or payloads. The report highlights Glassworm's targeting of developers through malicious OpenVSX and VS Code extensions, as well as npm packages, and provides YARA rules to identify infections. → bleepingcomputer.com |
| 2026-05-27 2026 | Megalodon Malware Infects Over 5500 GitHub Repositories news | Megalodon malware has compromised over 5,500 repositories on GitHub. The malware, which targets Windows and Linux systems, installs itself as a cryptocurrency miner. Researchers discovered that Megalodon uses open-source tools and aims to steal cryptocurrency wallet credentials. This widespread infection highlights significant security vulnerabilities within the developer ecosystem, emphasizing the need for robust security practices and ongoing monitoring of code repositories. The exact impact and potential for data exfiltration are still being assessed. → securityboulevard.com |
| 2026-05-27 2026 | GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure news 3 min read | Library focused on disrupting the GlassWorm software supply chain attack campaign, which targeted developers via trojanized VS Code extensions, npm, and Python packages. This campaign aimed to steal credentials, cryptocurrency, and exfiltrate system data, often deploying GlassWormRAT. Attackers leveraged resilient C2 channels including the Solana blockchain, BitTorrent DHT, Google Calendar, and commercial VPS providers to maintain access and propagate, poisoning over 300 GitHub repositories. → thehackernews.com |
| 2026-05-27 2026 | TeamPCP Compromised LiteLLM in AI Supply Chain Attack news 4 min read | Library compromising LiteLLM through an AI supply chain attack involved poisoning the Trivy scanner to steal CI/CD tokens, enabling the publication of malicious LiteLLM packages to PyPI. These packages used source injection and stealthy .pth file execution to harvest credentials for OpenAI, Anthropic, Azure, AWS, and Kubernetes, highlighting risks in AI infrastructure and developer pipelines. → esecurityplanet.com |
| 2026-05-26 2026 | Socket Raises $60M for Wider Software Supply-Chain Defense news 4 min read | Library for securing software supply chains, Socket provides protection for developer endpoints, AI ecosystems, browser extensions, and editor plug-ins. It addresses the growing threat of malicious packages and dependencies introduced by AI development tools and open-source packages, offering features like Socket Firewall to block threats before they reach pipelines. The company has secured $60 million in funding to expand its security controls across broader software ecosystems and enhance its human-vetted threat analysis capabilities. → bankinfosecurity.com |
| 2026-05-26 2026 | Well-architected best practices for software supply chain security beginner 11 min read | Reference for software supply chain security best practices, aligned with the AWS Well-Architected Framework. This document details techniques to mitigate risks from compromised maintainer accounts and malicious package downloads, referencing incidents like Shai-Hulud and the exploitation of npm packages. Key recommendations include using temporary credentials, enforcing least privilege access, implementing multi-factor authentication, and utilizing artifact signing with services like AWS Signer to create defense-in-depth strategies. → aws.amazon.com |
| 2026-05-26 2026 | Supply Chain Cybersecurity: The Vital Lessons for All CSCOs beginner 3 min read | Analysis of supply chain cybersecurity risks, highlighting the impact of NotPetya on Maersk and recent attacks on UK grocery chains and JLR. The article stresses the importance of patch management, business continuity, multi-factor authentication, asset visibility, dependency tracking, and continuous compliance monitoring to mitigate threats from increasingly complex, technology-dependent global networks and the growing attack surface from AI adoption. |
| 2026-05-26 2026 | New supply chain attack targets Laravel PHP packages with credential stealer news | Library for detecting and mitigating supply chain attacks targeting PHP packages, specifically those affecting Laravel-Lang. This attack campaign, identified on May 22-23, 2026, involved malicious version tags published to packages like `laravel-lang/lang` and `laravel-lang/attributes`. The campaign distributed a credential stealer designed to collect cloud credentials, authentication tokens, cryptocurrency data, browser data, password manager vaults, and API keys from infected hosts, then exfiltrate and self-delete. → scworld.com |
| 2026-05-26 2026 | Why Are Software Supply Chains Under Constant Siege? beginner 7 min read | Library for securing software supply chains, addressing risks from AI-generated code, compromised dependencies like those in npm, and manipulated CI/CD pipelines. It highlights how AI accelerates development while also enabling sophisticated, autonomous attacks, evolving vulnerability discovery and exploitation. The library targets common attack vectors including open-source vulnerabilities, malicious packages, compromised maintainers, secrets, and developer environments, recognizing trust as a primary exploitable element. → paloaltonetworks.com |
| 2026-05-26 2026 | Why developer machines are now the number one target for supply chain attacks beginner 5 min read | Library providing enhanced security for developer machines, addressing the growing threat of supply chain attacks targeting workstations. It extends visibility beyond package registries to include IDE extensions, browser plugins, and AI tools, offering granular telemetry to detect and prevent vulnerabilities before they impact production. Examples mentioned include attacks via malicious VS Code extensions, Trivy, and compromised packages, highlighting the limitations of traditional EDR tools in monitoring developer environments. → aikido.dev |
| 2026-05-26 2026 | TeamPCP Emerges as a Growing Threat to Open-Source Software and AI Ecosystems news 2 min read | Analysis of TeamPCP details their emerging threat to open-source software and AI ecosystems through sophisticated software supply chain attacks. This hacker group compromises widely used open-source packages and developer tools, injecting malicious code into software dependencies and pipelines. TeamPCP's operations exploit developer trust in community-driven platforms, impacting numerous applications and organizations. Their activities highlight the growing trend of financially motivated attacks targeting software infrastructure, urging enhanced verification, dependency monitoring, and stricter governance around third-party software integrations, particularly with accelerating AI adoption. → cxodigitalpulse.com |
| 2026-05-26 2026 | Perplexity Bumblebee Stops Dangerous Supply-Chain Attacks news 2 min read | Library for auditing local developer environments, Perplexity Bumblebee scans lockfiles and manifests directly to identify supply-chain risks without executing code. It addresses the gap left by SBOMs and EDRs, particularly concerning post-install scripts within packages like those affecting TanStack and SAP, and auditable MCP configurations for AI tools like Cursor and Claude Desktop. Bumblebee is a zero-dependency, read-only binary suitable for startups, solo developers, and enterprises to prevent unnoticed pipeline spread. |
| 2026-05-26 2026 | Google blocks AI Powered Cyber Attack on 2FA and Megalodon Malware attack on GitHub news 2 min read | Analysis of AI-powered attacks and supply chain threats, detailing Google's blocking of an AI-driven attack on 2FA using PROMPTSPY malware, which leveraged Gemini AI to automate exploitation of server vulnerabilities, and the Megalodon malware campaign infecting over 5,500 GitHub repositories through poisoned pipeline execution attacks targeting automated workflows. |
| 2026-05-26 2026 | TrapDoor Supply Chain Attack Actively Exploiting npm PyPI and CratesIO to Steal Developer Credentials in Crypto DeFi Solana and AI Sectors news 5 min read | Library of tools and techniques for detecting and mitigating the TrapDoor supply chain attack, which actively exploits npm, PyPI, and CratesIO packages to steal developer credentials. This sophisticated campaign targets the crypto, DeFi, Solana, and AI sectors, leveraging malicious packages to exfiltrate AWS keys, GitHub tokens, SSH keys, and cryptocurrency wallet secrets. TrapDoor also uniquely abuses AI coding assistants by embedding hidden instructions in `.cursorrules` and `CLAUDE.md` files, tricking tools into exfiltrating secrets. Mitigation involves auditing dependencies, rotating credentials, searching for persistence artifacts like cron jobs and Git hooks, and monitoring for suspicious network traffic. → rescana.com |
| 2026-05-26 2026 | Megalodon GitHub Supply Chain Attack Hits 5500 Repos news 3 min read | Library of GitHub Actions workflows used in the "Megalodon" supply chain attack, which compromised over 5,500 repositories. This attack campaign leveraged malicious commits to inject workflows designed to harvest CI/CD secrets, cloud access keys, and API tokens. The campaign exploited the `workflow_dispatch` feature for dormant backdoor creation and was linked to compromised versions of the Tiledesk open-source package. → thecyberexpress.com |
| 2026-05-25 2026 | Automated 'Megalodon' Campaign Spreads GitHub Repo Backdoors news 4 min read | Library for detecting automated supply-chain attacks like the "Megalodon" campaign, which injected malicious GitHub Actions workflows to steal secrets from over 5,000 repositories. The attack targeted CI/CD pipeline secrets, cloud credentials, and SSH keys. The campaign used fake push requests, base64-encoded bash payloads, and two variants: "SysDiag" for mass execution on every push/pull request, and "Optimize-Build" for dormant backdoors triggered via API. It affected numerous repositories, including Tiledesk. → bankinfosecurity.com |
| 2026-05-25 2026 | Automated 'Megalodon' Campaign Spreads GitHub Repo Backdoors news 4 min read | Library of GitHub Actions workflows that spread the 'Megalodon' campaign, targeting over 5,000 repositories. This automated attack injects base64-encoded bash payloads via forged author identities, stealing CI/CD secrets, cloud credentials, and SSH keys. Variants include 'SysDiag' and 'Optimize-Build,' with affected repositories needing commit reverts, secret rotation, and audit log reviews, particularly for OIDC federation. |
| 2026-05-25 2026 | Hackers Compromise 34 npm PyPI and Crates Packages in Major Supply Chain Attack news 3 min read | Survey of the "TrapDoor" supply chain attack, which compromised 34 npm, PyPI, and Crates.io packages, including `eth-security-auditor` and `wallet-security-checker`. The attack uses ecosystem-specific techniques like post-install scripts and compile-time code execution to steal SSH keys, cloud credentials, and crypto wallet data, while employing persistence mechanisms and attempting AI prompt injection via hidden instructions in files like `.cursorrules`. → gbhackers.com |
| 2026-05-25 2026 | Who is TeamPCP the rising hacker group targeting open-source software and AI tools? news 4 min read | Writeup on TeamPCP, a hacker group executing software supply chain attacks. They have targeted entities like GitHub, OpenAI, and Mercor, exploiting vulnerabilities in tools like VSCode extensions, Next.js, and Trivy to deploy malware and steal credentials. TeamPCP utilizes worms like 'Mini Shai-Hulud' to automate its operations, aiming for financial gain through ransomware and data extortion. Their tactics involve corrupting open-source software and AI tools, impacting hundreds of companies and raising concerns about secure development practices. |
| 2026-05-25 2026 | Socket Uncovers Supply Chain Attack on Cryptocurrency and AI Developers news 2 min read | Analysis of the TrapDoor supply chain attack reveals a sophisticated campaign targeting developers across npm, PyPI, and Crates.io. The malware, distributed via GitHub, infiltrates systems by masquerading as helpful developer tools, stealing sensitive data like wallet credentials, API keys, and browser extension information from popular services including Coinbase, Binance, and MetaMask. It specifically targets AI programming assistants like Claude and Cursor, aiming to trick them into executing workflows that expose secrets. Persistence mechanisms are employed via scheduler tasks and autostart, meaning simple removal is insufficient, necessitating comprehensive key rotation and system compromise checks. |
| 2026-05-25 2026 | Over 5500 GitHub Repositories Infected in Megalodon Supply Chain Attack news 2 min read | Writeup on the Megalodon supply chain attack, which infected over 5,500 GitHub repositories. The campaign leveraged malicious GitHub Actions workflows to steal credentials, keys, and tokens. Attackers injected over 5,700 commits within a six-hour window, deploying payloads to exfiltrate sensitive information like AWS, GCP, and Azure credentials, as well as SSH keys. The attack was discovered following the identification of compromised Tiledesk NPM packages. → securityweek.com |
| 2026-05-25 2026 | npm Introduces 2FA-Gated Publishing and New Install Controls to Strengthen Supply Chain Security news 2 min read | Library updates from npm introduce staged publishing, requiring 2FA approval for package releases to prevent automated compromise and malicious injections. New install controls like `--allow-file`, `--allow-remote`, and `--allow-directory` offer granular restrictions on package sources, addressing the rise in software supply chain attacks seen in campaigns targeting npm packages. → cxodigitalpulse.com |
| 2026-05-25 2026 | TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm PyPI and CratesIO news 3 min read | Library detailing the TrapDoor supply chain attack campaign that spread credential-stealing malware across npm, PyPI, and Crates.io. This coordinated campaign utilized malicious packages like `async-pipeline-builder` and `cryptowallet-safety`, employing techniques such as `trap-core.js` JavaScript payloads, Rust `build.rs` scripts, Python import-time execution, and the unusual tactic of implanting hidden instructions in `.cursorrules` and `CLAUDE.md` files to trick AI assistants. The attack targeted developers in crypto, DeFi, Solana, and AI, aiming to steal secrets, wallets, and credentials, with persistence achieved via cron jobs, systemd, Git hooks, and SSH. → thehackernews.com |
| 2026-05-24 2026 | Megalodon Supply Chain Attack: TeamPCP Compromises 5561 GitHub Repositories via Malicious CI/CD Workflows news 4 min read | Library detailing the Megalodon campaign, a supply chain attack by TeamPCP that compromised 5,561 GitHub repositories via malicious CI/CD workflows. The attack leveraged compromised developer credentials, injecting bash scripts that exfiltrated secrets like AWS and Azure credentials, SSH keys, and OIDC tokens to a C2 server. Variants included SysDiag and Optimize-Build workflows, and attackers also published malicious npm packages impersonating the Polymarket project, demonstrating worm-like propagation and reaching targets in Iran and Israel. → rescana.com |
| 2026-05-24 2026 | Active Exploitation Alert: Laravel Lang PHP Packages Compromised in Supply Chain Attack to Deploy Credential-Stealing Malware news 5 min read | Writeup on a supply chain attack targeting Laravel Lang PHP localization packages (laravel-lang/lang, laravel-lang/attributes, laravel-lang/http-statuses, laravel-lang/actions) which deployed credential-stealing malware. Attackers exploited GitHub version tagging to inject malicious code, impacting developers by exfiltrating cloud provider keys, developer secrets, browser passwords, and cryptocurrency wallets via a PHP dropper and secondary payload communicating with flipboxstudio[.]info. → rescana.com |
| 2026-05-23 2026 | npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks news 1 min read | Library enabling staged publishing for npm packages, requiring 2FA approval before release to mitigate supply chain attacks. It introduces "npm stage publish" via npm CLI 11.15.0+, demanding maintainer verification for every publish, including CI/CD and OIDC workflows. New install flags—`--allow-file`, `--allow-remote`, `--allow-directory`—provide granular control over non-registry installation sources, mirroring allowlist approaches. → thehackernews.com |
| 2026-05-23 2026 | Laravel-Lang Supply Chain Attack: Every Tag Across Multiple Composer Packages Rewritten to Steal CI Secrets news 7 min read | Writeup of the laravel-lang supply chain attack where a single actor rewrote all git tags across four popular Composer packages, including `laravel-lang/lang` and `laravel-lang/http-statuses`, to point to malicious commits. These commits added `src/helpers.php` to the `autoload.files` map, executing a payload upon application startup. The payload contacted `flipboxstudio.info`, dropped a PHP loader and ELF binary in `/tmp`, exfiltrated runner environment data, and then self-deleted. This technique bypassed standard version pinning, making pre-May 22, 2026 commit SHAs the only safe option. → stepsecurity.io |
| 2026-05-23 2026 | Laravel-Lang PHP Packages Compromised to Deliver Cross-Platform Credential Stealer news 3 min read | Library: The `laravel-lang/lang`, `laravel-lang/http-statuses`, `laravel-lang/attributes`, and `laravel-lang/actions` PHP packages were compromised in a supply chain attack. Malicious code embedded in version tags, specifically `src/helpers.php`, automatically executed on application startup. This dropper delivered a cross-platform credential-stealing payload capable of harvesting data from cloud environments, cryptocurrency wallets, browsers, password managers, and various application configurations. The stealer encrypts exfiltrated data with AES-256 and deletes itself from the disk. → thehackernews.com |
| 2026-05-23 2026 | This Week's Top Five Stories in Cyber news 3 min read | Platform addresses AI agent security risks with Agentic Fabric, enhancing visibility and control over non-human identities. Experian launches Transaction Forensics, an AI-powered threat detection platform, in collaboration with Resistant AI, to combat financial crime. Supply chain attacks targeting npm and PyPi ecosystems with credential stealer payloads, attributed to TeamPCP, highlight software supply chain vulnerabilities. Additionally, a lawsuit filed against Netflix alleges a surveillance system monetizing user viewing habits, using addictive designs to collect data. |
| 2026-05-23 2026 | JFrog Reveals Rise In AI-Driven Software Supply Chain Attacks news 3 min read | Report on the 2026 Software Supply Chain Security State of the Union, revealing significant vulnerabilities in Indian organizations' adoption of AI-driven development. Findings highlight critical gaps in malicious package detection, container security, and secrets scanning, leaving them exposed to escalating AI-weaponized attacks. The study details a 451% surge in malicious npm packages, the rise of the "Shai-Hulud" worm, and the challenges DevSecOps teams face validating AI-generated code, all exacerbated by an AI governance gap and unchecked Shadow AI. |
| 2026-05-23 2026 | How Koi Protects Against Developer Supply Chains beginner 4 min read | Library designed for Agentic Endpoint Security (AES) to protect against developer supply chain attacks. It addresses vulnerabilities exploited in the TeamPCP attack on the Nx Console VS Code extension, which leveraged trusted infrastructure abuse, invisible payloads in orphan commits, and credential harvesting. Koi provides frictionless visibility, proactive extension monitoring, and verified update rollouts to neutralize threats before they compromise sensitive data like Vault tokens, AWS metadata, and GitHub tokens, offering a modern alternative to legacy EDR solutions. → paloaltonetworks.com |
| 2026-05-23 2026 | Supply Chain Attack Flags 700 GitHub Repos With Hidden Linux Payload news | A supply chain attack has impacted over 700 GitHub repositories, introducing a hidden Linux payload. The malicious code was discovered embedded in a compromised project, allowing attackers to gain unauthorized access. This incident highlights the vulnerability of software supply chains and the potential for widespread compromise. The full extent of the attack and any potential payout information were not disclosed in the provided content. |
| 2026-05-23 2026 | Supply Chain Attack Targets Laravel-Lang Packages with Credential Stealer news 4 min read | Library detecting a supply chain attack targeting Laravel-Lang packages, where malicious version tags pointed to a fork containing credential-stealing code. This malware, delivered via composer's autoloader, collects AWS, GCP, Azure, and other cloud credentials, infrastructure secrets, developer keys, browser passwords, cryptocurrency wallet files, and VPN configurations. The attack was reported to Packagist and Aikido provides detection and prevention tools, including Aikido Safe Chain for intercepting package installations. → aikido.dev |
| 2026-05-22 2026 | TeamPCP Strikes (again): How a Trojan VS Code Extension Brought Down GitHub intermediate 3 min read | Library detailing the Nx Console VS Code extension compromise, where a trojanized version (18.95.0) was published, allowing TeamPCP to exfiltrate data from GitHub internal repositories. The extension silently executed a malicious package, `nx-next`, which stole GitHub tokens, npm credentials, AWS keys, Vault secrets, SSH keys, and other sensitive information through multiple exfiltration channels including HTTPS, the GitHub API, and DNS tunneling. → ox.security |
| 2026-05-22 2026 | Megalodon GitHub Attack Targets 5561 Repos with Malicious CI/CD Workflows news 4 min read | Analysis of the Megalodon campaign reveals an automated attack that injected malicious GitHub Actions workflows into 5,561 repositories, exfiltrating CI secrets, cloud credentials, SSH keys, and source code to a C2 server. The campaign utilized forged author identities and rotated commit messages to mimic routine CI maintenance, with payload variants including SysDiag and Optimize-Build. This attack, part of a broader trend of supply chain compromises by groups like TeamPCP, highlights the exploitation of CI/CD pipelines for credential theft, exemplified by the compromise of packages like @tiledesk/tiledesk-server and the theft of Ethereum/Polygon private keys through malicious npm packages impersonating Polymarket tools. → thehackernews.com |
| 2026-05-22 2026 | Hackers Use Hugging Face to Host Second-Stage Malware for npm Supply Chain Attack news 3 min read | Library for detecting sophisticated npm supply chain attacks where threat actors leverage Hugging Face for second-stage malware hosting and data exfiltration. This library helps identify malicious packages like "terminal-logger-utils" and its associated variants, which exhibit keylogger, infostealer, and RAT behaviors, stealing sensitive data including Telegram information, SSH keys, and cryptocurrency wallets. It can also detect the persistence mechanisms and self-update capabilities employed by this malware. → cybersecuritynews.com |
| 2026-05-22 2026 | 5561 GitHub Repositories Hit by Megalodon Supply Chain Attack in Six Hours news 2 min read | Analysis of the Megalodon supply chain attack, which compromised 5,561 GitHub repositories in six hours. The attack utilized fake GitHub accounts and official-looking sender identities like `build-bot` to push malicious code updates. Techniques such as SysDiag and Optimize-Build were employed, embedding data-stealing scripts and dormant backdoors triggered via the GitHub API. Victims like Tiledesk unintentionally published infected versions of their software to the npm registry. The malware targets cloud credentials for AWS, Google Cloud, and Azure, and steals verification tokens to impersonate GitHub Actions workflows. → hackread.com |
| 2026-05-22 2026 | TeamPCP Poisons 500 Open Source Tools Breaches GitHub news | A threat actor known as "TeamPCP" has intentionally compromised over 500 open-source software projects hosted on GitHub. The group injected malicious code into these widely used tools, effectively "poisoning" them. This widespread poisoning could lead to the compromise of numerous downstream projects and users who rely on these open-source components. The extent of the damage and the specific vulnerabilities exploited are still under investigation. There is no mention of a bounty payout amount. |
| 2026-05-22 2026 | New Megalodon Malware Hits Thousands of GitHub Projects news | Megalodon, a new malware strain, has compromised thousands of GitHub projects. The attack targets cloud-based development environments, specifically exploiting vulnerabilities in cloud configurations. Megalodon utilizes the "cloud malware" technique to embed itself within these environments. This sophisticated threat poses a significant risk to code repositories and potentially the software developed within them, impacting a wide range of projects hosted on GitHub. → sqmagazine.co.uk |
| 2026-05-22 2026 | Following repeated supply chain attacks npm has introduced a 'phased release' system adding a mechanism that prevents packages from being published using only leaked tokens. news 4 min read | Library introduces staged releases, a pre-publication review process for npm packages to mitigate supply chain attacks like Shai-Hulud. This system prevents packages from being published using only leaked tokens by requiring maintainer approval and two-factor authentication, even for automated CI/CD workflows. Maintainers can review and approve packages via CLI commands like `npm stage publish` and `npm stage view`, or through the npmjs.com interface. This mechanism aims to reduce the risk of malicious code injection through compromised accounts or tokens, complementing measures like Trusted Publish. → gigazine.net |
| 2026-05-22 2026 | India's AI surge exposes software supply chain security gaps news 5 min read | Library for assessing software supply chain security gaps, particularly relevant to India's AI adoption. The resource highlights challenges in detecting malicious npm packages (up 451% in 2025) and the impact of 48,000+ new CVEs disclosed globally in 2025, partly from AI-generated code introducing vulnerabilities like SQL injection. It details how AI necessitates a shift from code creation to validation, with DevSecOps teams spending 51% of their time reviewing AI-generated code. Model registries, like Hugging Face's 1.4 million new artifacts in 2025, represent a growing attack surface, with identified malicious AI models containing payloads for credential harvesting and command execution. |
| 2026-05-22 2026 | Shai-Hulud supply chain attack compromises 323 npm packages news 4 min read | Writeup of the Shai-Hulud supply chain attack, detailing how compromised npm maintainer accounts injected the Mini Shai-Hulud worm into 323 packages, including widely used libraries like echarts-for-react. The worm targets cloud keys, tokens, and crypto wallets via obfuscated JavaScript and can survive package removal by writing hooks into development environment files like `.vscode/tasks.json`. The attack's automated propagation mechanism allows stolen npm tokens to be used to publish new malicious versions, impacting millions of downloads and extending across multiple ecosystems beyond npm. |
| 2026-05-21 2026 | GitHub Internal Repositories Breached via Compromised Nx Console VS Code Extension: 2026 Supply Chain Cybersecurity Incident Analysis news 4 min read | Analysis of the 2026 supply chain attack where a compromised Nx Console VS Code extension (version 18.95.0) led to the exfiltration of credentials and 3,800 internal GitHub repositories. The attack leveraged a stolen GitHub token, with the payload harvesting secrets from cloud providers, CI/CD, password managers, and AI coding assistants, while establishing persistence on macOS systems via a Python backdoor. MITRE ATT&CK techniques T1195.002, T1546.001, T1555, and T1041/T1048 were observed. TeamPCP claimed responsibility for the incident. → rescana.com |
| 2026-05-21 2026 | TanStack npm Supply Chain Attack: Detailed Analysis of the May 2026 GitHub Actions Breach and Multi-Ecosystem Impact news 6 min read | Analysis of the May 2026 TanStack npm supply chain attack details a sophisticated breach by TeamPCP targeting GitHub Actions workflows. Exploiting cache poisoning and OIDC token theft, attackers published 84 malicious versions across 42 @tanstack npm packages, compromising secondary victims like Mistral AI and UiPath. The payload, router_init.js, exfiltrated credentials and deployed a destructive daemon. This incident highlights the vulnerability of CI/CD pipelines and the challenge of trusting SLSA provenance in light of this first documented npm compromise to carry valid attestations. → rescana.com |
| 2026-05-21 2026 | GitHub Breach Linked to TeamPCP Supply Chain Attack Spree news 2 min read | Writeup detailing the GitHub breach attributed to the TeamPCP supply chain attack spree. This incident involved a malicious VSCode extension leading to the compromise of thousands of GitHub repositories. TeamPCP, known for corrupting legitimate developer tools with malware, has conducted over 20 waves of attacks, affecting numerous organizations including OpenAI and Mercor, and utilizing tools like Mini Shai-Hulud. The group has also targeted vulnerabilities in platforms like Next.js and compromised software such as Trivy and LiteLLM. |
| 2026-05-21 2026 | Socket raises $60 million for its open-source security platform news | Library for securing open-source software development pipelines, Socket offers features to prevent supply chain attacks. It scans modules for malware, vulnerabilities, and license restrictions, reportedly blocking over 1,000 attacks weekly. The platform includes customization of responses, ongoing oversight with a "Monitor" feature, vulnerability scanning, and a "Reachability" tool to reduce false positives by up to 90%. Socket also provides "Certified Patches" and tools to reduce transitive dependencies. → scworld.com |
| 2026-05-21 2026 | Mini Shai-Hulud: Frequently asked questions about the TeamPCP npm and PyPI supply chain campaign beginner | This article addresses frequently asked questions regarding the Mini Shai-Hulud campaign, a supply chain attack targeting the npm and PyPI package repositories through the TeamPCP project. The campaign involved malicious code injected into packages, aiming to compromise users' systems. The FAQ likely clarifies the scope of the attack, the compromised packages, the method of infection, and steps for users to mitigate risks and secure their environments. It aims to provide clear information and guidance to the affected community. → securityboulevard.com |
| 2026-05-21 2026 | GitHub Breach: Severe VS Code Supply Chain Attack news 4 min read | Library of security writeups detailing a severe GitHub breach where a malicious VS Code extension, linked to the TeamPCP group, compromised internal repositories by exploiting broad permissions granted to developer tooling. This incident highlights the increasing threat of supply chain attacks targeting developer ecosystems and the critical need for robust security measures for developer workstations and software infrastructure at every stage of development. |
| 2026-05-21 2026 | Grafana Labs links GitHub environment breach to TanStack npm supply chain attack news | Grafana Labs has linked a breach of their GitHub environment to a supply chain attack targeting the TanStack npm package. Attackers compromised the TanStack npm package, likely through unauthorized access, and then used it to inject malicious code. This malicious code was subsequently utilized to gain unauthorized access to Grafana Labs' GitHub environment. The investigation is ongoing to determine the full extent of the compromise and to implement necessary security measures. → cybersecuritydive.com |
| 2026-05-21 2026 | Software supply chain attacks hit record highs thanks to AI development news | Software supply chain attacks are at an all-time high, largely driven by the rapid expansion of AI development. This trend highlights increased risks within the interconnected ecosystem of software dependencies. The article points to the growing complexity and interconnectedness of AI development as a key factor contributing to this surge in attacks. |
| 2026-05-21 2026 | GitHub Grafana Labs breaches traced back to TanStack supply chain compromise news 3 min read | Tool for identifying supply chain compromises impacting GitHub and Grafana Labs, traced back to a malicious Nx Console VS Code extension and the TanStack npm supply chain attack, part of the Mini Shai-Hulud campaign by TeamPCP. This attack leveraged stolen credentials for HashiCorp Vault, Kubernetes, AWS, npm, GitHub, 1Password, GCP, and Docker, with attempted sudoers injection on Linux. → helpnetsecurity.com |
| 2026-05-21 2026 | JFrog Exposes Severe Blind Spots in Indias Software Supply Chain Security news | Library for securing software supply chains. This resource examines severe blind spots identified by JFrog within India's software supply chain security, highlighting how websites utilize cookies for functionality and personalization. It also touches upon Google reCAPTCHA for spam protection, Google Analytics for traffic analysis, and X Pixel for ad performance optimization on the X platform. |
| 2026-05-21 2026 | TeamPCP breaches GitHub accessing 3800 internal code repositories news 4 min read | Writeup of TeamPCP's software supply-chain attack on GitHub, detailing how a malicious VS Code extension granted access to 3,800 internal code repositories. The stolen source code includes components for GitHub Actions, Copilot, and CodeQL. Attackers are attempting to sell this data for at least $50,000, posing significant risks to the crypto industry due to its reliance on GitHub for development and deployment infrastructure. |
| 2026-05-21 2026 | A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale news 7 min read | Library providing defensive measures against unprecedented software supply chain attacks, detailing the techniques employed by the threat group TeamPCP. The group has successfully compromised hundreds of open source tools, including VSCode extensions, AntV, Trivy, LiteLLM, Checkmarx, pgserve, TanStack, and Mistral AI, leading to breaches at entities like GitHub, OpenAI, and Mercor. TeamPCP utilizes self-spreading worms like Mini Shai-Hulud and exploits long-lived credentials to gain access, often for ransomware and data extortion. → wired.com |
| 2026-05-21 2026 | Supply Chain Security Crisis: Too Many Vulnerabilities Too Little Visibility news 4 min read | Analysis of the supply chain security crisis highlights the overwhelming number of CVEs, such as the over 48,000 published in 2025, and the rapidly decreasing time-to-exploitation, as evidenced by Mandiant's finding of negative seven days. Black Kite's research reveals that only a small fraction of these, 58 critical CVEs, pose a genuinely discoverable threat to enterprises. The increasing velocity of vulnerabilities, exacerbated by AI development and rapid application growth, necessitates improved visibility to manage risks, moving beyond traditional patching strategies. → securityweek.com |
| 2026-05-21 2026 | Grafana Labs Says Code Breach Stemmed from TanStack Attack news 2 min read | Analysis of the Mini Shai-Hulud campaign demonstrates a supply chain attack targeting TanStack packages, leading to a code breach at Grafana Labs. Threat actors, TeamPCP, injected credential-stealing malware into dozens of npm packages, including those within the @tanstack/* organization. This malware exfiltrated GitHub workflow tokens, granting attackers access to Grafana's codebase and internal operational information. The attack also impacted OpenSearch, PyPI mistralai, PyPI guardrails-ai, and @squawk packages, exploiting compromised CI/CD pipelines to distribute malicious, cryptographically signed versions. → infosecurity-magazine.com |
| 2026-05-21 2026 | More Than 320 npm Packages Targeted in New Shai-Hulud Supply Chain Attack news 1 min read | Writeup detailing the Shai-Hulud campaign, a software supply chain attack that compromised over 320 malicious npm packages. These packages, disguised as legitimate developer tools, were designed to steal sensitive information and credentials by downloading additional payloads and executing remote commands on infected systems. The attack highlights the growing threat to open-source ecosystems and the importance of auditing dependencies and verifying package authenticity. → cxodigitalpulse.com |
| 2026-05-21 2026 | GitHub links repo breach to TanStack npm supply-chain attack news 3 min read | Writeup detailing the Nx Console VS Code extension compromise, which was exploited by the TeamPCP group to breach 3,800 GitHub repositories. This supply-chain attack, originating from a TanStack npm compromise, leveraged stolen CI/CD credentials and a malicious Nx Console payload designed to exfiltrate secrets from npm, AWS, Kubernetes, GitHub, and GCP/Docker. The compromised extension, version 18.95.0, was available on the Visual Studio Marketplace and OpenVSX for a limited time, impacting approximately 6000 VS Code users. → bleepingcomputer.com |
| 2026-05-21 2026 | Indias software stack consolidation raises supply chain risk pushes partners into governance roles news 5 min read | Analysis of India's software stack consolidation reveals increased supply chain risk, with fewer development stacks and AI-driven coding pushing partners into governance roles. Enterprises standardizing on limited frameworks and AI assistance, as noted by JFrog's Sudhir Narla, amplify the blast radius of attacks. This trend drives partners towards advisory and operational services focusing on DevSecOps maturity, continuous compliance, and software trust management, rather than traditional resale. The evolving landscape necessitates governance models that keep pace with AI adoption, ensuring visibility and continuous enforcement across development, testing, and production, as organizations grapple with insecure dependencies and expanding attack surfaces due to developer tools. |
| 2026-05-21 2026 | GitHub Hit by Supply Chain Attack Through VS Code Extension news | GitHub was targeted by a supply chain attack exploiting a vulnerability in a VS Code extension. The attackers gained unauthorized access to customer data, including GitHub user information. The company is investigating the full scope of the breach and has notified affected customers. This incident highlights the risks associated with software supply chains and the importance of securing third-party integrations. No specific bounty payout amount was mentioned in this content. → sqmagazine.co.uk |
| 2026-05-21 2026 | GitHub Internal Repositories Breached via Malicious Nx Console VS Code Extension news 3 min read | Writeup detailing the GitHub internal repositories breach caused by a malicious Nx Console VS Code extension. The incident, attributed to the TeamPCP group, involved a trojanized version of the `nrwl.angular-console` extension that exfiltrated credentials from 1Password, Anthropic Claude Code, npm, GitHub, and AWS. The attack exploited the automatic update feature of VS Code extensions and targeted developer tooling, highlighting risks in software supply chain security and open-source distribution. Other organizations like OpenAI, Mistral AI, and Grafana Labs were also affected by the preceding TanStack compromise. → thehackernews.com |
| 2026-05-21 2026 | 5 Supply Chain Attacks in 48 Hours: Why Securing One Layer Is Not Enough beginner 10 min read | Library for securing the software supply chain, this resource details five distinct attacks in 48 hours targeting VS Code extensions, GitHub Actions, npm packages, and PyPI. It highlights how traditional tools like SCA and SAST fall short, failing to monitor CI/CD runtime or developer machines. The library offers runtime security for CI/CD, visibility into developer workstations, and ecosystem-wide threat intelligence to address these multi-layered threats. → stepsecurity.io |
| 2026-05-21 2026 | Mini Shai Hulud: Compromised @antv npm packages enable CI/CD credential theft news 8 min read | Library for detecting and mitigating the Mini Shai Hulud supply chain attack, which compromised @antv npm packages. This attack used obfuscated JavaScript to steal credentials from GitHub Actions, AWS, HashiCorp Vault, npm, Kubernetes, and 1Password. The payload employed techniques like runner memory scraping, privilege escalation via bind mounts, dual-channel exfiltration through HTTPS and Git Data API, and SLSA provenance forgery. The library helps identify affected systems and pin safe package versions. → microsoft.com |
| 2026-05-20 2026 | Shai-Hulud: What to Know About the Malware Spreading Through Software Pipelines beginner 4 min read | Library Shai-Hulud is a malware campaign spreading through software pipelines, impacting approximately 320 npm and PyPI packages. It abuses trusted workflows like GitHub Actions, affecting major entities including OpenAI, Microsoft, and Mistral AI. This threat exploits the reliance on third-party code, allowing attackers to gain access to downstream projects, steal credentials (cloud, crypto wallet, SSH keys), and enlist machines into botnets, posing a significant risk to enterprise systems beyond developer environments. |
| 2026-05-20 2026 | The Extension Blind Spot: How One VS Code Plugin Gave Attackers GitHub's Source Code news | A vulnerable VS Code extension, "Expandable", inadvertently exposed GitHub's source code. The extension's unauthenticated endpoints allowed attackers to download sensitive files, including proprietary code. This vulnerability highlights the security risks associated with extensions and the importance of thorough vetting. → securityboulevard.com |
| 2026-05-20 2026 | New JFrog Report Warns: AI Governance Fails as Software Supply Chain Attacks Hit Record Highs news 3 min read | Report detailing JFrog's 2026 Software Supply Chain Security State of the Union findings, highlighting a record high in software supply chain attacks. The report exposes a growing gap in AI governance as threat actors target AI model registries and developer tooling, moving beyond traditional package registries. Key findings include a surge in malicious npm packages, AI agent skills becoming an attack surface, and organizations claiming AI governance while still using public registries with known malicious payloads, illustrating an "illusion of mastery." |
| 2026-05-20 2026 | New JFrog Report Warns: AI Governance Fails as Software Supply Chain Attacks Hit Record Highs news | Report on the state of software supply chain security in 2026 highlights accelerating enterprise risk as attackers target AI model registries and developer tooling, bypassing traditional package registries. This expansion creates significant blind spots within existing software governance frameworks, indicating a failure in AI governance amidst a record high for software supply chain attacks. |
| 2026-05-20 2026 | New JFrog Report Warns: AI Governance Fails as Software Supply Chain Attacks Hit Record Highs news | A new JFrog report reveals a significant surge in software supply chain attacks, reaching record highs. The report highlights that current AI governance frameworks are inadequate in preventing these attacks. This trend indicates a growing vulnerability in the software development lifecycle, with attackers increasingly targeting the dependencies and components used to build software. The failure of AI governance to keep pace with evolving threats is a major concern for cybersecurity professionals. |
| 2026-05-20 2026 | GitHub breached via a malicious VS Code extension: why developer devices are the real target news 3 min read | Library for on-device application security, Aikido Device Protection, combats threats from trusted developer tooling like VS Code extensions. It features real-time malware blocking by checking against a live feed and a configurable minimum age policy, preventing installation of recently published or updated packages within a set timeframe. This approach protects against attacks like the compromised Nx Console extension and Durable Task Python SDK by enforcing security at the workstation, independent of network controls and beyond the scope of traditional EDR solutions. → aikido.dev |
| 2026-05-20 2026 | GitHub says internal repositories were taken in poisoned VS Code extension attack news 3 min read | Attack detailing a supply chain compromise where a poisoned Visual Studio Code extension, specifically a trojanized version of Nx Console, led to the exfiltration of GitHub's internal repositories. This incident highlights the risks associated with third-party developer tools, as compromised extensions operating within development environments can gain access to sensitive source code, credentials, and build systems, with a hacking group claiming responsibility for the attack. → cyberscoop.com |
| 2026-05-20 2026 | Grafana GitHub Breach Linked to TanStack npm Supply Chain Ransomware news 2 min read | Analysis of the Grafana GitHub breach, linked to a TanStack npm supply chain compromise and the "Mini Shai-Hulud" campaign, details how attackers leveraged compromised npm dependencies to inject malicious code. A missed GitHub workflow token allowed continued access, leading to exfiltration of source code, internal documentation, and business contact information. Despite token rotation, an overlooked CI/CD workflow facilitated the data theft, prompting a ransom demand which Grafana refused, aligning with FBI guidance. The incident underscores the risks of compromised npm packages within automated CI/CD workflows. → cybersecuritynews.com |
| 2026-05-20 2026 | GitHub Confirms Breach of Internal Repositories Via Malicious VS Code Extension news 2 min read | Library detailing supply chain attacks, including TeamPCP's breach of GitHub's internal repositories via a malicious VS Code extension. This attack highlights the risks associated with compromised development tools and open-source projects, exemplified by TeamPCP's previous targeting of Aqua Security's Trivy and Checkmarx's KICS, as well as direct compromises of Python packages like LiteLLM. The group aims to steal sensitive information such as cloud credentials and SSH keys, often collaborating with ransomware actors. → infosecurity-magazine.com |
| 2026-05-20 2026 | GitHub Breached: Malicious VS Code Extension Exposes 3800 Repos news 2 min read | Writeup of a GitHub supply chain attack where a poisoned Visual Studio Code extension on an employee's device led to exfiltration of approximately 3,800 internal repositories. While no customer repositories were compromised, the incident highlights the threat of malicious extensions to developer environments and the crypto industry's reliance on GitHub, emphasizing the need for credential rotation. |
| 2026-05-20 2026 | GitHub Confirms Hack Impacting 3800 Internal Repositories news 2 min read | Library of techniques for preventing supply chain attacks targeting developer tooling, including VS Code extensions. The article highlights the GitHub incident where TeamPCP exploited a poisoned VS Code extension, leading to the exfiltration of approximately 3,800 internal repositories. It emphasizes the critical need for visibility into developer machine extensions and secrets management to counter threats that leverage compromised developer workstations, as seen with past attacks on Trivy, Checkmarx, Bitwarden CLI, and TanStack. → securityweek.com |
| 2026-05-20 2026 | Pip 26.1 Ships Dependency Cooldowns and Experimental Lockfile Support to Combat Supply Chain Attacks news 3 min read | Library update, Pip 26.1, introduces dependency cooldowns to mitigate supply chain attacks by enforcing installation delays for new packages, drawing on analysis of past incidents like those affecting Essential Plugin and XZ Utils. It also adds experimental support for PEP 751 pylock.toml lockfiles, expanding adoption beyond uv. The release addresses CVE-2026-3219 and CVE-2026-6357, and updates vendored urllib3 to resolve three additional CVEs. → infoq.com |
| 2026-05-20 2026 | Tanium Highlights Supply Chain Attack Research on npm and PyPI news | Tanium Highlights Supply Chain Attack Research on npm and PyPI https://ift.tt/MlKiyuY → tipranks.com |
| 2026-05-20 2026 | Grafana GitHub Breach Exposes Source Code via TanStack npm Attack news 2 min read | Writeup detailing the Grafana GitHub breach, originating from a TanStack npm supply chain attack by TeamPCP. The incident exposed public and private source code, alongside internal operational data and business contact information, impacting Grafana Labs, OpenAI, and Mistral AI. Despite missed tokens leading to repository access, Grafana opted against paying an extortion demand, instead focusing on rotating tokens, enhancing monitoring, and auditing commits. → thehackernews.com |
| 2026-05-20 2026 | GitHub Investigating TeamPCP Claimed Breach of 4000 Internal Repositories news 4 min read | Analysis of the TeamPCP breach reveals a sophisticated supply chain attack originating from a poisoned Visual Studio Code extension, leading to unauthorized access to approximately 4,000 internal GitHub repositories. This incident also saw the compromise of the `durabletask` Python package on PyPI, distributing an infostealer capable of harvesting cloud provider credentials, password manager data, and SSH keys, with self-propagation mechanisms across AWS EC2 and Kubernetes environments. The malware employs a FIRESCALE mechanism to find backup C2 addresses by searching public GitHub commit messages. → thehackernews.com |
| 2026-05-20 2026 | Software Supply-Chain Attack Analysis Underscores Security Demand for Tanium news | A recent analysis of a software supply-chain attack highlights the critical need for robust security solutions like Tanium. These attacks, which compromise trusted software providers to distribute malicious code, pose a significant threat to organizations. The study emphasizes how Tanium's capabilities in asset visibility, threat detection, and rapid response are essential for mitigating the risks associated with these sophisticated attacks. By providing comprehensive endpoint management, Tanium empowers businesses to identify vulnerabilities, prevent breaches, and restore systems quickly, underscoring its value in defending against evolving cyber threats. → tipranks.com |
| 2026-05-19 2026 | Hackers have compromised dozens of popular open source packages in an ongoing supply chain attack news 1 min read | Library for detecting compromised open source packages, focusing on supply chain attacks like "Mini Shai-Hulud." This library helps identify malicious updates pushed to downstream users, such as those targeting Antv, a library by Alibaba, and TanStack, which impacted OpenAI employees by stealing credentials for services like password managers. |
| 2026-05-19 2026 | Bitsight Beacon: Supply Chain Exposure Management for the SOC beginner 3 min read | Tool for supply chain exposure management. Bitsight Beacon continuously monitors third-party environments for threats across the attack lifecycle, including infrastructure exposure, malicious activity, and post-compromise breach evidence. It correlates signals from attack surface intelligence, supply chain mapping, and threat intelligence to deliver validated alerts with IOCs, MITRE ATT&CK mappings, and remediation guidance, facilitating earlier detection and response between SOC and TPRM teams. |
| 2026-05-19 2026 | AntV data visualization tool the latest to be hit by ongoing npm supply chain attacks news 3 min read | Library that has been compromised by the Mini-Shai-Hulud worm, a prevalent npm supply chain attack. The worm targets AntV data visualization tools and attempts to steal npm and GitHub tokens, along with credentials from numerous file paths including cloud platforms and cryptocurrency wallets. Attackers store exfiltrated data in public GitHub repositories themed on Dune, and the malware may attempt persistence via a Python backdoor. Developers are advised to audit and move to known safe versions, rotate all credentials, and strengthen monitoring and package verification. → infoworld.com |
| 2026-05-19 2026 | TanStack weighs invitation-only pull requests after supply chain attack news 2 min read | Library proposals address supply chain vulnerabilities following a Shai-Hulud worm attack that exploited a GitHub Actions misconfiguration. Measures include removing `pull_request_target` usage, disabling caches, pinning actions to commit SHAs, and implementing pnpm's `minimumReleaseAge` feature. A radical proposal considers invitation-only pull requests to mitigate risks, while acknowledging the impact on open-source contributions. |
| 2026-05-19 2026 | Massive npm Supply Chain Attack Compromises AntV Packages news 2 min read | Library compromise targeting AntV packages in a supply chain attack, linked to the "Mini Shai-Hulud" campaign, injected malicious versions into over 300 npm libraries like @antv/g2 and echarts-for-react. The malware aimed to steal AWS credentials, GitHub tokens, npm tokens, SSH keys, and Docker/Kubernetes secrets, with some versions attempting container escapes. This follows similar patterns seen with Axios and TanStack package compromises, emphasizing the risk of hijacked maintainer accounts and automated dependency updates. → thecyberexpress.com |
| 2026-05-19 2026 | The @antv Ecosystem Was Compromised with Shai-Hulud Malware 300 Packages Affected news 3 min read | Library for detecting the Shai-Hulud npm malware, which compromises over 300 packages and affects millions of downloads. This self-propagating worm, suspected to be from TeamPCP, harvests credentials via malicious `preinstall` scripts, exfiltrates data disguised as OpenTelemetry, and uses stolen GitHub tokens to create public repositories with the beacon string "niagA oG eW ereH :duluH-iahS". Recommended actions include rotating keys, adding 2FA, and downgrading affected packages. → ox.security |
| 2026-05-19 2026 | Hackers have compromised dozens of popular open source packages in an ongoing supply chain attack news 1 min read | Analysis of "Mini Shai-Hulud," a supply chain attack campaign compromising dozens of open source packages, including Alibaba's Antv and TanStack. Attackers leverage compromised developer accounts to push malicious updates across hundreds of packages, aiming to steal credentials from users of password managers and other services. Researchers at StepSecurity and SafeDep identified this widespread threat, which has impacted numerous downstream projects and organizations like OpenAI. → techcrunch.com |
| 2026-05-19 2026 | Software Supply Chain Attacks Underscore Rising Cybersecurity Demand news | This article highlights the increasing threat of software supply chain attacks, where vulnerabilities in third-party software components are exploited to compromise larger systems. These attacks, like the recent SolarWinds incident, demonstrate a critical need for enhanced cybersecurity measures. The sophistication and potential impact of these breaches underscore the growing demand for robust security solutions and expertise to protect against evolving cyber threats. The content implies a significant and escalating concern within the cybersecurity landscape. → tipranks.com |
| 2026-05-19 2026 | TeamPCPs Mini Shai-Hulud Campaign Breaches TanStack npm news 3 min read | Writeup on the Mini Shai-Hulud campaign that targeted TanStack npm packages, exploiting GitHub Actions vulnerabilities to poison caches and publish malicious versions. This supply chain attack, attributed to TeamPCP, utilized a credential stealer and self-propagating worm to exfiltrate tokens, including OpenID Connect, CI/CD, and cloud credentials, affecting organizations like OpenAI. The malware specifically avoided Russian-language systems. |
| 2026-05-19 2026 | What is Mini Shai-Hulud npm supply chain attack and was Microsoft and Socket hit by malware? Full explain beginner 5 min read | Analysis of the Mini Shai-Hulud npm supply chain attack details a worm-like campaign that compromised npm accounts to publish malicious package versions. This attack injected credential-stealing code, targeting GitHub tokens, AWS credentials, SSH keys, and more, using preinstall hooks to execute during installation. Microsoft Defender detected the malware, while Socket reported extensive compromise within the @antv ecosystem, highlighting risks to CI/CD pipelines and developer environments. The campaign leverages stolen tokens for propagation and could be linked to financially motivated groups. |
| 2026-05-19 2026 | The Worm That Keeps on Digging: TeamPCP Hits @antv in Latest Wave news 2 min read | Analysis of a coordinated software supply chain attack reveals malware targeting NPM packages within the @antv namespace, GitHub Actions like actions-cool/issues-helper, and the VSCode extension nrwl.angular-console v18.95.0. The campaign, attributed to "TeamPCP", leverages orphaned GitHub commits for payload hosting and uses `bun` for execution, stealing credentials and establishing persistence via a Python backdoor at `~/.local/share/kitty/cat.py`. The backdoor uses the trigger `firedalazer` for C2 communication, executing remote Python code. → wiz.io |
| 2026-05-19 2026 | One NPM accoun poisons over 600 packages with millions of weekly downloads in a new supply chain attack news | A threat actor compromised a single NPM account, injecting malicious code into over 600 packages. These poisoned packages, collectively downloaded millions of times weekly, represent a significant supply chain attack. The malware aims to steal environment variables, potentially exposing sensitive data like API keys and user credentials. This incident highlights the vulnerability of the NPM ecosystem and the widespread impact of compromised dependencies. → cybernews.com |
| 2026-05-19 2026 | Malicious GitHub Action Steals Workflow Credentials In Supply Chain Attack news 2 min read | Library for detecting malicious GitHub Actions, specifically detailing an attack on the `issues-helper` action that manipulates repository tags and commits to exfiltrate workflow credentials. The attack involves downloading the Bun JavaScript runtime, using Python child processes to scrape secrets from runner memory, and exfiltrating data to an attacker-controlled domain. Security measures like Harden-Runner and StepSecurity can block these compromised actions and outbound connections. → cyberpress.org |
| 2026-05-19 2026 | Mini Shai-Hulud Malware Campaign Compromises Open-Source Packages in Major Supply Chain Attack news 2 min read | Analysis of the Mini Shai-Hulud malware campaign reveals a large-scale software supply chain attack impacting hundreds of open-source npm and PyPI packages. Attackers exploited GitHub Actions and CI/CD pipelines via cache poisoning to inject malicious code, compromising popular packages from vendors like TanStack and UiPath. The malware steals credentials, establishes persistence in developer tools, and possesses destructive capabilities, highlighting the weaponization of trusted automation infrastructure and the evolution of supply chain threats targeting AI and cloud development. → cxodigitalpulse.com |
| 2026-05-19 2026 | GitHub Actions Supply Chain Attack Redirects Tags to Steal CI/CD Credentials news 2 min read | Library for detecting supply chain attacks against GitHub Actions, specifically detailing a compromise of the "actions-cool/issues-helper" and "actions-cool/maintain-one-comment" workflows. Threat actors redirected repository tags to malicious commits, exfiltrating CI/CD credentials by executing code that reads runner memory and makes outbound calls to attacker-controlled domains like "t.m-kosche[.]com". This technique, involving imposter commits, bypasses PR reviews and achieves arbitrary code execution, potentially linked to the Mini Shai-Hulud campaign targeting npm packages. → thehackernews.com |
| 2026-05-19 2026 | Mini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer Account news 4 min read | Library detailing the Mini Shai-Hulud software supply chain attack campaign, which leverages compromised npm maintainer accounts to inject credential-stealing payloads into popular packages like echarts-for-react and various @antv ecosystem modules. The campaign targets over 20 credential types, including AWS, Azure, and GitHub tokens, and utilizes techniques such as OIDC token abuse and Sigstore attestation forgery to mimic legitimate releases. The attack's payload exfiltrates data to actor-controlled domains and can propagate through stolen npm tokens by republishing trojanized package versions. → thehackernews.com |
| 2026-05-19 2026 | Dataminr Highlights Emerging Risks in Software Supply Chain and AI Security news | Dataminr has identified critical emerging risks within software supply chains and AI security. Their analysis points to the growing threats in how software is developed and deployed, emphasizing the need for enhanced security measures. The company's insights suggest a proactive approach is necessary to mitigate vulnerabilities in these complex and rapidly evolving areas. → tipranks.com |
| 2026-05-18 2026 | Shai-Hulud copycat hits another npm package news 3 min read | Library for identifying and mitigating supply chain attacks, specifically addressing threats like the Shai-Hulud copycat worm targeting npm packages. It also covers other stealer malware found within packages, highlighting the risks posed by malicious code inserted into widely used software components. The entry also touches on broader security concerns such as AI-assisted attacks on APIs and the vulnerability of open-source registries. → theregister.com |
| 2026-05-18 2026 | OpenAI macOS Products Impacted by TanStack Supply Chain Attack via Mini Shai-Hulud Malware in TeamPCP Campaign news 6 min read | Writeup on the TanStack supply chain attack, where the TeamPCP threat group used the Mini Shai-Hulud worm to compromise OpenAI's macOS products. Attackers injected malicious code into TanStack npm packages, stealing credentials from OpenAI employee devices. This incident highlights risks from compromised CI/CD pipelines and open-source dependencies, impacting multiple AI and software development organizations. OpenAI responded by rotating credentials and reviewing code-signing certificates. → rescana.com |
| 2026-05-18 2026 | OpenAI macOS Apps Targeted in TanStack Supply Chain Attack: Two Employee Devices Compromised Urgent Updates Required news 7 min read | Writeup detailing the TanStack supply chain attack, orchestrated by TeamPCP, which compromised two OpenAI employee devices. The attack utilized the Mini Shai-Hulud malware, distributed via trojanized npm and PyPI packages, to exfiltrate credentials and establish persistence through modified VS Code tasks. OpenAI responded by revoking code-signing certificates for macOS, iOS, and Windows products, requiring mandatory updates for specific desktop applications before June 12, 2026, due to the incident's impact on internal source code repositories. → rescana.com |
| 2026-05-18 2026 | AI supply-chain attacks bypass model red teams intermediate | AI supply-chain attacks are a growing concern, as demonstrated by a recent incident where attackers successfully bypassed model red teams. This indicates that current defensive measures are insufficient against sophisticated methods that compromise the AI development lifecycle. The attack highlights a vulnerability where malicious inputs or data can be injected into the AI's training or deployment pipeline, leading to unintended or harmful behavior, even when the model has undergone rigorous testing. This necessitates a re-evaluation of AI security strategies to address these novel threats effectively. → venturebeat.com |
| 2026-05-18 2026 | TeamPCP compromises Python libraries via supply chain attack news 2 min read | Writeup of CVE-2026-33634, a critical supply chain attack by TeamPCP targeting Python libraries. The attackers first compromised the vulnerability scanner Trivy, then used its publication tokens to upload malicious versions of the LiteLLM library to PyPI. These versions injected payloads to exfiltrate AI keys (OpenAI, Anthropic, Azure), cloud credentials (AWS, GCP, Azure), and SSH keys, then established a backdoor. The attack exploited LiteLLM's role as a gateway to over 100 LLM providers, impacting thousands of internet-facing instances. → techzine.eu |
| 2026-05-18 2026 | First Shai-Hulud Worm Clones Emerge news 2 min read | Writeup detailing the emergence of Shai-Hulud worm clones following the release of its source code. The malware, previously used in supply chain attacks against NPM packages affecting developers, was adapted by threat actors and published in new NPM packages like 'chalk-tempalte'. These clones aim to steal credentials and API keys, propagating by injecting themselves into victim packages and publishing malicious versions, impacting users of Trivy, Bitwarden, Checkmarx, SAP, and TanStack. → securityweek.com |
| 2026-05-18 2026 | OpenAI Among the Companies Affected by TanStack Breach news 3 min read | Writeup on the Mini Shai-Hulud campaign, detailing a supply chain attack in May 2026 that compromised npm and PyPi ecosystems. Threat actors exploited a GitHub Actions vulnerability to publish malicious versions of TanStack npm packages, affecting companies like OpenAI. The attack leveraged poisoned caches and stolen OpenID Connect tokens to publish malicious package versions, spreading like a worm by stealing CI/CD tokens, cloud credentials, and various registry tokens. The malware exhibited self-propagating worm capabilities within the npm ecosystem and included a check to terminate if Russian language settings were detected. |
| 2026-05-18 2026 | TanStack weighs invitation-only pull requests after supply chain attack news 3 min read | Library usage changes follow a supply chain attack on TanStack, a popular JavaScript utility library. After a malicious actor compromised an npm package, TanStack is exploring changes like invitation-only pull requests to enhance its security posture and prevent future incidents, underscoring the growing risks in open-source software development. → theregister.com |
| 2026-05-18 2026 | OpenAI Rotates Certificates After TanStack Supply Chain Attack Hits Employee Devices news 4 min read | Library affected by TanStack supply chain attack, exposing OpenAI employee devices and necessitating code-signing certificate rotation and mandatory macOS app updates. The incident, part of the "Mini Shai-Hulud" campaign, leveraged compromised GitHub Actions caches to distribute malicious npm packages. Malware within these packages pilfered credentials like GitHub tokens and SSH keys from affected systems. Experts emphasize this highlights critical vulnerabilities in CI/CD pipelines and developer workstations, advocating for stricter controls, immutable dependencies pinned to specific hashes, and secret isolation to mitigate risks. |
| 2026-05-18 2026 | Forcepoint details TeamPCP supply chain attack that turned LiteLLM into a credential stealer news 3 min read | Library analysis detailing the TeamPCP supply chain attack that compromised LiteLLM versions 1.82.7 and 1.82.8. The attack leveraged a poisoned Trivy build, leading to credential theft including PYPI_PUBLISH tokens, OpenAI, Anthropic, Azure, and AWS API keys. Malicious payloads were embedded via proxy server modifications and a stealthy .pth file, enabling exfiltration of sensitive data and installation of a persistent backdoor. |
| 2026-05-18 2026 | Developer Workstations Are Now Part of the Software Supply Chain beginner 5 min read | Library of techniques and tools for securing developer workstations, recognizing them as a critical part of the software supply chain. The resource highlights how attackers target secrets like API keys and cloud credentials on these machines, as demonstrated in campaigns like "mini Shai Hulud" and TeamPCP. It emphasizes the importance of securing local context, managing credential exposure, and integrating security into AI-assisted development workflows to prevent attacks before they reach repositories and CI/CD pipelines. → thehackernews.com |
| 2026-05-18 2026 | Hacking NPM is now a contest: copycats using TeamPCP code to compromise open source news | NPM has launched a bug bounty program due to copycat attackers leveraging TeamPCP code to compromise open-source projects. This initiative aims to incentivize the discovery and reporting of vulnerabilities within the NPM ecosystem, enhancing its security. The contest encourages ethical hackers to identify and disclose security flaws, thereby helping to protect the open-source software supply chain from malicious exploitation. Further details on the program and potential rewards can be found at the provided link. → cybernews.com |
| 2026-05-18 2026 | OpenAI responds to TanStack supply chain cyber attack news 1 min read | Library update detailing OpenAI's response to the 'Mini Shai-Hulud' supply chain attack, which leveraged the compromised TanStack npm package. The incident involved credential-focused malware, affecting two employee devices and leading to limited exfiltration of credential material without impacting user data or production systems. OpenAI's mitigation included isolating systems, revoking credentials, and implementing new protections like stricter package verification and provenance validation for upstream libraries. This also necessitated a precautionary rotation of software signing certificates for products like ChatGPT Desktop and Codex App. |
| 2026-05-17 2026 | OpenAI Urges macOS Users to Update After TanStack Supply Chain Attack Hits Signing Keys news | OpenAI is strongly advising macOS users to update their systems following a supply chain attack on TanStack. The attack compromised signing keys, potentially affecting applications that rely on them. While specific details about the extent of the compromise or any direct impact on OpenAI products are not immediately clear, the alert highlights a significant security incident within the software development ecosystem. Users should ensure their macOS and any affected applications are updated to the latest versions to mitigate potential risks. No bug bounty payout amount was specified. → securityboulevard.com |
| 2026-05-16 2026 | OpenAI hit by supply chain attack linked to malicious TanStack packages news 2 min read | Library impacting OpenAI, TanStack, UiPath, and DraftLab highlights the Mini Shai-Hulud worm campaign. Attackers leveraged hijacked GitHub Actions OIDC tokens to distribute malicious npm packages, including 84 tied to TanStack, that stole secrets from CI/CD environments and developer tools like VS Code. The worm generated valid SLSA Level 3 attestations, making it appear legitimate, and led to credential exfiltration from two OpenAI employee devices, compromising internal source code repositories and code-signing certificates. → securityaffairs.com |
| 2026-05-16 2026 | OpenAI Impacted by TanStack Supply-Chain Attack news 2 min read | Writeup detailing the OpenAI supply-chain attack, where compromised TanStack npm packages, part of the "Mini Shai-Hulud" campaign, infected two employee devices. Attackers leveraged malicious code in 84 package versions to steal limited credentials from internal source code repositories, though OpenAI confirmed no user data or production systems were compromised. This incident underscores the growing risk of supply-chain attacks targeting AI companies and their reliance on open-source ecosystems. → cxodigitalpulse.com |
| 2026-05-16 2026 | Node-ipc supply chain attack targets crypto devs news | A malicious actor injected code into the popular Node-ipc package, a tool used by cryptocurrency developers. This compromised version, disguised as a legitimate update, contained a "protester-war" module that targeted developers in Ukraine and Russia. For users outside of these countries, the module would deploy cryptocurrency-mining malware. This incident highlights the vulnerability of software supply chains and the potential for malicious actors to exploit widely used tools to distribute harmful code. |
| 2026-05-16 2026 | OpenAI tells Mac users to update apps after software supply chain attack news | OpenAI has urged Mac users to update their applications following a software supply chain attack. Attackers compromised a third-party analytics provider, potentially exposing user data from certain OpenAI applications, including ChatGPT. While OpenAI states that their systems were not directly breached and no sensitive information like conversation history or payment details were compromised, they recommend users update their apps to mitigate any potential risks from this incident. → msn.com |
| 2026-05-16 2026 | Expired domain leads to supply chain attack on node-ipc npm package news 4 min read | Library for Node.js Inter-Process Communication compromised via expired domain and email takeover. Malicious versions of the popular `node-ipc` npm package (9.1.6, 9.2.3, 12.0.1) were published, bundling credential-stealing malware designed to exfiltrate sensitive data from CI/CD tools, cloud services, Kubernetes, and more via DNS TXT queries. The attack leveraged a dormant maintainer account whose associated domain had expired and was subsequently re-registered by attackers. → csoonline.com |
| 2026-05-15 2026 | Two Employee Devices Impacted By TanStack Supply Chain Attack news 3 min read | Library compromising TanStack npm was targeted by the Mini Shai-Hulud supply chain attack, impacting two employee devices and resulting in limited credential exfiltration from internal code repositories. OpenAI responded by isolating systems, rotating credentials, and updating security certificates for macOS applications by June 12 to prevent the distribution of fraudulent software. This incident highlights the vulnerability of shared software dependencies, prompting OpenAI to accelerate the deployment of security controls like package manager configurations with minimum release age requirements. |
| 2026-05-15 2026 | OpenAI tells Mac users to update apps after software supply chain attack news | OpenAI is advising Mac users to update their applications following a software supply chain attack. The attack targeted a third-party library used by several applications, potentially exposing user data. OpenAI's own ChatGPT desktop app was affected, and they are working with other affected vendors to address the vulnerability. Users are urged to apply any available updates promptly to protect themselves. No specific bounty payout amount was mentioned in the content. → msn.com |
| 2026-05-15 2026 | OpenAI Warns Mac Users to Update Apps After Supply-Chain Attack news | OpenAI has issued a warning to Mac users, advising them to update their applications promptly due to a supply-chain attack. This attack potentially compromised applications downloaded from unauthorized sources or modified by third parties. Users are urged to remove any suspect applications and reinstall them from official sources to mitigate the risk of malware or data theft. The specific payout for reporting this vulnerability was not mentioned. → techrepublic.com |
| 2026-05-15 2026 | OpenAI tells Mac users to update apps after software supply chain attack news | OpenAI has alerted Mac users to update their applications following a software supply chain attack. Attackers compromised a third-party data analytics provider used by OpenAI. This allowed them to gain access to customer data, including names, email addresses, and payment information for some users. OpenAI states that it has no evidence of unauthorized access to their main systems or any impact on ChatGPT or other OpenAI products. Users are advised to update their Mac applications as a precautionary measure. → msn.com |
| 2026-05-15 2026 | OpenAI Hit by TanStack Supply Chain Attack news 2 min read | Writeup of the TanStack supply chain attack, detailing how the TeamPCP group compromised 42 packages and over 170 namespaces across NPM and PyPI. This coordinated campaign infected developer devices with the Shai-Hulud worm, leading to exfiltration of credential material from OpenAI's internal source code repositories via two employee devices. OpenAI responded by rotating credentials, revoking sessions, restricting workflows, and revoking/re-signing code-signing certificates for multiple platforms. → securityweek.com |
| 2026-05-15 2026 | The software supply chain is the new ground zero for enterprise cyber risk. Don't get caught short beginner 4 min read | Analysis of recent AI-driven software supply chain attacks, including the TeamPCP breach targeting LiteLLM, Trivy, and Checkmarx, highlights the urgent need to treat AI middleware as critical infrastructure. The article emphasizes securing developer workflows, modernizing risk management for AI applications, and implementing continuous monitoring for unauthorized connections and data exfiltration. It advocates for developer upskilling, AI governance tools, and adherence to organizational rulesets to mitigate risks from sophisticated AI-assisted threats. |
| 2026-05-15 2026 | TanStack Supply Chain Attack Hits Two OpenAI Employee Devices Forces macOS Updates news 4 min read | Library detailing a sophisticated supply chain attack campaign, prominently featuring the TanStack Mini Shai-Hulud worm. The attack targeted OpenAI, Mistral AI, and other vendors, leading to compromised macOS apps (ChatGPT Desktop, Codex App, Codex CLI, Atlas) requiring updates due to revoked signing certificates. The malware, delivered via compromised packages like guardrails-ai and mistralai, exhibits advanced capabilities including hardcoded C2 servers, fallback mechanisms like FIRESCALE, and exfiltration to GitHub repositories, while also incorporating destructive behaviors targeting specific geographic regions and exfiltrating AWS credentials across all availability zones. → thehackernews.com |
| 2026-05-15 2026 | OpenAI caught in TanStack npm supply chain chaos after employee devices compromised news 3 min read | Library detailing supply chain risks, including the OpenAI incident stemming from compromised employee devices impacting the TanStack npm package. It also touches upon AI agents' ability to create exploits, the strain agentic AI places on memory hierarchies, and the challenge of securing open-source registries with insufficient funding. The information highlights the evolving landscape of application security threats and the increasing reliance on AI. → theregister.com |
| 2026-05-15 2026 | OpenAI confirms exposure in recent Shai-Hulud supply-chain attack news 2 min read | Writeup of the Mini Shai-Hulud supply-chain attack impacting OpenAI, which involved compromised npm packages from TanStack and exposed limited internal credentials and code-signing certificates. The incident led OpenAI to rotate signing keys for its desktop applications and prompted macOS users to update software by June 12, 2026, to avoid disruptions. The attack leveraged techniques like cache poisoning and OpenID Connect token extraction to compromise repositories and harvest secrets. |
| 2026-05-15 2026 | node-ipc npm Package Hit by Credential Stealer Attack news 5 min read | Library containing a credential stealer and backdoor functionality, targeting the widely-used `node-ipc` npm package. Malicious versions, including 9.1.6, 10.2.0, and 11.1.1, were published through what appears to be a hijacked dormant maintainer account. The malware, embedded in the `node-ipc.cjs` file, harvests sensitive data from developer environments, including cloud credentials, SSH keys, and secrets from various tools like Kubernetes and Docker, exfiltrating it via DNS TXT queries to a lookalike Azure Static Web Apps domain. A forensic indicator observed across infected tarballs is a consistent file timestamp of "Oct. 26, 1985." → thecyberexpress.com |
| 2026-05-15 2026 | TanStack npm Supply Chain Attack Prompts OpenAI Updates news 3 min read | Library advisory detailing OpenAI's response to a TanStack npm supply chain attack, part of the Mini Shai-Hulud campaign. The attack, identified on May 11, 2026, compromised two employee devices, exfiltrated a small amount of credential material, and impacted code-signing certificates for macOS, Windows, iOS, and Android. OpenAI is rotating certificates and requiring macOS users to update applications before June 12, 2026, to avoid disruptions, emphasizing no customer data or production systems were affected. → thecyberexpress.com |
| 2026-05-15 2026 | OpenAI Says Hackers Stole Limited Data Following Latest Code Security Incident news 1 min read | Writeup detailing a recent OpenAI supply-chain attack involving compromised TanStack npm packages. Hackers injected malicious code into the TanStack ecosystem, gaining access to two OpenAI employee devices and stealing limited internal data. The incident did not impact ChatGPT user data, production systems, or core intellectual property, but it underscores the growing threat of sophisticated supply-chain attacks targeting open-source libraries and AI infrastructure. → cxodigitalpulse.com |
| 2026-05-15 2026 | OpenAI Confirms Security Breach Via TanStack npm Supply Chain Attack news 2 min read | Writeup of the Mini Shai-Hulud supply chain attack, which compromised TanStack npm packages and affected OpenAI, Mistral AI, UiPath, Guardrails AI, and OpenSearch. The campaign exploited CI/CD weaknesses to inject malicious code, leading to credential exfiltration from two OpenAI employee devices, though no user data or intellectual property was stolen. OpenAI rotated signing certificates and restricted code deployment as precautionary measures. → cybersecuritynews.com |
| 2026-05-15 2026 | node-ipc npm Package with 822K Weekly Downloads Compromised in Supply Chain Attack news 2 min read | Writeup on the node-ipc npm package supply chain attack, which compromised versions 9.1.6, 9.2.3, and 12.0.1 with obfuscated stealer and backdoor payloads. Attackers exploited a dormant maintainer account takeover by acquiring its expired recovery email domain. The malicious payload targets CommonJS consumers, fingerprinting hosts, harvesting credentials from over 100 patterns including AWS, Azure, GCP, and Kubernetes secrets, archiving data, and exfiltrating it via DNS TXT queries to a fake Azure domain. Forensic timestamps of October 26, 1985, are used to identify malicious artifacts. → cybersecuritynews.com |
| 2026-05-15 2026 | Stealer Backdoor Found in 3 Node-IPC Versions Targeting Developer Secrets news 4 min read | Library: node-ipc versions 9.1.6, 9.2.3, and 12.0.1 contain a stealer backdoor that fingerprints hosts, enumerates local files, and exfiltrates developer and cloud secrets including AWS, Google Cloud, Azure, SSH keys, Kubernetes tokens, and GitHub CLI configs to sh.azurestaticprovider[.]net. The malware uses an Immediately Invoked Function Expression (IIFE) and a SHA-256 fingerprint check for conditional execution, and can exfiltrate data via DNS TXT records by overriding the system's DNS resolver. → thehackernews.com |
| 2026-05-15 2026 | OpenAI says no user data compromised after supply-chain attack news | OpenAI has confirmed that no user data was compromised following a recent supply-chain attack. The incident involved a malicious actor gaining access to a third-party vendor's tools, which in turn had access to OpenAI's systems. While the attackers could view certain customer information, including names, emails, and payment details of some users, OpenAI states that no sensitive data like passwords or full credit card numbers were accessed. The company has since revoked the vendor's access and is working to prevent similar incidents in the future. → cybernews.com |
| 2026-05-14 2026 | OpenAI Tells Mac Users to Update Apps After Software Supply Chain Attack news 4 min read | Library update for OpenAI macOS users following a software supply chain attack via malicious Tanstack npm packages. The attack, attributed to TeamPCP, leveraged three chained vulnerabilities to distribute credential-stealing malware. OpenAI's investigation found employee devices installed affected versions, leading to compromised internal source code repositories containing signing certificates. As a precaution, OpenAI is rotating code-signing certificates, necessitating updates for macOS applications to prevent potential distribution of fake OpenAI products. |
| 2026-05-14 2026 | Active Supply Chain Attack: Malicious node-ipc Versions Published to npm news 17 min read | Tool detailing the node-ipc supply chain attack where malicious versions 9.1.6, 9.2.3, and 12.0.1 were published to npm. The attack, executed by a rogue maintainer, injected an obfuscated payload into the CommonJS bundle designed to steal over 90 categories of credentials and exfiltrate them to an attacker-controlled server. Version 12.0.1 includes a specific targeting gate based on the module's file path hash. → stepsecurity.io |
| 2026-05-14 2026 | OpenAI asks macOS users to update after TanStack npm supply chain attack news 4 min read | Library for securing applications against supply chain attacks, exemplified by the TanStack npm compromise. This incident involved credential stealers and self-propagation targeting popular npm, PyPI, and other packages, impacting companies like OpenAI and Mistral AI. The attack, attributed to TeamPCP, highlights the risks associated with interconnected software ecosystems and the need for rigorous security controls to validate legitimate software and prevent unauthorized modifications. → therecord.media |
| 2026-05-14 2026 | OpenAI Contained Credential Theft After TanStack Supply-Chain Attack Sees No User Data Impact news | OpenAI recently addressed a supply-chain attack targeting TanStack, a developer tool. The attackers successfully gained access to a TanStack dependency, potentially leading to credential theft. However, OpenAI's security measures successfully contained the exploit, and they confirmed that no user data was impacted. The incident highlights the risks associated with supply-chain vulnerabilities, even when user data remains secure. → tipranks.com |
| 2026-05-14 2026 | OpenAI confirms security breach in TanStack supply chain attack news 3 min read | Library impacting hundreds of npm and PyPI packages, the TanStack supply chain attack, also known as Mini Shai-Hulud, led to OpenAI confirming a breach on two employee devices. While no customer data or production systems were compromised, attackers exfiltrated limited credentials from internal repositories, prompting OpenAI to rotate code-signing certificates for its applications. The campaign utilized compromised GitHub Actions workflows and CI/CD configurations to inject malicious code and publish trojanized package versions, targeting developer and cloud credentials, including GitHub tokens and AWS credentials, and establishing persistence via modified code hooks. → bleepingcomputer.com |
| 2026-05-14 2026 | OpenAI says hackers stole some data after latest code security issue news 2 min read | Writeup detailing OpenAI's incident where hackers compromised TanStack, a popular open-source library, leading to the theft of credentials from two employee devices. The attack involved malicious updates to TanStack, designed to steal credentials and self-propagate, similar to past supply-chain attacks on projects like Axios and Daemon Tools. While OpenAI reported no compromise of production systems or user data, limited internal source code repositories were accessed, prompting credential rotation. → techcrunch.com |
| 2026-05-14 2026 | OpenAI denies user data exposure from TanStack npm Mini Shai-Hulud supply chain attack news 3 min read | Library of malicious packages, including those affecting TanStack npm and targeting OpenAI devices, comprised the "Mini Shai-Hulud" campaign. This supply chain attack exploited GitHub Actions to distribute 84 malicious versions across 42 TanStack libraries, aiming to steal credentials like GitHub tokens and cloud keys. While OpenAI confirmed two employee devices were compromised, they found no evidence of user data exposure or intellectual property theft, though some credential material was accessed. |
| 2026-05-14 2026 | npm Supply Chain Attack Targets GitHub AWS and Kubernetes Credentials news 2 min read | Library of techniques for detecting and mitigating the "Shai-Hulud: Here We Go Again" supply chain attack, which compromises npm and PyPI packages to steal GitHub Actions secrets, AWS credentials, Kubernetes service account tokens, and HashiCorp Vault access. The malware self-propagates by injecting malicious code into other packages and features a destructive dead-man's switch that wipes user files if stolen credentials are revoked. → cyberpress.org |
| 2026-05-14 2026 | AI-driven supply chain attacks expose shift in cyber threat model Beazley warns news | Analysis of AI-driven supply chain attacks highlights a new cyber threat model where attackers exploit trusted software and automation systems, moving beyond malware to focus on credential compromise and workflow exploitation. This shift, detailed by Beazley, signifies an evolving attacker methodology. Access to the full analysis requires a paid subscription or a free trial. |
| 2026-05-14 2026 | TeamPCP and BreachForums Launch $1000 Contest for Supply Chain Attacks news 2 min read | Contest details a $1,000 competition launched by TeamPCP and BreachForums, incentivizing supply chain attacks on open-source packages like npm, PyPI, GitHub Actions, Docker images, and OpenVSX extensions. Participants utilize the Shai-Hulud tool to compromise popular libraries, with scoring based on download counts. This initiative, distinct from previous TeamPCP campaigns targeting AI, manufacturing, and finance, aims to recruit attackers and enhance visibility by gamifying the exploitation of software supply chain trust. → cyberpress.org |
| 2026-05-14 2026 | Axios breach shows why software supply chains need zero trust news 2 min read | Library for securing software supply chains, emphasizing zero-trust principles following the Axios breach. This event, where compromised maintainer accounts introduced RATs into npm packages, mirrors Business Email Compromise (BEC) attacks by exploiting trusted identities. Recommendations include enforcing phishing-resistant MFA for publishing accounts, utilizing OIDC tokens over long-lived credentials, disabling or auditing lifecycle scripts like `postinstall`, and implementing pipeline-level zero trust to isolate build environments and limit the impact of compromised dependencies. → scworld.com |
| 2026-05-14 2026 | Inside a Tor Backed Supply Chain Worm news 9 min read | Library for detecting sophisticated npm supply chain attacks, featuring the `crypto-javascri` package that mimics `crypto-js`. This malicious package harvests npm and GitHub credentials, hijacks maintainer accounts to republish trojanized packages, and deploys a Tor-based command-and-control implant. The worm targets Linux developer systems and CI/CD environments, propagating by injecting itself into legitimate packages and updating their versions. → cloudsek.com |
| 2026-05-14 2026 | Mistral AI allegedly breached by Dune-loving criminals following TanStack supply chain hit 450 repositories exposed news | Mistral AI is reportedly the latest victim of a cyberattack following the recent TanStack supply chain incident. Threat actors, described as "Dune-loving criminals," are alleged to have breached Mistral AI, exposing 450 of its repositories. This attack highlights a growing trend of supply chain compromises targeting prominent tech companies. No bounty payout amount is mentioned in the provided content. → cybernews.com |
| 2026-05-14 2026 | OpenAI Confirms No User Data Stolen in TanStack Supply-Chain Attack news | OpenAI has confirmed that no user data was compromised during a recent supply-chain attack targeting TanStack. The attack involved malicious code being injected into the `tanstack-query` package, a popular JavaScript library. While the code was designed to steal user data, OpenAI's security measures effectively detected and prevented any data exfiltration. The company emphasizes that its users' information remains secure. No bounty amount is mentioned in this content. |
| 2026-05-14 2026 | Malicious Open Source npm Packages Breach OpenAI Employee Devices - Open Source For You news 1 min read | Writeup of the "Mini Shai-Hulud" campaign, detailing how attackers compromised two OpenAI employee devices by uploading 84 malicious versions across 42 @tanstack/* npm packages. Exploiting GitHub Actions and CI/CD cache weaknesses, these packages were designed to steal GitHub tokens, cloud API keys, npm credentials, and CI/CD secrets, impacting projects from Mistral AI and UiPath. → opensourceforu.com |
| 2026-05-14 2026 | Analyzing TeamPCPs Supply Chain Attacks: Checkmarx KICS and elementary-data in CI/CD Credential Theft news 17 min read | Library analyzing TeamPCP's supply chain attacks, specifically the Checkmarx KICS and elementary-data incidents. The campaign leverages CI/CD and release workflows to steal credentials like GitHub PATs, npm tokens, and cloud secrets. Techniques include multichannel poisoning across Docker Hub, VS Code extensions, and GitHub Actions, as well as GitHub Actions script injection to produce malicious packages signed by legitimate CI, targeting ecosystems like PyPI and GHCR. → trendmicro.com |
| 2026-05-14 2026 | Shai-Hulud Malware Exposes Future Supply Chain Risks news | Shai-Hulud is a newly discovered malware that poses significant future supply chain risks. It's designed to target development environments and compromise the software supply chain. The malware operates stealthily, aiming to inject malicious code into software projects before they are distributed. This could lead to widespread infections of end-user systems. Researchers have identified Shai-Hulud as a sophisticated threat requiring immediate attention to mitigate its potential impact on software integrity and security. No bounty payout amount is mentioned in the provided content. |
| 2026-05-14 2026 | OpenAI says two employee devices hit by TanStack malware attack but no user data breached news | OpenAI reported a malware attack affecting two employee devices due to a compromised dependency, TanStack. The company stated that no user data was accessed or breached as a result of the incident. The attackers gained access to employee tools, but OpenAI confirmed their systems have been secured and a thorough investigation is underway. No bug bounty payout amount was mentioned. → cybernews.com |
| 2026-05-14 2026 | DAEMON Tools installers hacked in global supply chain attack news | DAEMON Tools installers were compromised in a global supply chain attack. Attackers inserted malicious code into the software's legitimate installers, which were then distributed to users. This allowed the attackers to gain unauthorized access to systems. The exact payout amount for any bug bounty related to this incident is not specified in the provided content. → msn.com |
| 2026-05-14 2026 | OpenAI says no user data stolen after supply-chain hackers accessed employee devices news 2 min read | Writeup detailing a supply-chain attack impacting OpenAI via the TanStack npm library. Attackers exploited GitHub Actions and CI/CD cache weaknesses to publish malicious package versions designed to exfiltrate developer credentials like GitHub tokens and API keys. While OpenAI reported unauthorized access and limited credential exfiltration from two employee devices, they found no evidence of user data, production systems, or intellectual property compromise. This incident highlights renewed concerns about open-source software security, particularly within the npm ecosystem. |
| 2026-05-14 2026 | TanStack Mistral AI UiPath targeted in major supply chain attack compromising 170 packages news 2 min read | Analysis of the "Mini Shai-Hulud" supply chain attack, which compromised over 170 npm and PyPI packages from vendors including TanStack, Mistral AI, and UiPath. This attack leveraged GitHub Actions vulnerabilities, cache poisoning, and OpenID Connect abuse to deploy a credential-stealing worm targeting Web2 and Web3 infrastructure. The worm aimed to harvest cloud and developer credentials and propagate through dependency chains. |
| 2026-05-14 2026 | TanStack Mistral AI UiPath targeted in major supply chain attack compromising 170 packages news | A significant supply chain attack has impacted over 170 software packages, affecting prominent entities like TanStack, Mistral AI, and UiPath. The incident highlights the growing vulnerability of software supply chains to malicious actors. Details on the specific exploit or the extent of the compromise were not immediately available in the provided content. The attack underscores the critical need for enhanced security measures in the development and distribution of software libraries and dependencies. |
| 2026-05-14 2026 | Worm Redux: Fresh Mini Shai-Hulud Infections Bite Supply Chain news | A new worm, dubbed "Mini Shai-Hulud" by researchers, is actively infecting the software supply chain. This malware targets developers, aiming to compromise their development environments and potentially inject malicious code into legitimate software projects. The worm's propagation methods and specific targets are still under investigation, but its presence signifies a growing threat to the integrity of software development and distribution. Organizations are advised to enhance their security protocols and vigilance against such supply chain attacks. → darkreading.com |
| 2026-05-13 2026 | RubyGems pauses new account sign-ups amid major malicious attack news | Library pause of new account registrations on RubyGems.org due to a significant malicious attack. Hundreds of packages are impacted, with some containing exploits, highlighting a growing trend of software supply chain attacks against open-source ecosystems. Mend.io is involved in securing RubyGems and will release more details once the situation is under control. This event occurs amidst an increase in attacks where threat actors compromise widely used packages to distribute malware, including credential-stealing variants. → scworld.com |
| 2026-05-13 2026 | Mass Supply-Chain Attack Slams npm and PyPi Hits Mistral AI news 5 min read | Library for securing supply chains against the "Mini Shai-Hulud" worm, which has targeted npm and PyPI packages, including those from Mistral AI. This worm autonomously spreads by stealing credentials from over 100 locations, including cloud platforms and developer tools, and can include a wiper payload. Recommendations include implementing code cooldown periods before integrating new packages, enforcing multifactor authentication, and routine key rotation to mitigate these attacks. → bankinfosecurity.com |
| 2026-05-13 2026 | Mass Supply-Chain Attack Slams npm and PyPi Hits Mistral AI news 5 min read | Library for detecting and defending against supply-chain attacks, exemplified by the Mini Shai-Hulud worm that targeted npm and PyPI packages, including those from Mistral AI and TanStack. This malware family, known for credential stealing and wiper capabilities, spreads autonomously by compromising publish tokens and includes country-aware logic. Defense strategies include implementing code cooldown periods before package integration and enforcing multifactor authentication across developer accounts. |
| 2026-05-13 2026 | Risky Bulletin: RubyGems disables sign-ups after attack on staff news 13 min read | Newsletter summarizing recent application security incidents, including the RubyGems supply chain attack involving malicious packages targeting developers, the TanStack framework's compromise affecting hundreds of npm libraries with a self-propagating worm, and Skoda's web store vulnerability exposing customer data. It also touches on the Nitrogen ransomware group claiming responsibility for a Foxconn hack, West Pharmaceutical experiencing a ransomware attack, and Vodafone source code leaks by Lapsus$. |
| 2026-05-13 2026 | Mistral AI and TanStack hit in supply chain attack with SLSA-attested malware news | Mistral AI and TanStack were targeted in a supply chain attack involving malware that was SLSA-attested. This means the malware's provenance was verified through SLSA (Supply-chain Levels for Software Artifacts), a framework designed to ensure the integrity of software development and distribution. The attack highlights a sophisticated method of malware deployment, leveraging trusted attestation to potentially bypass security measures and compromise users of these popular software projects. Further details on the attack's scope and impact are provided in the article. |
| 2026-05-12 2026 | Mini Shai-Hulud malware compromises open-source packages news | The Mini Shai-Hulud malware is targeting open-source packages. It's designed to steal sensitive information, including credentials and API keys, from infected systems. The malware achieves its distribution by compromising legitimate open-source projects, making it difficult to detect. Users are advised to exercise caution when updating or installing open-source software and to maintain vigilance against potential security threats. No specific bounty payout amount was mentioned in this content. → letsdatascience.com |
| 2026-05-12 2026 | Mini Shai-Hulud malware compromises hundreds of open-source packages in sprawling supply-chain attack news 4 min read | Library for detecting credential-stealing malware like "mini Shai-Hulud" that compromises open-source packages including TanStack and UiPath. This malware exploits automated software publishing, bypassing two-factor authentication and using cryptographically valid signatures. It targets cloud infrastructure like AWS, Google Cloud, and Kubernetes, stealing security keys and passwords via obfuscated payloads disguised as initialization modules. The campaign uses Bun for exfiltration via anonymous messaging and embeds itself in developer tools such as VS Code and Anthropic's Claude Code, highlighting vulnerabilities in CI/CD pipelines and developer tooling directories. → cyberscoop.com |
| 2026-05-12 2026 | Mini Shai-Hulud attack compromises hundreds of npm PyPI packages news 3 min read | Writeup of the Mini Shai-Hulud supply chain attack, which exploited OpenID Connect (OIDC) tokens to compromise hundreds of npm and PyPI packages, including TanStack, Mistral AI, Guardrails AI, UiPath, and OpenSearch. This technique bypasses SLSA Build Level 3 attestations and static scanning by weaponizing trust and executing payloads via the Bun runtime, enabling credential theft from developer environments and CI/CD pipelines. Remediation involves identifying and rotating compromised credentials. → scworld.com |
| 2026-05-12 2026 | Mistral AI SDK TanStack Router hit in npm software supply chain attack news 3 min read | Writeup of a software supply chain attack targeting numerous npm and PyPI packages, including Mistral AI's SDK and the TanStack Router ecosystem. The TeamPCP threat group exploited GitHub Actions weaknesses and maintainer misconfigurations, leveraging the Mini Shai-Hulud malware to steal developer credentials and install a destructive 'dead man's switch' component. The attack highlights vulnerabilities in implicit trust within software usage networks and affects hundreds of packages, potentially compromising enterprise credentials. → csoonline.com |
| 2026-05-12 2026 | Shai-Hulud Here We Go Again: 170 Packages Hit Across npm & PyPi news 4 min read | Library for detecting and mitigating the "Shai-Hulud: Here We Go Again" malware, which targets npm and PyPi. This self-propagating credential-stealing malware has affected over 170 packages, including those from Mistral AI, OpenSearch Project, and TanStack, impacting hundreds of millions of downloads. The variant includes token monitoring and a machine wipe function triggered upon token revocation, and exfiltrates stolen credentials to GitHub repositories. Immediate actions recommended include rotating keys, enabling 2FA, and downgrading affected packages. → ox.security |
| 2026-05-12 2026 | TanStack npm Packages Hit by Mini Shai-Hulud news 12 min read | Library compromised by the Mini Shai-Hulud supply chain attack impacting @tanstack npm packages, leading to the publication of 84 malicious artifacts. This incident, attributed to TeamPCP, marks the first documented case of malicious npm packages possessing valid SLSA provenance, achieved by hijacking the legitimate release pipeline via a `pull_request_target` vulnerability, cache poisoning, and OIDC token extraction. Affected packages include `@tanstack/react-router`, with remediation involving treating affected install environments as compromised and rotating secrets. → snyk.io |
| 2026-05-12 2026 | RubyGems Suspends New Signups After Hundreds of Malicious Packages Are Uploaded news | Writeup detailing the recent suspension of new signups by RubyGems, the Ruby programming language's standard package manager, due to a "major malicious attack." Hundreds of malicious packages were uploaded, some containing exploits. This incident highlights the rising threat of software supply chain attacks against open-source ecosystems, with threat actors like TeamPCP compromising popular packages to distribute credential-stealing malware. Mend.io, securing RubyGems, intends to release further details once the incident is contained. → thehackernews.com |
| 2026-05-12 2026 | SailPoint Discloses GitHub Repository Hack news 1 min read | Writeup of SailPoint's GitHub repository hack, occurring April 20th, resulted from a third-party application vulnerability. SailPoint contained the incident swiftly, with a cybersecurity firm's investigation finding no evidence of production or staging data compromise or service interruption. Affected customers in the accessed repositories were notified, with no further action currently required. The specific vulnerability and threat actor remain undisclosed, with no confirmed link to TeamPCP. → securityweek.com |
| 2026-05-12 2026 | Compromised Mistral AI and TanStack packages may have exposed GitHub cloud and CI/CD credentials in 'mini Shai Hulud' malware infection supply-chain campaign spreads across npm and AI developer ecosystems like wildfire news 3 min read | Analysis of the "Mini Shai-Hulud" campaign reveals compromised Mistral AI and TanStack packages on npm and PyPI. Version 2.4.6 of the mistralai PyPI package injected malicious code that executed on import, downloading a credential-stealing payload disguised as transformers.pyz. Affected TanStack packages include @tanstack/react-router, @tanstack/history, and @tanstack/router-core. Developers are urged to rotate GitHub tokens, npm credentials, and CI/CD secrets due to the potential exposure of cloud and CI/CD credentials. |
| 2026-05-12 2026 | How AICanDetect Lateral Movement in Supply Chain Attacks intermediate | This content likely discusses how Artificial Intelligence (AI) can be employed to identify lateral movement within supply chain attacks. Lateral movement is a critical phase where attackers expand their access within a compromised network. AI's capabilities in analyzing large datasets and detecting anomalous patterns would be key to spotting these advanced persistent threats. The focus is on leveraging AI to enhance security defenses against sophisticated attacks that exploit the interconnectedness of supply chains. → securityboulevard.com |
| 2026-05-12 2026 | TanStack Mistral AI UiPath Hit in Fresh Supply Chain Attack news 5 min read | Library that authors of the Mini Shai-Hulud supply chain attack compromised to steal developer credentials, API keys, and secrets. The attack targeted over 170 packages across NPM and PyPI, including TanStack, Mistral AI, and UiPath. Attackers exploited vulnerabilities in GitHub Actions OIDC tokens and cache poisoning to publish malicious packages with forged SLSA provenance, making them appear legitimate. The malware harvested sensitive data through multiple exfiltration channels, including a decentralized Session network. → securityweek.com |
| 2026-05-12 2026 | Hundreds of open source packages hacked: Im just not gonna run npm install anymore news | Hundreds of open source packages hacked: “I’m just not gonna run npm install anymore” https://ift.tt/rDlQGUa → cybernews.com |
| 2026-05-12 2026 | Checkmarx Jenkins AST Plugin Compromised in KICS Supply Chain Attack news 3 min read | Library for detecting and mitigating the Checkmarx Jenkins AST plugin compromise, a supply chain attack attributed to TeamPCP. This compromise involved a malicious version 2026.5.09 being pushed to the Jenkins Marketplace, affecting KICS/Trivy linked ecosystems. The attack leveraged CI/CD credential theft to pivot into downstream software publishers, with the primary objective of exfiltrating secrets from CI/CD runners. Users are advised to revert to version 2.0.13-829.vc72453fa_1c16 or earlier. → gbhackers.com |
| 2026-05-12 2026 | Claude Code MCP Attack Enables Persistent Token Theft intermediate 4 min read | Analysis of a Claude Code MCP attack reveals a sophisticated MitM technique that abuses integrations to steal OAuth tokens, enabling persistent access to connected SaaS platforms. The attack leverages malicious npm postinstall hooks to silently rewrite the `~/.claude.json` configuration file, redirecting traffic through attacker-controlled proxies. This method is difficult to detect as compromised OAuth sessions appear legitimate in audit logs and token rotation alone is insufficient. Organizations should implement layered controls focusing on configuration monitoring, OAuth security, and software supply chain governance. → esecurityplanet.com |
| 2026-05-11 2026 | JDownloader website compromised to distribute malicious installers news 1 min read | Library for detecting supply chain attacks; this entry details a compromise of the JDownloader website where attackers used an unpatched CMS vulnerability to distribute malicious Windows and Linux installers. The Windows payload deployed a Python RAT, while the Linux installer injected code to establish persistence. JDownloader confirmed the breach, advising users to verify digital signatures for "AppWork GmbH" and recommending OS reinstallation for affected individuals. → scworld.com |
| 2026-05-11 2026 | AI Is Reshaping Software Supply Chain Risk beginner 3 min read | Analysis of AI's impact on software supply chain security highlights expanding attack surfaces due to AI-assisted development, with 84% of developers using AI tools. Traditional security controls like EDR and MDM lack visibility into AI integrations, browser extensions, and package managers. This leads to increased risk from malicious open-source packages, with Aikido Intel identifying up to 100,000 daily. Organizations require real-time visibility and install-time controls for developer tooling, as compromised workstations grant attackers trusted access to repositories and credentials. → esecurityplanet.com |
| 2026-05-11 2026 | TeamPCP Compromises Checkmarx Jenkins AST Plugin Weeks After KICS Supply Chain Attack news 1 min read | Writeup of TeamPCP's compromise of the Checkmarx Jenkins AST plugin, occurring weeks after their KICS supply chain attack. This incident highlights the exploitation of software supply chain trust and the potential for incomplete remediation, as evidenced by the defaced GitHub repository and malicious updates to the plugin. The ongoing attacks by TeamPCP underscore the persistent threat to developer tools and credentials. → thehackernews.com |
| 2026-05-11 2026 | Build Application Firewalls Aim to Stop the Next Supply Chain Attack beginner 4 min read | Library from InvisiRisk, a build application firewall (BAF), enforces policy during the CI/CD build process by inspecting package activity rather than solely scanning code. This approach aims to prevent supply chain attacks, such as those involving the SolarWinds breach or hijacked npm libraries like Axios, by detecting unexpected or malicious actions within the build environment. The BAF, along with InvisiRisk's TruSBOM tool, provides detailed explanations for risky actions and generates accurate SBOMs by directly observing the software build process, offering a robust defense against evolving threats. → securityweek.com |
| 2026-05-11 2026 | Checkmarx Jenkins AST Plugin Compromised in Supply Chain Attack news 1 min read | Plugin version 2.0.13-829.vc72453fa_1c16 of the Checkmarx Jenkins AST plugin is the secure version, after a malicious iteration was published to the Jenkins Marketplace. This compromise, attributed to the TeamPCP hacker gang and potentially the Lapsus$ extortion group, stems from a wider supply chain attack impacting Checkmarx's repositories since March, following a Trivy supply chain incident. → securityweek.com |
| 2026-05-11 2026 | Checkmarx tackles another TeamPCP intrusion as Jenkins plugin sabotaged news 4 min read | Analysis of a TeamPCP intrusion targeting a Jenkins plugin, highlighting the evolving landscape of supply chain attacks. This incident underscores the risks associated with untrusted agentic development layers and the growing threat of AI agent skills being exploited for malicious purposes, mirroring concerns around identity-based cyber resilience and the black market for compromised identities. → theregister.com |
| 2026-05-11 2026 | Malicious Hugging Face model masquerading as OpenAI release hits 244K downloads news 4 min read | Library of techniques for defending against malicious Hugging Face models masquerading as legitimate OpenAI releases. This incident highlights the emerging threat of AI repositories as a software supply chain attack vector, with one model, Open-OSS/privacy-filter, reaching 244,000 downloads before removal. The attack involved a malicious loader.py script that delivered infostealer malware targeting browser credentials, cryptocurrency wallets, and system information, bypassing traditional security controls and suggesting links to npm typosquatting and PyPI campaigns. → csoonline.com |
| 2026-05-11 2026 | Checkmarx tackles another TeamPCP intrusion as Jenkins plugin sabotaged news 4 min read | Library that detects and mitigates supply chain attacks targeting CI/CD pipelines, as demonstrated by Checkmarx's response to an intrusion involving a sabotaged Jenkins plugin used by TeamPCP. The article highlights the increasing risks associated with untrusted agentic development layers and the potential for AI agent skills to be exploited for supply chain compromise. → theregister.com |
| 2026-05-11 2026 | Responsible for Systems You Cant See: A C-Suite Guide to AI Supply Chain Risk beginner 4 min read | Guide for C-suites on AI supply chain risk, highlighting attacks on LiteLLM and axios, which exploited trusted open-source workflows. It emphasizes that AI expands and obscures the attack surface, making executives accountable for systems and dependencies they cannot fully see, audit, or control, necessitating a shift to ecosystem security and continuous dependency monitoring rather than assuming trust. |
| 2026-05-10 2026 | Supply Chain Attack: Fake OpenAI Repository on Hugging Face Distributes Infostealer Malware Targeting Developers and AI Tools news 4 min read | Library of techniques detailing a supply chain attack involving a fake OpenAI repository on Hugging Face that distributed an infostealer malware. The malware targeted developers by exfiltrating credentials, session tokens, and cryptocurrency wallets from Chromium and Gecko browsers, Discord tokens, and local files. The attack leveraged typosquatting, social engineering, and evasion tactics like disabling SSL verification and checking for VMs, mapping to MITRE ATT&CK techniques such as T1566 (Phishing) and T1555 (Credentials from Password Stores). → rescana.com |
| 2026-05-10 2026 | Official JDownloader site served malware to Windows and Linux users between May 6 and May 7 news 3 min read | Writeup of a supply chain attack on the JDownloader official website, which occurred between May 6 and May 7, 2026. Attackers compromised the site's content management system, altering download links to serve malware instead of legitimate Windows "Alternative Installer" and Linux shell installers. The deployed malware was a Python-based remote access trojan (RAT). Legitimate installers were digitally signed by "AppWork GmbH," while malicious ones were unsigned or signed by suspicious entities like "Zipline LLC" or "The Water Team." The website was taken offline for investigation and remediation, with correct installer links restored. → securityaffairs.com |
| 2026-05-09 2026 | Supply-Chain Attacks in an Era of Automation and Implicit Trust intermediate 7 min read | Analysis of 2026 supply-chain threats, including the Axios compromise and the Trivy campaign, details how attackers exploit trust in automation and developer systems. The Axios incident involved a compromised npm maintainer account leading to RAT distribution via a malicious dependency, impacting numerous production environments. The Trivy attack leveraged credentials to inject malicious artifacts into CI automation, release binaries, and container images, resulting in secret exfiltration. Additionally, the Quest KACE System Management Appliance vulnerability (CVE-2025-32975) demonstrates how unpatched legacy infrastructure becomes a supply-chain risk. |
| 2026-05-08 2026 | DAEMON Tools devs confirm breach release malware-free version news 3 min read | Writeup of DAEMON Tools supply chain attack confirming trojanized installers for version 12.5.1 (free). Hackers used digitally signed installers to backdoor systems, deploying an information stealer and a lightweight backdoor, with QUIC RAT malware observed in at least one instance. Disc Soft Limited released a malware-free version, 12.6, addressing the vulnerability. → bleepingcomputer.com |
| 2026-05-08 2026 | Quasar Linux RAT Steals Developer Credentials for Software Supply Chain Compromise intermediate 2 min read | Library targeting developers' systems with the Quasar Linux RAT (QLNX) implants, a malware designed for credential harvesting from files like .npmrc, .pypirc, and .aws/credentials. QLNX masquerades as a kernel thread, wipes logs, and uses seven persistence methods including systemd and crontab. It features a PAM inline-hook backdoor and a kernel-level eBPF rootkit component to hide processes, files, and network ports, ultimately facilitating software supply chain attacks by compromising publishing pipelines and cloud infrastructure. → thehackernews.com |
| 2026-05-08 2026 | Kaspersky uncovers targeted DAEMON Tools supply chain attack affecting manufacturing government sectors news 4 min read | Writeup of a targeted DAEMON Tools supply chain attack where trojanized installers, signed with legitimate developer certificates, deployed backdoors to select government, manufacturing, and scientific organizations. The attack, active since April 8, 2026, used a typosquatted domain and involved sophisticated techniques comparable to the 3CX supply chain incident, highlighting the risks of widely trusted software for attackers. |
| 2026-05-07 2026 | Supply chain security on alert as M&A targets agent security beginner 3 min read | Library for mitigating supply chain security risks, particularly those amplified by AI. It addresses threats exemplified by the Axios NPM package tampering and trojanized Daemon Tools installers. The library offers solutions and insights relevant to the increasing M&A activity in agent security, such as Cisco's acquisition of Astrix Security and Palo Alto Networks' acquisition of Portkey. It also provides context for OpenAI's GPT-5.5 Cyber and Anthropic's Mythos, noting their capabilities in vulnerability discovery and potential for misuse, alongside Cisco's open-source Model Provenance Kit for AI model verification. |
| 2026-05-07 2026 | Vendor Says Daemon Tools Supply Chain Attack Contained news 2 min read | Analysis of the Daemon Tools supply chain attack details how threat actors injected trojanized versions of Daemon Tools Lite (specifically version 12.5.1) released between April 8 and May 5 with code to collect information and deploy backdoors. Disc Soft has since contained the incident, removed compromised files, and released a clean version (12.6.0.2445), advising users to uninstall the affected software and scan their systems. → securityweek.com |
| 2026-05-07 2026 | Gemini CLI Vulnerability Could Have Led to Code Execution Supply Chain Attack news 1 min read | Vulnerability analysis of Gemini CLI identified a critical flaw (CVSS 10/10) that could enable supply chain attacks. Exploiting indirect prompts in GitHub issues, attackers could bypass tool allowlists in –yolo mode, leading to arbitrary command execution. This allows for the extraction of secrets, gaining write access to repositories, and pushing malicious code to downstream users. The issue, affecting multiple Google repositories and also impacting headless mode via lax trust, was patched in Gemini CLI version 0.39.1. → securityweek.com |
| 2026-05-07 2026 | Disc Soft confirms DAEMON Tools Lite supply chain attack exposed thousands of systems worldwide news | Disc Soft has confirmed a supply chain attack targeting DAEMON Tools Lite, a popular disk imaging software. This attack, which exploited a vulnerability in the software's update mechanism, exposed thousands of systems globally. Attackers were able to distribute malware disguised as legitimate software updates. The exact number of affected users and the potential for further exploitation remain under investigation. No bug bounty payout amount was mentioned. |
| 2026-05-06 2026 | DAEMON Tools installers compromised in new supply chain attack news 1 min read | Library for analyzing supply chain attacks, this entry details a compromise of DAEMON Tools installers. Attackers trojanized DTHelper.exe, DiscSoftBusServiceLite.exe, and DTShellHlp.exe, distributing malicious payloads signed with valid certificates. The implant communicates with env-check.daemontools[.]cc to download and execute further payloads like envchk.exe and cdg.exe, enabling a minimalist backdoor for remote command execution. The attack, active since April 8, 2026, targeted organizations in Russia, Belarus, and Thailand, with QUIC RAT observed against a Russian educational institution. → scworld.com |
| 2026-05-06 2026 | Remember DAEMON Tools? It Was Hacked to Serve Windows Malware news 4 min read | Writeup on the DAEMON Tools supply chain attack, detailing how a hacker compromised versions 12.5.0.2421 through 12.5.0.2434 distributed from daemon-tools.cc. The attack involved injecting backdoors into installers, impacting thousands of users globally across various sectors, including retail, scientific, and government organizations, with evidence pointing to a Chinese-speaking threat actor. |
| 2026-05-06 2026 | Invisible Supply Chain Attack Risks and Trusted Access beginner 5 min read | Library for detecting invisible supply chain attacks that weaponize trust in browsers, third-party services, and user behavior, bypassing traditional defenses by leveraging legitimate access paths. It details techniques like phishing pages requesting device permissions, QR code-based quishing, and adversary-in-the-middle attacks to intercept credentials and MFA codes, emphasizing the need for strict permission governance, behavioral monitoring, and Zero Trust architectures. |
| 2026-05-06 2026 | Malware Brief: Air gaps breached CPUs hijacked and supplychain chaos news 3 min read | Analysis of APT37's Ruby Jumper, FAUX#ELEVATE cryptominer, and CanisterWorm supply-chain malware reveals attackers targeting air-gapped systems via removable media and cloud services, distributing illicit Monero miners through weaponized résumés, and automating propagation across open-source packages and CI/CD pipelines. These threats exploit assumed trust in isolation models, business workflows, and software supply chains, reducing defender reaction time and increasing blast radius. |
| 2026-05-06 2026 | Critical DAEMON Tools Supply Chain Attack: Malware-Compromised Windows Installers Threaten Organizations and Home Users (Versions 12.5.0.242112.5.0.2434) news 5 min read | Writeup detailing a critical supply chain attack on DAEMON Tools Windows installers (versions 12.5.0.2421-12.5.0.2434), which distributed malware via trojanized executables signed with a legitimate AVB Disc Soft certificate. The malware, including an info-gatherer, backdoor, and QUIC RAT, exfiltrates system data and deploys advanced implants to targeted organizations and home users, leveraging MITRE ATT&CK techniques like T1195.002 (Supply Chain Compromise) and T1553.002 (Code Signing). → rescana.com |
| 2026-05-06 2026 | Video game supply chain attack Bleeding Llama US gets early LLM access news | The provided content is a title and a link, with no descriptive text. Therefore, it's impossible to summarize it beyond stating its title: "Video game supply chain attack Bleeding Llama US gets early LLM access". No bug bounty payout amounts are mentioned. |
| 2026-05-06 2026 | Attackers compromised Daemon Tools software to deliver backdoors news 2 min read | Analysis of a supply chain attack where attackers compromised Daemon Tools, a popular Windows utility, to deliver backdoors. Signed, trojanized installers served from the official website (versions 12.5.0.2421-12.5.0.2434) downloaded a .NET information collector. This collector gathered system details for targeted deployment of payloads like a minimalistic backdoor and QUIC RAT, capable of injecting into legitimate processes. The attack leveraged legitimate digital certificates, making malicious binaries appear trustworthy. → helpnetsecurity.com |
| 2026-05-06 2026 | Hackers compromise Daemon Tools in global supply-chain attack researchers say news 2 min read | Library installers for Daemon Tools were compromised in a global supply-chain attack, impacting users in over 100 countries. Attackers embedded backdoors, including Quic RAT, into versions 12.5.0.2421 through 12.5.0.2434 of the free Daemon Tools Lite, observed since early April. The campaign appears targeted, with initial data collectors deployed broadly and more advanced payloads reserved for specific organizations. Disc Soft has addressed the issue, recommending users update to the latest version. → therecord.media |
| 2026-05-06 2026 | Daemon Tools Hit by Suspected Chinese Supply Chain Attack Kaspersky Says news | Kaspersky reports that Daemon Tools, a popular file management software, has been targeted in a suspected Chinese supply chain attack. The attackers reportedly injected malicious code into the software's update mechanism, allowing them to gain access to user systems. Further details on the scope of the compromise and any specific payout amounts were not provided in this content. |
| 2026-05-06 2026 | Sophisticated Quasar Linux RAT Campaign Targets Software Developers in Supply Chain Attacks news 1 min read | Analysis of the Quasar Linux RAT (QLNX) campaign targeting software developers via supply chain attacks. This sophisticated Linux-based malware aims to steal credentials, maintain remote access, and facilitate large-scale supply chain compromises. The campaign is linked to trojanized software installers, including compromised Daemon Tools, distributing backdoors globally. Attackers use staged deployment, selectively targeting high-value organizations after initial broad infection, with potential cyberespionage motives. Compromising developer environments grants access to source code, signing keys, and CI/CD pipelines, enabling downstream attacks. → cxodigitalpulse.com |
| 2026-05-06 2026 | QLNX Threat Actors Steal Developer Credentials For Supply Chain Attacks news 2 min read | Library that implements Quasar Linux (QLNX) capabilities, a sophisticated Linux remote access trojan targeting developers. QLNX's fileless execution, process spoofing, and credential harvesting—specifically targeting `.npmrc`, `.pypirc`, `.git-credentials`, `.aws/credentials`, `.kube/config`, and `.env` files—facilitate supply chain attacks. It also utilizes a malicious PAM module for password interception and incorporates peer-to-peer networking for resilience. → cyberpress.org |
| 2026-05-06 2026 | Sophisticated Quasar Linux RAT Targets Software Developers news 2 min read | Analysis of Quasar Linux (QLNX), a sophisticated backdoor targeting software developers. QLNX employs a modular architecture with rootkit capabilities, detection evasion, and multiple persistence methods including crontab, desktop entries, init scripts, service files, and shell lines. It focuses on stealing developer credentials for AWS, Kubernetes, Docker Hub, Git, NPM, and PyPI, enabling attackers to compromise publishing pipelines and pivot to cloud environments. The RAT uses a PAM backdoor and an eBPF rootkit to conceal its presence at both userspace and kernel levels, while supporting 58 commands for comprehensive system control and information harvesting. → securityweek.com |
| 2026-05-06 2026 | DAEMON TOOLS supply chain attack ongoing since April thousands affected news 2 min read | Library containing information on the DAEMON Tools supply chain attack, which began in April 2026. Attackers compromised legitimate installers and signed binaries with valid certificates, embedding backdoors into components like DTHelper.exe and DiscSoftBusServiceLite.exe. The campaign delivered information-stealing payloads, and in some cases, advanced implants like QUIC RAT, targeting government, manufacturing, scientific research, and retail sectors across over 100 countries. Kaspersky detects malicious activity including suspicious PowerShell downloads and code injection. |
| 2026-05-06 2026 | Android Apps Get Public Verification System to Stop Supply Chain Attacks beginner 2 min read | Library for public verification of Android apps, expanding Google's Binary Transparency initiative to combat supply chain attacks. This system creates a public, cryptographically verifiable ledger of software metadata, ensuring apps on devices match intended builds, akin to Certificate Transparency for SSL/TLS. The effort aims to prevent malicious code injection through compromised update channels, as seen in recent DAEMON Tools backdoor attacks, by providing a "certificate of intent" beyond just digital signatures. Verification tooling will be available for users and researchers to confirm software authenticity. → thehackernews.com |
| 2026-05-06 2026 | Government Scientific Entities Hit via Daemon Tools Supply Chain Attack news 2 min read | Library containing injected code in Daemon Tools versions 12.5.0.2421 through 12.5.0.2434 has been identified as part of a supply chain attack affecting government, scientific, and other organizations. The compromised binaries, including DTHelper.exe, DiscSoftBusServiceLite.exe, and DTShellHlp.exe, activate a backdoor that fetches and executes payloads, with targeted deployments of information collectors and the QUIC RAT observed. → securityweek.com |
| 2026-05-06 2026 | Kaspersky Links Suspected Chinese Hackers to Backdoor Planted in Daemon Tools Supply Chain Attack news 1 min read | Analysis of a Daemon Tools supply chain attack, attributed to a Chinese-speaking threat actor, where malicious backdoors were implanted in official installers via compromised digital certificates. This sophisticated operation, affecting versions 12.5.0.2421 onward since April 8, 2026, leveraged Daemon Tools' elevated permissions to establish deep system persistence and deploy remote-control malware, resulting in thousands of global infection attempts targeting various sectors including government and industrial operations. → cxodigitalpulse.com |
| 2026-05-06 2026 | Extremely targeted supply chain attack hits DAEMON Tools news 13 min read | Library for detecting and analyzing supply chain attacks, exemplified by the compromise of DAEMON Tools installers, which included a backdoor and a second-stage QUIC RAT payload. This incident, similar to past attacks on Notepad++ and CCleaner, highlights the targeting of high-value systems by Chinese-speaking threat actors for espionage. The library helps in identifying system data collection, remote server uploads, and targeted second-stage payload deployment. |
| 2026-05-06 2026 | North Korean hackers trojanize gaming platform to spy on ethnic Koreans in China news 2 min read | Analysis of ScarCruft's supply chain attack targeting ethnic Koreans in China. North Korean threat actors trojanized the sqgame gaming platform, distributing backdoored Windows and Android software. The Windows variant utilized a patched mono.dll to deliver the RokRAT backdoor and BirdCall implant, while Android versions repackaged games with malicious code to exfiltrate data, targeting HWP files specifically. C2 communication leveraged Zoho WorkDrive accounts. → helpnetsecurity.com |
| 2026-05-06 2026 | Supply-Chain Attacks in an Era of Automation and Implicit Trust beginner 7 min read | Library detailing software supply-chain attacks in 2026, focusing on how attackers abuse trusted automation and identity. It examines incidents like the Axios compromise and Trivy campaign, where compromised package maintainers and CI/CD automation led to widespread malicious dependencies and credential exfiltration. The resource also highlights the exploitation of legacy management systems, such as Quest KACE using CVE-2025-32975, emphasizing how attackers leverage inherent trust in these tools to gain entry. |
| 2026-05-05 2026 | Bootstrap script exposes PyPI to domain takeover attacks news 8 min read Python | Library exposing PyPI packages to domain takeover vulnerabilities, discovered in legacy bootstrap scripts for tools like zc.buildout and older Python packaging utilities. These scripts, when executed, attempt to download and install the `distribute` package from `python-distribute[.]org`, a domain now available for sale. This vulnerability affects numerous popular packages, including `tornado` and `slapos.core`, potentially allowing attackers to compromise systems by controlling the abandoned domain and serving malicious code. → reversinglabs.com |
| 2026-05-05 2026 | Progress Software warns of critical MOVEit Automation vulnerability news | Advisory regarding CVE-2026-4670, a critical authentication bypass vulnerability in Progress Software's MOVEit Automation, enabling unauthenticated remote access. The alert also addresses CVE-2026-5174, a high-severity privilege escalation flaw. Over 1,400 instances are exposed online, with potential impact on government agencies. While no exploitation is reported yet, previous MOVEit vulnerabilities have been widely exploited by groups like Clop. → scworld.com |
| 2026-05-05 2026 | Supply-chain attacks take aim at your AI coding agents news 6 min read AI | Library for defending against AI coding agent supply-chain attacks. This library addresses the threat of malicious packages, like those used by North Korea's Famous Chollima APT in the PromptMink campaign, which leverage LLM Optimization and knowledge injection to trick autonomous coding agents into incorporating compromised dependencies. It also targets "slopsquatting," where agents hallucinate package names, making them vulnerable to similarly named malicious replacements. → csoonline.com |
| 2026-05-05 2026 | DAEMON Tools Breach Used to Spread Malware in Supply Chain Attack news 2 min read | Writeup detailing a supply chain attack involving trojanized DAEMON Tools installers, signed with legitimate certificates. Attackers compromised core binaries like DTHelper.exe, DiscSoftBusServiceLite.exe, and DTShellHlp.exe to deploy a three-stage payload chain: an information collector (envchk.exe), a minimalistic backdoor (cdg.exe), and a sophisticated QUIC RAT implant. The attack leverages typosquatted domains like env-check.daemontools[.]cc and malicious IPs such as 38.180.107[.]76, impacting thousands of users and dozens of organizations globally. → cyberpress.org |
| 2026-05-05 2026 | Widely used Daemon Tools disk app backdoored in monthlong supply-chain attack news 2 min read | Writeup on the Daemon Tools supply-chain attack, detailing a monthlong compromise where malicious updates signed with official certificates infected versions 12.5.0.2421 through 12.5.0.2434. The malware, discovered by Kaspersky, exfiltrates system information and delivers follow-on payloads to select targets. This incident mirrors previous supply-chain attacks like CCleaner (2017), SolarWinds (2020), and 3CX (2023), highlighting the difficulty in defending against sophisticated, officially distributed compromises. → arstechnica.com |
| 2026-05-05 2026 | Kaspersky suspects Chinese hackers planted a backdoor into Daemon Tools in 'widespread' attack news 2 min read | Writeup on a widespread supply chain attack where Chinese-linked hackers planted a backdoor in Daemon Tools, targeting thousands of Windows computers. This backdoor allowed the attackers to deploy additional malware on systems in the retail, scientific, manufacturing, and government sectors in Russia, Belarus, and Thailand. The attack, detected April 8th, remains active and highlights the growing trend of compromising popular software to distribute malicious code. → techcrunch.com |
| 2026-05-05 2026 | DAEMON Tools trojanized in supply-chain attack to deploy backdoor news 2 min read | Writeup detailing a supply-chain attack that trojanized DAEMON Tools installers, versions 12.5.0.2421 through 12.5.0.2434, delivering a backdoor to thousands of systems globally since April 8. The attack compromised DTHelper.exe, DiscSoftBusServiceLite.exe, and DTShellHlp.exe, leading to initial infections and targeted deployments of a lightweight backdoor and, in one instance, the QUIC RAT, to high-value targets in retail, scientific, government, and manufacturing sectors across Russia, Belarus, and Thailand. → bleepingcomputer.com |
| 2026-05-05 2026 | Quasar Linux (QLNX) A Silent Foothold in the Supply Chain: Inside a Full-Featured Linux RAT With Rootkit PAM Backdoor Credential Harvesting Capabilities intermediate 20 min read | Library for analyzing Quasar Linux (QLNX), a sophisticated Linux RAT with low detection rates, featuring a rootkit, PAM backdoor, and credential harvesting capabilities. QLNX targets developers and DevOps credentials in the software supply chain, extracting secrets from files like .npmrc, .pypirc, and .aws/credentials. It uses dynamic compilation of PAM modules and LD_PRELOAD rootkits, and employs P2P mesh networking for resilience, making eradication difficult. → trendmicro.com |
| 2026-05-05 2026 | New ScarCruft Supply Chain Attack Hits Gaming Platform With Windows and Android Backdoors news 3 min read | Writeup detailing ScarCruft's supply chain attack on the sqgame platform, compromising Windows and Android versions with BirdCall and RokRAT backdoors. The attack, active since late 2024, targeted ethnic Koreans in China's Yanbian region, exploiting trojanized game packages and malicious update packages to exfiltrate personal data, contacts, and files via Zoho WorkDrive accounts. The analysis highlights the Android BirdCall backdoor's functionality, including silent operation, data collection, and microphone/screenshot capabilities, alongside the Windows RokRAT downloader. → cybersecuritynews.com |
| 2026-05-05 2026 | A rigged game: ScarCruft compromises gaming platform in a supply-chain attack news 10 min read | Library by ESET researchers detailing a ScarCruft supply-chain attack targeting a gaming platform used by ethnic Koreans in China. The Windows client was compromised via a trojanized update containing the RokRAT backdoor, which deployed the BirdCall backdoor. Android games on the platform were also trojanized with an Android version of BirdCall, a new tool for ScarCruft, capable of espionage including data exfiltration, screenshots, and audio recording. |
| 2026-05-05 2026 | Supply chain attacks now make the budget case CISOs never could news 2 min read | Perspective on supply chain attacks illustrating the budget case for application security. The piece highlights TeamPCP's exploitation of tools like Trivy, Checkmarx, and the LiteLLM library, leading to significant breaches impacting over 23,000 repositories and a $1.4 billion hack. It emphasizes the costly consequences of compromised pipelines, where attackers operate with internal permissions, and suggests mitigation strategies such as runtime monitoring, short-lived credential management, and integrity verification. → scworld.com |
| 2026-05-05 2026 | DAEMON Tools Supply Chain Attack Compromises Official Installers with Malware news 5 min read | Writeup on the DAEMON Tools supply chain attack, where official Windows installers (versions 12.5.0.2421-12.5.0.2434) were trojanized with malware. Compromised binaries like DTHelper.exe launched an implant that fetched shell commands from "env-check.daemontools[.]cc." Payloads included envchk.exe for system info gathering and cdg.exe with cdg.tmp, leading to a backdoor and QUIC RAT. The attack impacted thousands globally, with targeted delivery to a dozen hosts across various sectors. AVB Disc Soft released version 12.6.0.2445 to fix the issue. → thehackernews.com |
| 2026-05-05 2026 | Kaspersky identifies ongoing supply chain attack on official Daemon Tools website distributing backdoor malware news 4 min read | Analysis of a supply chain attack targeting Daemon Tools, which distributed backdoor malware via compromised installers disguised with valid digital certificates. The attack, affecting versions 12.5.0.2421 and later, granted threat actors arbitrary command execution and remote control capabilities by leveraging the software's elevated system privileges. Some targeted organizations also saw manual deployment of additional payloads like shellcode injectors and unknown RATs, with Chinese-language artifacts observed. |
| 2026-05-05 2026 | DAEMON Tools Software Hacked to Deliver Malware in a Supply Chain Attack news 3 min read | Writeup of the DAEMON Tools supply chain attack, where trojanized installers (versions 12.5.0.2421-12.5.0.2434) signed with valid certificates delivered malware. The attack chain involves compromised binaries like DTHelper.exe, leading to a backdoor that uses PowerShell to download an information collector. Targeted secondary payloads, including the QUIC RAT backdoor, were deployed to high-value targets in government, scientific, manufacturing, and retail sectors. Indicators of compromise include SHA1 hash 2d4eb55b01f59c62c6de9aacba9b47267d398fe4 and the malicious domain env-check.daemontools[.]cc. → cybersecuritynews.com |
| 2026-05-05 2026 | Supply chain attack via DAEMON Tools news 2 min read | Writeup detailing a supply chain attack via DAEMON Tools, where attackers injected malicious code into installers for versions 12.5.0.2421 through 12.5.0.2434, specifically compromising DTHelper.exe, DiscSoftBusServiceLite.exe, and DTShellHlp.exe. This compromise led to the deployment of information gatherers, a backdoor, and the QUIC RAT implant, targeting thousands of users globally since April 8, 2026. |
| 2026-05-05 2026 | 8.3M Downloads Compromised: Lightning & Intercom-Client Infected in Latest Shai-Hulud Attack news 4 min read | Library update: The Python package `Lightning` (versions 2.6.2, 2.6.3) and the NPM package `intercom-client` (version 7.0.4) have been compromised by a Shai-Hulud supply chain attack, stealing credentials and API keys. Affected users should rotate keys, enable 2FA, and revert `Lightning` to version 2.6.1 or lower. The malware, a Node/Bun tool, collects secrets from the environment and exfiltrates them to an obfuscated host, while also using compromised npm tokens to download, patch, and republish trojanized packages. Over 1,800 repositories with stolen developer credentials were identified on GitHub. → ox.security |
| 2026-05-05 2026 | Popular Daemon Tools utility exploited in supply chain attack news 2 min read | Writeup on the Daemon Tools supply chain attack, where trojanized installers from the official vendor website delivered a backdoor. The attack affected versions 12.5.0.2421 through 12.5.0.2434, tampering with DTHelper.exe, DiscSoftBusServiceLite.exe, and DTShellHlp.exe to establish a persistent foothold. Command-and-control communications utilized a typosquatting domain and sophisticated implants like QUIC RAT, supporting multiple protocols. This incident mirrors the 3CX attack and highlights the growing threat of supply chain compromises. → techzine.eu |
| 2026-05-05 2026 | Trellix Reveals Unauthorized Access to Source Code news 2 min read | Writeup of Trellix source code breach, highlighting how unauthorized access to security vendor code provides attackers with a roadmap to controls and detections. This incident, linked to a pattern of targeting security vendors and software supply chains, underscores the risks associated with CI/CD gaps and overtrusted build workflows, echoing recent compromises like the Trivy software supply chain attack. → infosecurity-magazine.com |
| 2026-05-05 2026 | pnpm 11 Enables Default Release-Age Guard to Curb npm Supply Chain Attacks intermediate 2 min read | Library update pnpm 11 introduces security-first defaults to mitigate supply chain attacks. It enforces a 24-hour minimum release age for new package versions, directly countering tactics used in campaigns like "Mini Shai-Hulud." The update also enables `blockExoticSubdeps` by default, preventing installations from non-standard sources like Git repositories. Furthermore, `allowBuilds` simplifies control over install-time script execution, a common vector for malicious code injection. These measures aim to disrupt common attack techniques by adding crucial delays and restrictions during dependency installation. → gbhackers.com |
| 2026-05-04 2026 | Local Guardrails for Secrets Security in the Age of AI Coding Assistants intermediate 9 min read AI Secrets | Library for local secrets security, ggshield, by GitGuardian, helps protect developer workstations from credential theft in the age of AI coding assistants. This tool scans project workspaces, dotfiles, build output, and agent folders for exposed secrets, addressing the shift in attack surface towards developer environments. It aims to provide earlier checkpoints than traditional supply chain controls, catching issues while developers are still editing files rather than after they reach remote repositories. → blog.gitguardian.com |
| 2026-05-04 2026 | Cybercriminals Abuse Tanstack Package To Target Developer Environments news 2 min read | Writeup detailing a supply chain attack where cybercriminals registered a malicious npm package named "tanstack," impersonating the legitimate TanStack project. This fake package, updated rapidly through versions 2.0.4 to 2.0.7, contained a postinstall hook that stole sensitive environment files like `.env` and `.env.local`, exfiltrating secrets such as AWS keys and API tokens via Svix webhooks. Immediate credential rotation for any exposed `.env` files is critical. → cyberpress.org |
| 2026-05-04 2026 | Tenable finds GitHub workflow flaw in Microsoft repo news | Tenable finds GitHub workflow flaw in Microsoft repo https://ift.tt/vVHJKMm |
| 2026-05-04 2026 | Tenable finds GitHub workflow flaw in Microsoft repo news | Tenable researchers discovered a critical vulnerability in a GitHub Actions workflow within a Microsoft repository. This flaw, if exploited, could have allowed for the potential compromise of code and sensitive information. Microsoft has since addressed the vulnerability, and Tenable has published details about the issue. No specific bounty payout amount was mentioned in the provided content. |
| 2026-05-02 2026 | Over 1800 Developers Impacted in Mini Shai-Hulud Supply Chain Attack Targeting SAP Lightning and Intercom news 1 min read | Writeup of the Mini Shai-Hulud supply chain attack impacting over 1,800 developers through compromised SAP npm packages, the Lightning Python library (versions 2.6.2, 2.6.3), and Intercom integrations (intercom-client versions 7.0.4, 7.0.5; intercom-php). Attributed to TeamPCP, the attack steals credentials and API keys, exfiltrating them to public GitHub repositories and scanning for cloud environments and HashiCorp Vault secrets, evolving from earlier Shai-Hulud campaigns. → cxodigitalpulse.com |
| 2026-05-02 2026 | Shai-Hulud Hits SAP: Stolen Credentials Found in 1200 GitHub Repos news 5 min read Secrets | Tool: Shai-Hulud worm variant, a Bun-based stealer, targets SAP npm packages, exfiltrating credentials, tokens, and cloud configurations. It uploads stolen data encrypted to over 1,200 public GitHub repositories, identifiable by the string "A Mini Shai-Hulud has Appeared." The malware attempts to steal secrets from developer machines, GitHub Actions environments, and cloud platforms like AWS, Azure, and GCP. Over 2.2 million monthly downloads are affected, with immediate actions including key rotation and upgrading affected packages. → ox.security |
| 2026-05-01 2026 | New software supply chain attack uses sleeper packages for credential theft and CI tampering news Secrets | Library providing insights into a new software supply chain attack campaign that uses sleeper packages, specifically malicious Ruby gems and Go modules, for credential theft and CI tampering. The attack, attributed to "BufferZoneCorp," leverages init functions within these modules to steal environment variables, SSH keys, and configuration secrets, exfiltrate data, tamper with GitHub Actions, and establish SSH persistence by adding attacker-controlled public keys. Developers are advised to remove suspicious packages and review systems for unauthorized changes. → scworld.com |
| 2026-05-01 2026 | 1800 Hit in Mini Shai-Hulud Attack on SAP Lightning Intercom news 2 min read | Writeup of the Mini Shai-Hulud supply chain attack, impacting over 1,800 developers across PyPi, NPM, and PHP ecosystems. TeamPCP's campaign injected malicious versions of SAP NPM packages, the Lightning PyPi package, and the intercom-client NPM package with information-stealing malware. The payload, disguised with the description "A Mini Shai-Hulud has Appeared," exfiltrates credentials, keys, and tokens, targeting Kubernetes environments and HashiCorp Vault secrets, utilizing GitHub commits for C&C commands. → securityweek.com |
| 2026-05-01 2026 | Supply chain attack against SAP npm packages facilitates credential theft news Secrets | Library of npm packages, including `@cap-js/db-service`, `@cap-js/postgres`, and `@cap-js/sqlite`, were found to contain credential stealers. These malicious packages, deprecated from the npm repository, utilized pre-install scripts to exfiltrate developer credentials, tokens for GitHub and npm, GitHub Actions secrets, and cloud secrets for AWS, Azure, GCP, and Kubernetes. Researchers noted similarities to previous attacks and observed a departure from earlier methods, including AES-256-CGM encryption and self-commits to accessible GitHub repositories. → scworld.com |
| 2026-05-01 2026 | SAP Faces Twin Headwinds: A Supply Chain Attack and a Bruised Share Price news 3 min read | Analysis of a sophisticated supply chain attack on SAP, where hackers compromised npm packages like the Cloud Application Programming Model and Cloud MTA Build Tool, injecting malicious scripts to steal credentials and security keys. This incident, coupled with a cautious market outlook, has led to a significant drop in SAP's share price, despite strong cloud business performance. The attack highlights the pervasive risk of open-source software infiltration, impacting investor confidence. |
| 2026-05-01 2026 | Open-source registries hit by 'Mini Shai-Hulud' supply chain attacks news 5 min read | Library targeting supply chain attacks like 'Mini Shai-Hulud', which exploits polyglot environments by compromising popular packages such as PyTorch Lightning on PyPI and Intercom on npm to steal SSH keys, GitHub Actions tokens, and cloud provider credentials from developer machines and CI/CD pipelines across Python, PHP, Ruby, and Go ecosystems. |
| 2026-05-01 2026 | Poisoning the well: AI supply chain attacks on Hugging Face and OpenClaw news 16 min read AI | Library of malicious AI skills targeting Hugging Face and ClawHub for malware delivery, including trojans, cryptominers, and AMOS stealer, leveraging indirect prompt injection and social engineering to execute encoded commands and hidden dependencies, expanding attack chains beyond initial user compromise. |
| 2026-05-01 2026 | Huntress Highlights Role in Analyzing High-Impact npm Supply Chain Attack news | Huntress played a crucial role in analyzing a significant npm supply chain attack. This attack targeted popular npm packages, demonstrating a sophisticated method of compromising software dependencies. Huntress's analysis provided critical insights into the attack's mechanics and impact, helping the security community understand and respond to this threat. The incident underscores the ongoing risks associated with software supply chains and the importance of robust security measures for package managers like npm. → tipranks.com |
| 2026-05-01 2026 | Poisoned Ruby Gems and Go Modules Exploit CI Pipelines for Credential Theft news 2 min read | Analysis of a software supply chain attack campaign utilizing sleeper Ruby gems, such as `knot-date-utils-rb` and `knot-simple-formatter`, and Go modules, including `github[.]com/BufferZoneCorp/log-core` and `github[.]com/BufferZoneCorp/go-envconfig`. These malicious packages, masquerading as legitimate libraries like `activesupport-logger` and `go-retryablehttp`, aim to steal credentials, tamper with GitHub Actions, and establish SSH persistence, exfiltrating data to Webhook[.]site. → thehackernews.com |
| 2026-05-01 2026 | Supply Chain Attack Targets GitHub Actions via Malicious Ruby Gems and Go Modules news 2 min read | Analysis of a supply chain attack targeting GitHub Actions via malicious Ruby Gems and Go modules. Threat actors leveraged deceptive packages, such as "knot-activesupport-logger" and "github[.]com/BufferZoneCorp/go-metrics-sdk," to compromise developer machines and CI pipelines by stealing SSH keys and AWS credentials, manipulating environment variables, disabling checksum verification, and establishing persistent backdoor access through SSH authorized_keys manipulation. → cyberpress.org |
| 2026-05-01 2026 | Kaspersky reveals a 37% increase in malicious packages compromising software supply chains news 3 min read | Survey of a 37% increase in malicious packages compromising software supply chains, detailing incidents involving CPU-Z, HWMonitor, Axios (versions 1.14.1 and 0.30.4), and Notepad++, with Kaspersky GReAT analysis linking some attacks to Bluenoroff's GhostCall and GhostHire campaigns. The report emphasizes the growing threat to businesses and recommends solutions like Kaspersky Open Source Software Threats Data Feed and XDR/MXDR for monitoring and threat detection. |
| 2026-05-01 2026 | Ruby Gems and Go Modules Used in Campaign Targeting GitHub Actions news 2 min read | Library detailing a sophisticated supply chain attack utilizing malicious Ruby gems and Go modules that target GitHub Actions. The attack exploits native extension builds for credential theft, scanning for secrets like SSH keys and AWS credentials, and exfiltrating data via hidden endpoints. Malicious Go modules subvert CI environments by tampering with dependency resolution, poisoning proxy settings, and disabling checksum verification. Some payloads attempt to establish persistent access by adding SSH public keys to authorized keys files. → gbhackers.com |
| 2026-05-01 2026 | The never-ending supply chain attacks worm into SAP npm packages other dev tools news 3 min read | Survey of supply chain attacks targeting SAP npm packages, highlighting vulnerabilities within development tools. The article touches upon AI agents as potential attack vectors and the broader challenges in securing development environments and managing hardware lead times. It also mentions incidents like the "Ralph Wiggum" loop impacting Claude and the economic pressures on open-source registries to implement basic security measures. → theregister.com |
| 2026-04-30 2026 | SAP npm Supply Chain Attack Targets Developer Credentials news 3 min read | Writeup of an SAP npm supply chain attack, TeamPCP group leveraging compromised @cap-js/sqlite, @cap-js/postgres, @cap-js/db-service, and mbt packages to steal developer credentials and secrets including GitHub, npm, AWS, Azure, GCP, and Kubernetes tokens via npm's preinstall script functionality and Bun JavaScript runtime. → esecurityplanet.com |
| 2026-04-30 2026 | TeamPCP Hits SAP Packages With 'Mini Shai-Hulud' Attack news | TeamPCP has developed a new attack targeting SAP applications called "Mini Shai-Hulud." This sophisticated threat leverages multiple vulnerabilities to bypass security controls and achieve remote code execution. The attack appears to be highly effective, capable of compromising SAP NetWeaver Application Server Java components. Further details on the exploit's mechanics and impact are available via the provided link. No specific bounty payout amounts were mentioned. → darkreading.com |
| 2026-04-30 2026 | SAP NPM Packages Targeted in Supply Chain Attack news 2 min read | Library of compromised SAP NPM packages, including npm mbt 1.2.48, npm @cap-js/db-service 2.10.1, npm @cap-js/postgres 2.2.2, and npm @cap-js/sqlite 2.2.2, were found to contain malicious code as part of the Mini Shai-Hulud supply chain attack. The injected preinstall script acted as a bootstrapper, fetching and executing a Bun binary that stole local credentials, GitHub/NPM tokens, and cloud secrets. The malware exfiltrated data to GitHub repositories with a specific description and included a propagation mechanism, targeting SAP CAP and Business Technology Platform workflows. The incident is attributed to TeamPCP, leveraging a shared RSA public key for encryption. → securityweek.com |
| 2026-04-30 2026 | Google's fix for critical Gemini CLI bug might break your CI/CD pipelines news 3 min read RCE | Writeup on a critical Gemini CLI bug fix from Google that may negatively impact CI/CD pipelines. The article discusses the implications of securing untrusted agentic development layers and the challenges of AI agents consuming significant API tokens. → theregister.com |
| 2026-04-30 2026 | Mini Shai-Hulud Targets SAP npm Packages With a Bun-Based Secret Stealer news 5 min read | Library detailing "Mini Shai-Hulud," a Bun-based secret stealer targeting SAP npm packages like `@cap-js/sqlite`, `@cap-js/postgres`, `@cap-js/db-service`, and `mbt`. The malware uses a `preinstall` script to download and execute a credential stealer, harvesting GitHub tokens, npm tokens, cloud secrets from AWS, Azure, GCP, and Kubernetes, and exfiltrating encrypted results via public GitHub repositories. It propagates by injecting malicious code into other packages and commits. → aikido.dev |
| 2026-04-30 2026 | PyTorch Lightning Compromised in PyPI Supply Chain Attack to Steal Credentials news 5 min read | Library compromised in a PyPI supply chain attack, pushing malicious versions 2.6.2 and 2.6.3 of PyTorch Lightning, leading to credential theft. The attack leveraged a hidden downloader and obfuscated JavaScript payload, executed automatically upon import, to harvest GitHub tokens, cloud credentials, and other secrets, with propagation techniques extending to npm packages. This incident is linked to the broader Mini Shai-Hulud campaign and threat actor TeamPCP. → thehackernews.com |
| 2026-04-30 2026 | Critical Gemini CLI Flaw Enabled Host Code Execution Supply Chain Attacks news 1 min read RCE | Writeup of the Gemini CLI vulnerability, CVE-XXXX-XXXX, detailing how a flaw in the AI agent's handling of workspace configurations allowed for host code execution. Researchers at Novee Security discovered that Gemini CLI would load agent configurations without sandboxing or review, enabling attackers to inject malicious commands. This could lead to supply chain attacks within CI/CD pipelines, allowing unauthorized access to secrets and credentials, as demonstrated by a similar hijacking vulnerability affecting other AI agents like Claude and GitHub Copilot. → securityweek.com |
| 2026-04-30 2026 | Kaspersky Reports 37% Surge in Malicious Packages Targeting Global Software Supply Chains news 3 min read | Survey of supply chain attacks, detailing a 37% surge in malicious packages targeting open-source projects by late 2025. Kaspersky GReAT research highlights compromised software like CPU-Z, HWMonitor, Axios (v1.14.1, 0.30.4), and Notepad++, noting shared tactics with Bluenoroff campaigns. The analysis emphasizes the need for monitoring open-source components, continuous infrastructure oversight via solutions like Kaspersky Next, and proactive incident response planning to mitigate these escalating threats. |
| 2026-04-30 2026 | Fake TanStack npm Package Exfiltrates Sensitive Developer Data news 2 min read | Library that impersonates the legitimate TanStack npm package and exfiltrates sensitive developer environment variables. This supply-chain attack, detected by the Socket Research Team, involved malicious updates to the unscoped "tanstack" package, targeting files like `.env` and `readme` documents across versions 2.0.4 through 2.0.7, with one variant silently suppressing system logs. The incident also affected the dependent package "portalapp" version 1.0.0. → cyberpress.org |
| 2026-04-30 2026 | Huntress Highlights Analysis of axios npm Supply-Chain Attack news | Huntress Highlights Analysis of axios npm Supply-Chain Attack https://ift.tt/UZ8qry3 → tipranks.com |
| 2026-04-30 2026 | Shai-Hulud Worm Exposure Underscores Rising Software Supply Chain Risk news | The Shai-Hulud worm's exposure highlights growing software supply chain risks. This worm targeted specific vulnerable applications, showcasing how compromised components can spread malicious code throughout development pipelines. Its success emphasizes the critical need for robust security measures within the software supply chain, from development to deployment. Organizations must prioritize better visibility and control over their dependencies to mitigate such threats and prevent widespread damage. → tipranks.com |
| 2026-04-29 2026 | Supply Chain Campaign Targets SAP npm Packages with Credential-Stealing Malware news 3 min read Secrets | Library for detecting the "Mini Shai Hulud" supply chain attack, which compromises SAP npm packages like `@cap-js/sqlite` and `@cap-js/postgres` using malicious preinstall scripts. The malware harvests developer and CI/CD secrets from GitHub, npm, and cloud providers (AWS, Azure, GCP) via multi-stage payloads, exfiltrating data through attacker-controlled GitHub repositories using the GraphQL API. It also attempts to poison GitHub repositories and steal browser credentials, with attribution to TeamPCP based on shared RSA keys and code similarities. → wiz.io |
| 2026-04-29 2026 | Malicious npm Dependency Linked to AI Assisted Commit Targets Crypto Wallets news 1 min read AI | Library from ReversingLabs detailing the PromptMink campaign, involving the malicious npm dependency `@validate-sdk/v2`. This campaign, attributed to North Korean actor Famous Chollima, utilized AI-assisted commits (reportedly with Anthropic's Claude Opus) and a layered package structure to exfiltrate secrets, steal crypto wallet funds, and establish persistent remote access. The malware evolved from JavaScript to compiled binaries and Rust payloads, targeting both Linux and Windows, and demonstrated an increasing sophistication in leveraging AI development tools for supply chain attacks. → infosecurity-magazine.com |
| 2026-04-29 2026 | GitHub fixes RCE flaw that gave access to millions of private repos news 2 min read RCE | Writeup on CVE-2026-3854, a critical remote code execution vulnerability in GitHub.com and GitHub Enterprise Server, allowing attackers with push access to gain read/write privileges to private repositories. The flaw stems from insufficient sanitization of user-supplied options during git push operations, enabling arbitrary code execution by chaining injected values. While GitHub.com was patched rapidly, many GitHub Enterprise Server instances remain vulnerable and require immediate upgrades. Wiz researchers discovered the vulnerability, which could have exposed millions of private repositories. → bleepingcomputer.com |
| 2026-04-29 2026 | Checkmarx Confirms Data Stolen in Supply Chain Attack news 2 min read | Analysis of a supply chain attack targeting Checkmarx's KICS open source project, involving the Trivy supply chain compromise and attributed to TeamPCP. Attackers leveraged hijacked GitHub Action version tags, poisoned OpenVSX plugins, and two GitHub Actions workflows. Subsequently, Lapsus$ also joined in, claiming theft of source code, employee databases, API keys, and credentials, further poisoning a DockerHub KICS image, a GitHub action, and VS Code/Developer Assist extensions, impacting the Bitwarden CLI. → securityweek.com |
| 2026-04-29 2026 | Critical GitHub RCE bug exposed millions of repositories news 2 min read RCE | Writeup of CVE-2026-3854, a critical command injection vulnerability in GitHub's Git push processing. This flaw, discovered by Wiz researchers and potentially aided by IDA MCP AI tooling, allowed authenticated users to execute arbitrary commands and achieve remote code execution by crafting malicious input within Git push requests. The vulnerability affected GitHub.com and GitHub Enterprise Server, granting access to millions of repositories and full server compromise in self-hosted environments. Patches have been released for affected GitHub Enterprise Server versions. → csoonline.com |
| 2026-04-29 2026 | Cursor AI IDE vulnerability allows code execution via hidden Git hooks news 2 min read RCE | Writeup of CVE-2026-26268, an arbitrary code execution vulnerability in the Cursor AI IDE. This high-severity flaw, with a CVSS score of 8.1, is triggered when the AI agent processes a malicious Git hook hidden within a nested bare repository. The exploit allows attackers to gain control of a programmer's computer simply by cloning a compromised project, bypassing user interaction by leveraging the AI's autonomous command execution capabilities on untrusted code. Researchers from Novee discovered and reported this issue, which was fixed by Cursor developers in February 2026. → hackread.com |
| 2026-04-29 2026 | Critical GitHub Vulnerability Exposed Millions of Repositories news 2 min read RCE | Writeup detailing CVE-2026-3854, a critical remote code execution vulnerability in GitHub's internal Git infrastructure. Exploitable via a single git push command by any authenticated user, this flaw impacted GitHub Enterprise Server and GitHub.com, potentially allowing arbitrary command execution on backend servers and access to millions of repositories and internal secrets. Wiz researchers discovered the vulnerability, noting easy exploitation and significant impact on both platforms, though GitHub has since deployed patches. → securityweek.com |
| 2026-04-29 2026 | GitHub.com and Enterprise Server Vulnerability Allows Remote Code Execution news 2 min read RCE | Writeup detailing CVE-2026-3854, a critical RCE vulnerability in GitHub's git infrastructure allowing authenticated users to execute arbitrary commands via a standard `git push`. The flaw stems from improper sanitization of semicolon characters in the `X-Stat` header, enabling delimiter injection and overriding security policies. Attackers chained injections of `non-production rails_env`, `custom_hooks_dir`, and a `repo_pre_receive_hooks` definition with path traversal to bypass sandboxing and execute custom hooks, leading to full server compromise on GitHub Enterprise Server and broad filesystem access on GitHub.com. Wiz Research utilized AI-augmented tools like IDA MCP to analyze the exploit. → gbhackers.com |
| 2026-04-29 2026 | More fake extensions linked to GlassWorm found in Open VSX code marketplace news 4 min read | Writeup on GlassWorm malware campaign, detailing the discovery of 73 new fake extensions impersonating trusted tools on the Open VSX code marketplace. These extensions, designed to evade detection with benign initial code and bundled native binaries, act as loaders to download the GlassWorm malware. Researchers highlight the systemic security gap in IDE extension management compared to software packages, lacking integrity verification and leading to credential theft. Recommendations include treating extensions as high-risk dependencies, disabling auto-updates, using SCA tools that cover extensions, and implementing strict approval processes. → csoonline.com |
| 2026-04-28 2026 | Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push news 3 min read RCE | Writeup of CVE-2026-3854, a critical command injection vulnerability in GitHub.com and GitHub Enterprise Server, allowing authenticated users to achieve remote code execution via a single "git push" command. The flaw, discovered by Wiz, stems from unsanitized push option values within internal service headers, enabling attackers to override environment settings, bypass sandboxing, and execute arbitrary commands as the git user, potentially leading to cross-tenant repository exposure. Patches have been released for affected GitHub Enterprise Server versions. → thehackernews.com |
| 2026-04-28 2026 | Critical GitHub.com and Enterprise Server RCE Vulnerability Enables Full Server Compromise news 2 min read RCE | Writeup detailing CVE-2026-3854, a critical RCE vulnerability in GitHub's internal git infrastructure, discovered by Wiz. This vulnerability, stemming from improper neutralization of special elements (CWE-77) in the babeld git proxy, allowed authenticated users to inject malicious fields into X-Stat headers via git push options. Exploitation required chaining three injected fields: non-production rails_env to bypass sandbox, custom_hooks_dir to redirect hooks, and repo_pre_receive_hooks with path traversal for arbitrary execution as the git service user. This could lead to full server compromise on GitHub Enterprise Server or access to millions of private repositories on GitHub.com. → cybersecuritynews.com |
| 2026-04-28 2026 | Securing the git push pipeline: Responding to a critical remote code execution vulnerability intermediate 4 min read RCE | Writeup on CVE-2026-3854, a critical remote code execution vulnerability in GitHub's git push pipeline. The vulnerability allowed arbitrary command execution on the server by leveraging unsanitized user-supplied push options to inject metadata fields and bypass sandboxing. GitHub patched github.com within hours and released patches for GitHub Enterprise Server, recommending immediate upgrades. The writeup details the exploitation technique, response, and defense-in-depth measures, including the removal of an unnecessary code path. → github.blog |
| 2026-04-28 2026 | Bitwarden CLI Compromise Linked to Ongoing Checkmarx Supply Chain Campaign news 4 min read | Writeup of the Bitwarden CLI compromise, a supply chain attack orchestrated by the Checkmarx campaign targeting developers. Threat actors compromised version 2026.4.0 by hijacking an npm package and injecting malicious code designed to steal credentials for GitHub, npm, AWS, GCP, Azure, AI tools like Claude Code, and even GitHub Actions secrets. The attack leveraged a GitHub Action within Bitwarden’s CI/CD pipeline, redirecting preinstall scripts to a custom loader that executed an obfuscated JavaScript payload. Stolen data was exfiltrated to a domain impersonating Checkmarx, with valid GitHub tokens used to enumerate and inject malicious workflows into repositories, turning compromised machines into pivot points for broader supply chain attacks. → securityboulevard.com |
| 2026-04-28 2026 | Hugging Face LeRobot Vulnerability Enables Unauthenticated Remote Code Execution Attacks news 2 min read RCE | Writeup detailing CVE-2026-25874, a critical RCE vulnerability in Hugging Face's LeRobot framework. Unauthenticated attackers can exploit the unsafe use of `pickle.loads()` in LeRobot's PolicyServer, combined with insecure gRPC configurations (`add_insecure_port()`), to execute arbitrary system commands. This flaw, identified by researcher chocapikk, bypasses validation checks and allows malicious Python objects embedded in serialized payloads to achieve code execution before security checks are applied, potentially leading to full system compromise. → cyberpress.org |
| 2026-04-28 2026 | Hugging Face LeRobot Flaw Opens Door to Remote Code Execution Attacks news 2 min read RCE | Writeup on CVE-2026-25874 in Hugging Face's LeRobot details a critical remote code execution vulnerability stemming from the use of Python's unsafe pickle.loads() function for deserializing data from an insecure gRPC PolicyServer. This flaw allows unauthenticated attackers with network access to execute arbitrary system commands by sending crafted serialized payloads to specific RPC endpoints like SendPolicyInstructions and SendObservations. The vulnerability is exacerbated by the lack of TLS encryption and authentication in the gRPC channel, and the use of #nosec comments indicates developers were aware of the risk. → gbhackers.com |
| 2026-04-28 2026 | Critical Cursor bug could turn routine Git into RCE news 3 min read RCE | Writeup on CVE-2026-26268, a critical vulnerability in the Cursor IDE that allows arbitrary code execution through routine Git operations. Researchers at Novee Security discovered that a malicious repository, containing specially crafted Git hooks within a bare repository, can trigger the IDE's AI agent to execute attacker-controlled code upon operations like `git checkout`. This exploit bypasses traditional security by leveraging standard Git features autonomously executed by the AI. The issue is patched in Cursor version 2.5. → csoonline.com |
| 2026-04-28 2026 | Dozens of Open VSX Extension Clones Linked to GlassWorm Malware news 2 min read | Analysis of 73 cloned extensions on the Open VSX marketplace reveals a sophisticated GlassWorm malware campaign. These extensions, masquerading as legitimate tools, employ social engineering and Unicode obfuscation to evade detection, stealing GitHub, Git, NPM credentials, and cryptocurrency. The malware's delivery mechanism involves bundled native binaries and remote payload retrieval, a tactic designed to bypass static analysis and compromise users through normal extension updates. → securityweek.com |
| 2026-04-28 2026 | Popular PyPI Package With 1 Million Monthly Downloads Hacked to Inject Malicious Scripts news 2 min read | Writeup detailing a supply chain attack on the PyPI package elementary-data, version 0.23.3. Threat actors exploited a GitHub Actions pipeline vulnerability to inject a malicious script, bypassing standard security checks and publishing a compromised version. This information stealer payload targets cloud access tokens, SSH keys, Kubernetes tokens, cryptocurrency wallets, and environment variables. Affected users must rotate credentials and update to version 0.23.4. → cybersecuritynews.com |
| 2026-04-28 2026 | Malicious Python package poses new supply chain threat news 2 min read Python | Writeup of elementary-data supply chain attack, detailing how attackers exploited a GitHub Actions vulnerability to steal signing keys and publish a malicious version (0.23.3). This compromised package, downloaded over a million times monthly, exfiltrated user credentials, cloud keys, and API tokens. Users are advised to rotate credentials and remove the malicious version, similar to past incidents involving Nx, TeamPCP, and GlassWorm. → techzine.eu |
| 2026-04-28 2026 | An open-source package with over 1 million monthly downloads has a vulnerability that has been exploited to distribute malware-infected versions and steal user credentials. news 2 min read Secrets | Writeup of a supply chain attack on Elementary Open Source Python CLI v0.23.3, which was exploited to distribute malware and steal user credentials like API tokens and SSH keys. This incident highlights risks in developer account security and GitHub Actions workflows, impacting a package with over one million monthly downloads. Developers are advised to uninstall the compromised version, clear caches, rotate credentials, and check for malware. → gigazine.net |
| 2026-04-27 2026 | Ongoing supply-chain attack 'explicitly targeting' security dev tools news 4 min read | Library of security and developer tools affected by a sophisticated supply-chain attack. Threat actors, including Lapsus$, have targeted tools like Trivy, KICS, and Checkmarx's GitHub repositories, injecting credential-stealing malware and poisoning Docker images. This campaign also compromised Bitwarden's CLI and exposed sensitive data, including source code and API keys, demonstrating a direct assault on the security ecosystem. → theregister.com |
| 2026-04-27 2026 | Open source package with 1 million monthly downloads stole user credentials news 1 min read | Library **element-data** version 0.23.3 was compromised, stealing user credentials, cloud provider keys, API tokens, and SSH keys. A threat actor exploited a vulnerability in the developers' GitHub actions workflow to gain access to signing keys and sensitive information, allowing them to publish a malicious package to the Python Package Index and Docker image accounts. Users who installed the compromised version or ran the affected Docker image should assume their credentials may have been exposed. → arstechnica.com |
| 2026-04-27 2026 | Bitwarden CLI Impersonation Attack Steals Cloud Credentials and Spreads Across npm Supply Chains news 2 min read | Writeup of the `@bitwarden/cli` npm supply chain attack by TeamPCP, detailing its worm-like propagation across AWS, Azure, and GCP credentials by harvesting secrets from local filesystems, environment variables, and cloud secret managers. The malicious package, version 2026.4.0, impersonated the legitimate Bitwarden CLI and spread to thousands of users before detection, impacting developer workstations and CI/CD pipelines. → paloaltonetworks.com |
| 2026-04-27 2026 | Claude Code is leaking API keys into public package registries news 5 min read Secrets | Writeup on Claude Code's API key leak, where the AI coding assistant caches approved terminal commands, including credentials passed via environment variables, into a hidden `.claude/settings.local.json` file. This file, if not excluded by `.npmignore` or `package.json` configurations, can be inadvertently published to public registries alongside source code, exposing sensitive data to the software supply chain. Existing secret scanning tools often miss these exposures as they reside within AI tool-specific settings, requiring developers to manually update ignore files and package managers to preview artifacts before publishing. |
| 2026-04-27 2026 | Critical Gemini CLI Flaw Raises Supply Chain Security Concerns news 2 min read RCE | Library update addressing GHSA-wpqr-6v78-jr5g, a critical Gemini CLI vulnerability enabling Remote Code Execution in CI/CD pipelines. The flaw arises from automatic workspace trust in headless mode and bypasses in Yolo execution mode, allowing command injection via malicious environment variables and prompt injection. Patches require upgrading the NPM package to 0.39.1 or 0.40.0-preview.3 and the GitHub Action to 0.1.22, alongside implementing workspace trust configurations and strict tool allowlists. → gbhackers.com |
| 2026-04-26 2026 | prompt-security/clawsec: A complete security skill suite for OpenClaw's and NanoClaw agents (and variants). Protect your SOUL.md (etc') with drift detection, live security recommendations, automated audits, and skill integrity verification. All from one installable suite. beginner 6 min read AI | Library for comprehensive AI agent security, protecting against prompt injection and drift. It offers unified monitoring, integrity verification, and threat intelligence for platforms like OpenClaw, NanoClaw, Hermes, and Picoclaw. Key features include skill installer, file integrity protection with drift detection, live security advisories from NVD CVEs, automated audits for vulnerabilities, and SHA256 checksum verification for artifacts. The suite also supports advisory monitoring and hook-based protection flows, with Python utilities for local skill development and validation. |
| 2026-04-24 2026 | The npm Threat Landscape: Attack Surface and Mitigations beginner 13 min read | Library detailing the evolving npm threat landscape, focusing on the Shai-Hulud worm and subsequent systematic supply chain compromises. It analyzes significant incidents like the Axios and Bitwarden CLI compromises, highlighting adversarial tactics such as wormable propagation via token theft, CI/CD pipeline persistence, and multi-stage payloads. The library also covers remediation playbooks for credential rotation and dependency purging, and details the technical specifics of obfuscation and execution mechanisms used by malware targeting npm users and distribution channels like Docker Hub and GitHub Actions. → unit42.paloaltonetworks.com |
| 2026-04-24 2026 | Flurry of Supply-Chain Software Library Attacks news 5 min read | Library security overview detailing recent supply-chain attacks targeting open-source repositories like npm and PyPI. Attackers compromise popular packages, such as LiteLLM, Axios, Xinference, Namastex.ai, Checkmarx KICS, and Bitwarden CLI, injecting malware to steal developer credentials, secrets, and tokens. These poisoned packages, distributed via automated CI pipelines, can spread rapidly through software dependencies, highlighting the fragility of current development practices. → bankinfosecurity.com |
| 2026-04-24 2026 | Flurry of Supply-Chain Software Library Attacks news 5 min read | Library attacks targeting npm and PyPI repositories have surged, compromising open-source projects like LiteLLM, Axios, Xinference, Namastex.ai, Checkmarx KICS, and Bitwarden CLI. Attackers inject data-stealing malware and worms, such as Shai-Hulud, into popular packages, which are then automatically merged into downstream projects via CI/CD pipelines. These compromises aim to steal developer credentials, cloud secrets, and spread laterally to other repositories, highlighting the fragility of software supply chains. |
| 2026-04-24 2026 | Checkmarx supply chain hack impacts Bitwarden CLI news | A supply chain hack, originating from Checkmarx, has impacted the Bitwarden command-line interface (CLI). This incident involved the compromise of a Bitwarden dependency, leading to the modification of the `pass` library. While the vulnerability was quickly identified and mitigated, users of the Bitwarden CLI are advised to update their software to ensure they are protected from any potential risks associated with the compromised dependency. No specific bounty payout amount was mentioned in the content. → scworld.com |
| 2026-04-24 2026 | Bitwarden CLI Compromised in Shai-Hulud Supply Chain Attack; 334 Developers Exposed news 3 min read | Library compromising the Bitwarden CLI with malware in version `@bitwarden/cli@2026.4.0` exploited a supply chain attack via compromised GitHub Actions. The malicious package, discovered by JFrog and Socket, scanned for and exfiltrated developer secrets including GitHub/npm tokens, SSH keys, and AI assistant configurations to Checkmarx-impersonating domains or public GitHub commits, impacting 334 developers and linked to the "Shai-Hulud" campaign. |
| 2026-04-24 2026 | Bitwarden CLI tool compromised: hundreds of developers pull credential-stealing malware news | The Bitwarden command-line interface (CLI) tool was compromised, leading to hundreds of developers unknowingly downloading malware that steals credentials. This incident highlights a significant security breach within the open-source ecosystem. The compromised version of the CLI tool was distributed, potentially exposing sensitive information from affected users. → cybernews.com |
| 2026-04-24 2026 | GitHub Actions Abuse Fuels Bitwarden Supply Chain Attack - Open Source For You news 1 min read | Library abuse within GitHub Actions facilitated a supply chain attack targeting the Bitwarden CLI, specifically version 2026.4.0. Attackers injected malicious JavaScript into an npm package, aiming to steal developer credentials, cloud secrets, and GitHub Actions secrets. This campaign, linked to Shai-Hulud activity, also compromised AI coding tools like Claude Code and Cursor, highlighting risks in CI/CD pipelines and open-source software trust. → opensourceforu.com |
| 2026-04-24 2026 | Bitwarden NPM Package Hit in Supply Chain Attack news 3 min read | Writeup detailing the compromise of the Bitwarden CLI NPM package, version 2026.4.0, in a supply chain attack. The malicious package contained code to exfiltrate secrets and tokens from Azure, AWS, GitHub, GCP, and NPM, and weaponized GitHub tokens to abuse GitHub Actions. This incident shares similarities with previous attacks on Checkmarx, including payload structure and credential harvesting methods, and shows potential links to the Shai-Hulud worm campaigns. → securityweek.com |
| 2026-04-24 2026 | Bitwarden CLI Hit by Supply Chain Attack Through GitHub Actions news 2 min read | Writeup detailing a supply chain attack on the Bitwarden CLI, where malicious code was injected into the `@bitwarden/cli` npm package via a compromised GitHub Actions workflow. The payload harvested GitHub tokens, cloud credentials (AWS, Azure, GCP), npm tokens, and SSH keys, communicating with C2 infrastructure linked to prior Checkmarx attacks. The malware exhibited a Russian locale kill switch and exfiltrated data to specially named GitHub repositories, referencing the "Dune" franchise. → cyberpress.org |
| 2026-04-24 2026 | Bitwarden CLI Compromised in Supply Chain Attack Exposes Developer Secrets news 1 min read | Writeup of the Bitwarden CLI supply chain attack, where a malicious npm package (@bitwarden/cli@2026.4.0) was distributed via a compromised GitHub Actions workflow. This incident, part of a broader campaign linked to Checkmarx attacks, targeted developer secrets including GitHub and npm tokens, SSH keys, and cloud credentials, with potential for escalating into wider breaches by injecting malicious workflows. → cxodigitalpulse.com |
| 2026-04-24 2026 | Password manager Bitwarden suffers supply chain attack; users of the npm package should check their device. news 1 min read | Writeup of Bitwarden CLI supply chain attack, where malicious code infiltrated the CI/CD pipeline via GitHub Actions into package '@bitwarden/cli2026.4.0'. Users should audit npm, check CI logs, change secrets, and scan GitHub for unauthorized activity. Similarities to the Checkmarx attack are noted, including a Russian-language environment exclusion, though different actors are suspected. → gigazine.net |
| 2026-04-24 2026 | Cloudsmith Raises $72M for Software Supply-Chain Security news 4 min read | Library providing software supply-chain security through artifact management. Cloudsmith, a platform from Twilio's former chief customer officer, raised $72 million to enforce policies, audit usage, and reduce exposure to malicious or compromised packages by acting as an intermediary between developers and public repositories. This approach transforms artifact management into a security layer, offering insights into package popularity, maturity, and known risks to both human developers and AI agents, while also integrating data from external security tools for more nuanced policy decisions. → bankinfosecurity.com |
| 2026-04-24 2026 | Tenable Research Uncovers Remote Code Execution Vulnerability in Microsoft GitHub Repository Exposing CI/CD Pipeline to Unauthorized Code Execution news 2 min read RCE | Writeup detailing a critical CVSSv4 9.3 vulnerability in a Microsoft GitHub repository exposing its CI/CD pipeline to unauthorized code execution. Tenable Research uncovered a Python string injection flaw within GitHub Actions workflows in the Windows-driver-samples repository, allowing attackers to inject malicious code via GitHub issue descriptions. This exploit grants them access to repository secrets like GITHUB_TOKEN, enabling privileged operations and potentially compromising the software supply chain. The findings highlight the critical nature of CI/CD infrastructure as an attack surface and emphasize the need for strict security controls, permission reviews, and pipeline monitoring. → cxodigitalpulse.com |
| 2026-04-23 2026 | Bitwarden CLI password manager trojanized in supply chain attack news 3 min read | Writeup of Bitwarden CLI supply chain attack, where attackers published a trojanized version 2026.4.0 to npm. This malicious version, containing `bw_setup.js` and `bw1.js`, targeted cloud and development credentials, including GitHub, npm, AWS, and GCP tokens, and weaponized them for further access. The attack leveraged a compromised GitHub Action in Bitwarden's CI/CD pipeline, similar to incidents affecting Checkmarx KICS and Trivy, attributed to the TeamPCP group. Remediation involves revoking compromised tokens and keys, rotating secrets, and inspecting GitHub Actions workflows. → csoonline.com |
| 2026-04-23 2026 | Checkmarx Supply Chain Attack Exploits Docker Images and CI/CD Pipelines news 4 min read | Library exploiting Docker image poisoning and VS Code extension vulnerabilities, specifically targeting Checkmarx KICS and associated extensions (versions 1.17.0, 1.19.0), as part of a multi-stage supply chain attack by the TeamPCP group. The attack involved redirecting Docker image tags like `v2.1.20` and `alpine`, and a second-stage payload `mcpAddon.js` was executed via the Bun runtime, leading to credential harvesting of GitHub tokens, cloud credentials, and SSH keys. This campaign extended to compromise the Bitwarden CLI, demonstrating a broader trend of CI/CD pipeline abuse. → esecurityplanet.com |
| 2026-04-23 2026 | Shai-Hulud: The Third Coming Bitwarden CLI Backdoored in Latest Supply Chain Campaign news 3 min read | Analysis of Shai-Hulud worm's attack on the @bitwarden/cli package reveals its self-propagating nature, exfiltrating credentials, NPM tokens, GitHub tokens, AWS, GCP, and Azure information. The worm encrypts exfiltrated data using AES-256-GCM and uploads it to public GitHub repositories, potentially originating from Russia as it avoids Russian-configured systems. Affected users are advised to rotate keys, add 2FA, check for malicious GitHub repositories, and downgrade the @bitwarden/cli package. → ox.security |
| 2026-04-23 2026 | Tenable finds Microsoft GitHub flaw risking supply chains news 1 min read | Vulnerability in Microsoft's GitHub windows-driver-samples repository, identified by Tenable Research, allowed attackers to exploit a Python string injection flaw within a GitHub Action. This allowed the triggering of automated scripts via a standard GitHub issue, leading to the potential theft of the GITHUB_TOKEN with broad permissions. The flaw highlights risks to the software supply chain and downstream users, with recommendations including restricted token permissions and auditing workflows. |
| 2026-04-23 2026 | New Checkmarx supply-chain breach affects KICS analysis tool news 2 min read | Library compromise affects Checkmarx KICS, its Docker images, and VS Code extensions, with attackers injecting a hidden 'MCP addon' to steal credentials including GitHub tokens, AWS, Azure, and Google Cloud credentials, npm tokens, SSH keys, Claude configs, and environment variables, exfiltrating them to audit.checkmarx[.]cx. Affected users should block access to malicious domains, use pinned SHAs, revert to safe versions like DockerHub KICS v2.1.20, and rotate secrets. → bleepingcomputer.com |
| 2026-04-23 2026 | Checkmarx Docker Hub repository compromised with malicious images news | Writeup of the Checkmarx KICS Docker Hub repository compromise, where threat actors injected malicious images overwriting existing tags like v2.1.20 and alpine. These compromised images contained a modified KICS binary designed for data exfiltration to external endpoints, impacting users scanning infrastructure-as-code. Malicious code was also found in Checkmarx Visual Studio Code extensions (versions 1.17.0 and 1.19.0), enabling remote addon execution without user confirmation. → scworld.com |
| 2026-04-23 2026 | Namastex npm packages compromised in CanisterWorm supply chain attack news 2 min read | Writeup on the CanisterWorm npm supply chain attack, which compromised Namastex Labs packages @automagik/genie and pgserve. The malicious postinstall script harvests secrets from environment variables and local system files, exfiltrating them via an HTTPS webhook and an Internet Computer Protocol (ICP) canister. The worm then attempts to self-propagate by injecting and republishing compromised packages, and also targets the Python Package Index (PyPI). This campaign is attributed to the TeamPCP threat actor and shares similarities with the Shai-Hulud worm. → scworld.com |
| 2026-04-23 2026 | No Off Season: Three Supply Chain Campaigns Hit npm PyPI and Docker Hub in 48 Hours news 3 min read | Analysis of three supply chain attacks—Checkmarx KICS, CanisterSprawl, and xinference—that targeted npm, PyPI, and Docker Hub between April 21-23, 2026. These campaigns focused on stealing secrets like API keys, cloud credentials, and SSH keys from developer environments and CI/CD pipelines, with threat actors including TeamPCP utilizing techniques such as obfuscated payloads, postinstall hooks, and decentralized C2 channels. → securityboulevard.com |
| 2026-04-23 2026 | No Off Season: Three Supply Chain Campaigns Hit npm PyPI and Docker Hub in 48 Hours news 2 min read | Analysis of three recent supply chain campaigns targeting npm, PyPI, and Docker Hub, including Checkmarx KICS, CanisterSprawl (pgserve, Namastex.ai), and xinference, highlights the consistent objective of stealing developer secrets like API keys and cloud credentials. These attacks, attributed in part to threat actor TeamPCP, demonstrate sophisticated evasion techniques and cross-ecosystem propagation. → blog.gitguardian.com |
| 2026-04-23 2026 | Xinference PyPI Package Compromised With Malicious Code to Steal Cloud Credentials news 2 min read | Library compromise impacting Xinference versions 2.6.0 through 2.6.2 on PyPI, discovered after a user reported suspicious behavior. Malicious code, obfuscated and executed upon import, acts as an infostealer targeting cloud credentials (AWS, Google Cloud), Kubernetes tokens, SSH keys, API keys, database credentials, cryptocurrency wallets, and more, exfiltrating data to `whereisitat[.]lucyatemysuperbox[.]space`. The attack leveraged a hijacked account named "XprobeBot" and potentially impersonates "TeamPCP." Developers are advised to downgrade to 2.5.0, rotate credentials, enable MFA, and audit access logs. → cyberpress.org |
| 2026-04-23 2026 | Malicious Docker Images and VS Code Extensions Compromise Checkmarx Supply Chain news 1 min read | Analysis of a supply chain attack where malicious Docker images, specifically a trojanized `checkmarx/kics` image under tags like `v2.1.20` and `alpine`, and compromised Visual Studio Code extensions, were used to exfiltrate sensitive data and compromise developer environments, highlighting risks in trusted repositories and developer ecosystems. → cxodigitalpulse.com |
| 2026-04-23 2026 | Checkmarx KICS Docker Repo Hijacked in Malicious Code Injection Attack news 2 min read | Library compromise: The official Checkmarx KICS Docker Hub repository and VS Code extensions were targeted in a supply chain attack. Threat actors injected trojanized Docker images (affecting tags v2.1.20, v2.1.20-debian, alpine, debian, and latest) and tampered VS Code extensions (versions 1.17.0 and 1.19.0) to exfiltrate developer credentials and cloud secrets, including GitHub tokens, AWS, Azure, and GCP credentials, and SSH keys. The attack, claimed by TeamPCP, involved malicious Golang binaries and JavaScript payloads, utilizing Git history manipulation and abusing GitHub Actions for secret theft and NPM package republishing. → gbhackers.com |
| 2026-04-23 2026 | Xinference PyPI Breach Exposes Developers to Cloud Credential Theft news 2 min read | Library compromise via supply chain attack; malicious versions of the Xinference Python package (2.6.0, 2.6.1, 2.6.2) uploaded to PyPI by threat actors via a compromised bot account (XprobeBot) embedded an infostealer. The malware targets cloud credentials (AWS, Google Cloud, Kubernetes), environment variables, SSH keys, API keys, cryptocurrency wallets (Bitcoin, Ethereum, Dogecoin, Monero), and service credentials for platforms like Discord and Slack. Developers are advised to downgrade to version 2.5.0, rotate all sensitive credentials, enable 2FA, and audit their environments. → gbhackers.com |
| 2026-04-23 2026 | axios npm Compromise: The Ultimate Supply Chain Scaries news 5 min read | Writeup of the axios npm supply chain compromise details how attackers leveraged social engineering to gain access to the maintainer's account, publishing malicious versions of the popular JavaScript library. The compromise, attributed to the North Korean threat actor UNC1069, allowed for cross-platform malware delivery, including RATs capable of system reconnaissance and credential harvesting. The incident highlights risks associated with deep dependency chains and the trust inherent in the open-source ecosystem, drawing parallels to previous npm attacks like Shai-Hulud and the Trivy scanner compromise. |
| 2026-04-23 2026 | Xinference allegedly hacked by TeamPCP Malicious Package In PyPi news 3 min read | Writeup of the Xinference supply chain attack on PyPI, detailing how malicious versions (2.6.0-2.6.2) were uploaded containing obfuscated infostealer code. This malware targets cloud credentials, API keys, environment variables, SSH keys, cryptocurrency wallets, and database credentials, sending stolen data to a remote server. The attack leveraged a compromised bot to inject the malicious base64 payload into the `__init__.py` file, affecting users who installed these compromised versions. Recommended actions include downgrading to version 2.5.0 and rotating sensitive keys. → ox.security |
| 2026-04-23 2026 | AI Supply-Chain Monitor Identifies Critical Axios Attack news 1 min read | Tool for AI-driven supply-chain monitoring; this open-source library from Elastic Security Labs uses an LLM to assess package repository updates for malicious changes, successfully detecting a backdoored Axios version. The system monitors top npm and PyPI packages, enabling rapid identification and response to software supply-chain attacks, as demonstrated by its effectiveness shortly after implementation. |
| 2026-04-23 2026 | Aikido Security Launches Endpoint Protection for Developer Devices as Software Supply Chain Attacks Hit Unprecedented Scale news 3 min read | Library from Aikido Security, Aikido Endpoint, protects developer devices from software supply chain attacks. It inspects and blocks risky packages, IDE extensions, browser plugins, and AI tools before installation. This addresses escalating threats like the TeamPCP and Axios compromises by focusing on developer machines, which hold critical credentials. Aikido Endpoint monitors all installs, enforces policies like blocking packages younger than 48 hours, and covers npm, PyPI, Maven, NuGet, VS Code extensions, browser extensions, and AI agent marketplaces. It builds on the open-source Safe Chain CLI firewall and offers enterprise-grade governance and approval workflows. |
| 2026-04-22 2026 | Another npm supply chain worm is tearing through dev environments news 2 min read | Library for detecting npm supply chain worms, similar to CanisterWorm attacks attributed to TeamPCP and LiteLLM. This strain compromises packages like `@automagik/genie`, `pgserve`, and `@fairwords/websocket`, stealing secrets, API keys, and cryptocurrency wallet data. It exfiltrates information to both webhooks and ICP canisters, utilizing a "TeamPCP/LiteLLM method" and self-propagation logic to infect additional packages and PyPI repositories. → theregister.com |
| 2026-04-22 2026 | Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens news 4 min read | Library for detecting and preventing supply chain attacks, such as the self-propagating worm found in npm packages like `@automagik/genie` and `pgserve`. It details how these worms, like CanisterSprawl, steal developer tokens and credentials for AWS, Azure, and Google Cloud, and can propagate to PyPI packages. The library also covers attacks targeting GitHub Actions' `pull_request_target` trigger and credential harvesting via LLM proxies. → thehackernews.com |
| 2026-04-22 2026 | Supply Chain Attacks Are Getting WorseHow to Shrink Your Exposure beginner 6 min read | Library for mitigating supply chain attacks, focusing on techniques to shrink exposure following incidents like the Trivy and Axios compromises. It details strategies for containing damage through short-lived credentials, least-privilege access, and blast radius separation. Proactive measures include eliminating "latest" tag usage, implementing cool-down periods for package upgrades, requiring immutable release packages, and adopting dependency management tools like Renovate and Fairwinds Nova for automated patching and chart updates. → securityboulevard.com |
| 2026-04-22 2026 | Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain news 5 min read | Writeup of supply chain attacks targeting Checkmarx, detailing malicious KICS Docker images and VS Code extensions. Threat actors overwrote Docker Hub tags and introduced compromised versions of the `cx-dev-assist` and `ast-results` extensions. The compromised artifacts exfiltrated GitHub tokens, AWS and Azure credentials, and SSH keys to external endpoints. These attacks, potentially by TeamPCP, leveraged stolen credentials to inject malicious GitHub Actions workflows and republish npm packages, creating further propagation paths. → thehackernews.com |
| 2026-04-22 2026 | Hypersonic Supply Chain Attacks: One Solution That Didn't Need to Know the Payload intermediate 7 min read | Library that stops zero-day supply chain attacks like those targeting LiteLLM, Axios, and CPU-Z by using on-device behavioral AI. It detects malicious execution patterns rather than relying on signatures or reputation, making it effective against previously unseen payloads delivered through trusted channels, even when AI agents automate execution with unrestricted permissions. This approach, part of SentinelOne's Autonomous Security Intelligence, flags anomalous process chains and code execution in real-time, terminating threats before they can escalate. → sentinelone.com |
| 2026-04-22 2026 | Flaw in Microsoft-owned GitHub repository allowed RCE via issue submission news 2 min read | Writeup detailing RCE via issue submission in Microsoft's Windows-driver-samples GitHub repository. The flaw exploited a GitHub Actions workflow that inserted unsanitized issue body content into a Python here-doc, allowing attackers to inject Python code and execute arbitrary commands. This could have led to exfiltration of the GITHUB_TOKEN secret, potentially enabling actions on behalf of Microsoft. The vulnerability, assessed with a CVSS score of 9.3, highlights the risks of CI/CD pipeline security, particularly with GitHub Actions and token permissions. → scworld.com |
| 2026-04-22 2026 | New npm supply-chain attack self-spreads to steal auth tokens news 2 min read | Library for detecting and defending against npm supply-chain attacks. This worm-like malware self-propagates by injecting malicious code into packages, stealing developer credentials, API keys, cloud service secrets, cryptocurrency wallets (MetaMask, Exodus), and targeting AI agent tooling and database operations. It can also exfiltrate data from CI/CD systems, registries, and LLM platforms, and has been observed targeting PyPI packages with .pth-based payloads. Socket and StepSecurity offer indicators of compromise and remediation guidance, advising immediate removal of affected packages and rotation of all exposed secrets. → bleepingcomputer.com |
| 2026-04-22 2026 | Axios npm Supply Chain Attack: 83M Downloads Hit news 7 min read | Library that details the March 31, 2026, Axios npm supply chain attack, where backdoored versions axios@1.14.1 and axios@0.30.4 were published, affecting 83 million weekly downloads. The attack injected a malicious dependency, plain-crypto-js, which delivered a cross-platform Remote Access Trojan (RAT) targeting macOS, Windows, and Linux. The analysis covers payload mechanics, obfuscation techniques, anti-forensics, and detection guidance, highlighting the exploit of trust in the JavaScript ecosystem. |
| 2026-04-22 2026 | Axios npm Hijack 2026: Everything You Need to Know news 10 min read | Analysis of the Axios npm Hijack 2026 details a sophisticated supply chain attack where threat actors compromised the lead maintainer's npm account, publishing malicious versions of the popular JavaScript library. These versions, [email protected] and [email protected], silently installed a cross-platform RAT (SILKBELL and WAVESHAPER.V2) via a hidden dependency upon `npm install`. The attack, attributed to UNC1069, bypassed standard CI/CD security by directly publishing to the npm registry using a stolen access token, highlighting the importance of OIDC provenance and SLSA checks. → socradar.io |
| 2026-04-22 2026 | TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files news 5 min read | Library compromising the `telnyx` Python package with versions 4.87.1 and 4.87.2 on PyPI. The malware uses audio steganography within `.WAV` files to deliver a multi-stage attack chain, harvesting credentials and exfiltrating data to `83.142.209[.]203:8080` on Linux/macOS, while establishing persistence via `msbuild.exe` on Windows. This supply chain attack by TeamPCP follows similar compromises of Trivy, KICS, and litellm. → thehackernews.com |
| 2026-04-22 2026 | litellm: Credential Stealer Hidden in PyPI Wheel news 13 min read | Library detailing a supply chain compromise within the litellm Python package. Versions 1.82.7 and 1.82.8 were found to contain a malicious payload that harvests credentials, encrypts them using AES-256 and RSA-4096, and exfiltrates them to an attacker-controlled domain. The compromise leveraged two distinct injection techniques: a `.pth` file in version 1.82.8, and an embedded base64 blob in `proxy_server.py` for version 1.82.7. This attack potentially gained initial access through a pivot from a compromise of the Trivy tool used in litellm's CI/CD pipeline. → stepsecurity.io |
| 2026-04-22 2026 | What's Coming to Our GitHub Actions 2026 Security Roadmap news 6 min read | Library for securing GitHub Actions, this roadmap details upcoming features to enhance supply chain security. Key developments include workflow dependency locking with commit SHAs for reproducibility, policy-driven execution protections through rulesets to control triggers and permissions, and scoped secrets to bind credentials to specific contexts, preventing over-permissioning and blurring trust boundaries. Additionally, enterprise-grade endpoint protections are introduced with the Actions Data Stream for visibility and a native egress firewall for control, addressing challenges seen in recent attacks like those on tj-actions/changed-files and Nx. → github.blog |
| 2026-04-22 2026 | Shai-Hulud npm Supply Chain Attack: New Compromised Packages Detected news 7 min read | Writeup on the Shai-Hulud npm supply chain attack details a significant wave of compromised packages, including new variations and obfuscation techniques. Threat actors are targeting popular npm packages to steal credentials from GitHub, NPM, AWS, GCP, and Azure, then exfiltrating this data by creating encoded repositories. The attack utilizes a data-stealer payload bundled within Webpack applications, often disguised as system optimization tools, and employs utilities like TruffleHog to gather secrets. → jfrog.com |
| 2026-04-22 2026 | LiteLLM and Telnyx Compromised on PyPI: Tracing the TeamPCP Supply Chain Campaign news 8 min read | Library detailing the TeamPCP supply chain campaign that compromised LiteLLM and Telnyx packages on PyPI. This extensive campaign began with a Trivy compromise, spread through npm and GitHub Actions, and included Kubernetes exploitation. Defenders should treat installations of LiteLLM versions 1.82.7/1.82.8 or Telnyx versions 4.87.1/4.87.2 as credential exposure events. → securitylabs.datadoghq.com |
| 2026-04-22 2026 | Keeping Your GitHub Actions Secure Part 1: Preventing Pwn Requests intermediate 9 min read | Library detailing secure GitHub Actions workflows, specifically addressing the risks of the `pull_request_target` trigger when processing untrusted pull requests. It highlights how attackers can exploit this to gain repository write permissions or steal secrets by injecting malicious code into build scripts, package.json, or npm pre/postinstall scripts. The library advocates for a `pull_request` trigger for unprivileged handling of untrusted code and a subsequent `workflow_run` trigger for privileged operations, using artifacts to safely transfer data. → securitylab.github.com |
| 2026-04-22 2026 | GitHub Actions Security Pt 1: Attacks & Defenses (Wiz) intermediate 8 min read | Library detailing GitHub Actions security, addressing common misconfigurations and outlining defensive strategies. It explains the threat model, covering risks like Pull Request pwnage and script injection, exemplified by attacks such as the Trivy supply chain compromise exploiting `pull_request_target` and `workflow_run` triggers. The entry emphasizes understanding the trust boundary between repository owners and external actors to prevent code execution with elevated permissions. → wiz.io |
| 2026-04-22 2026 | Are SBOMs Failing? Supply Chain Attacks Rise as Security Teams Struggle With SBOM Data beginner 3 min read | Analysis of SBOM failures reveals that while Software Bills of Materials and Vulnerability Exploitability eXchange statements offer data, security teams lack decision clarity. Supply chain attacks, including those leveraging Trivy and Axios, persist due to inconsistent interpretation of SBOM/VEX data, lack of updated SBOM delivery, and hesitations in exploitability assertions. Researcher Devashri Datta advocates for a unified, governance-driven intelligence layer to interpret SBOMs as lifecycle signals and VEX as contextual input, enabling explainable and defensible decisions amidst increasing regulatory pressure and rapid exploitation times. → securityweek.com |
| 2026-04-22 2026 | Axios supply chain attack deploys multi-OS malware news 3 min read | Analysis of the Axios supply chain attack details how malicious versions, axios@1.14.1 and axios@0.30.4, infected npm users with a cross-platform RAT. The attack, attributed to North Korean state actor Sapphire Sleet, exploited compromised npm credentials and bypassed CI/CD pipelines to deliver malware via the plain-crypto-js dependency. The RAT features obfuscated Node.js droppers, C2 communication, and self-deletion to evade detection, posing significant risks for credential and data exfiltration. Remediation involves updating or downgrading Axios and rotating secrets, with IoCs provided for affected systems. |
| 2026-04-22 2026 | AI-Driven Endpoints Highlight Expanding Software Supply Chain Risk beginner | AI-Driven Endpoints Highlight Expanding Software Supply Chain Risk https://ift.tt/Op8eSmM → tipranks.com |
| 2026-04-22 2026 | Aikido Unveils Endpoint Security as Supply Chain Attacks Hit Developers news 5 min read | Library that acts as a security agent on developer machines, inspecting and blocking threats before installation. It monitors package manager installations, VS Code extensions, and AI agent skills, cross-referencing with Aikido Intel to identify malicious packages. A key feature is blocking packages published within 48 hours, addressing the critical window for new malicious distributions, and it builds on Aikido's open-source Safe Chain CLI firewall. |
| 2026-04-21 2026 | Critical Microsoft GitHub Flaw Highlights Dangers to CI/CD Pipelines: Tenable news | Critical Microsoft GitHub Flaw Highlights Dangers to CI/CD Pipelines: Tenable https://ift.tt/nvuCc9x |
| 2026-04-21 2026 | CISA urges security teams to view environments following axios compromise news | CISA urges security teams to view environments following axios compromise https://ift.tt/JYRaA0z → cybersecuritydive.com |
| 2026-04-21 2026 | CISA Warns Axios npm Package Was Compromised in Major Supply Chain Attack news 2 min read | Alert regarding a supply chain attack targeting the Axios npm package, specifically versions 1.14.1 and 0.30.4, which were compromised by injecting a malicious dependency, plain-crypto-js@4.2.1. The attack deploys a remote access trojan (RAT) on developer machines. Recommendations include reverting to safe Axios versions (axios@1.14.0 or axios@0.30.3), deleting the malicious dependency, rotating credentials, blocking C2 domains, and implementing long-term prevention strategies like `.npmrc` configurations (`ignore-scripts=true`, `min-release-age=7`) and requiring phishing-resistant MFA. → cybersecuritynews.com |
| 2026-04-21 2026 | Aikido Security launches Endpoint to secure AI development and mitigate supply chain attacks news | Library for securing AI development and mitigating supply chain attacks. Aikido Security's Endpoint agent monitors developer workstations, providing visibility and control over software packages, development environments, and AI tools. It inspects imported tools and packages, holding new releases for 48 hours to reduce risk. Security teams can audit actions and enforce policies based on team, role, and device. → scworld.com |
| 2026-04-21 2026 | Introducing Endpoint Protection: Security for Developer Devices news 6 min read | Library for protecting developer devices against software supply chain attacks. It prevents malicious package installs, IDE extensions, browser plug-ins, and AI skills by offering visibility into installed software, blocking threats before installation, enforcing package age policies, and enabling approval workflows. Built upon the open-source Safe Chain project and powered by the LLM-based Aikido Intel threat intelligence engine, it aims to secure developer workstations without hindering productivity, addressing vulnerabilities exemplified by the Shai-Hulud and Axios attacks. → aikido.dev |
| 2026-04-21 2026 | Aikido Security Launches Endpoint Protection for Developer Devices as Software Supply Chain Attacks Hit Unprecedented Scale news 3 min read | Library Aikido Endpoint protects developer devices against software supply chain attacks by inspecting and blocking risky packages, IDE extensions, browser plugins, and AI tools before installation. It covers npm, PyPI, Maven, NuGet, VS Code extensions, and more, building on the Safe Chain CLI firewall's protection against threats like Shai-Hulud and the Axios compromise. Endpoint enforces protective defaults, such as blocking packages published less than 48 hours ago, and offers governance controls and approval workflows for enterprise deployment. |
| 2026-04-21 2026 | CISA Warns Axios npm Package Was Compromised in Major Supply Chain Attack news 2 min read | Warning from CISA detailing a major supply chain attack on the Axios npm package, versions 1.14.1 and 0.30.4, which contained a malicious dependency, plain-crypto-js v4.2.1. This injected malware, a remote access trojan (RAT), allowing attackers to steal sensitive data and gain persistent access to compromised systems. Recommendations include downgrading Axios, removing the malicious `node_modules/plain-crypto-js/` directory, revoking and rotating exposed credentials, and implementing security controls like `ignore-scripts=true` and `min-release-age=7` in `.npmrc`. → cyberpress.org |
| 2026-04-21 2026 | CISA Warns Compromised Axios npm Package Fueled Major Supply Chain Attack news 2 min read | Alert from CISA details a significant supply chain attack involving the compromised Axios npm package, versions 1.14.1 and 0.30.4, which installed a malicious dependency, plain-crypto-js v4.2.1. This backdoor payload deployed a Remote Access Trojan (RAT) capable of stealing source code, environment variables, and pivoting into CI/CD pipelines. Recommended mitigations include downgrading Axios to safe versions (1.14.0 or 0.30.3), removing the malicious dependency, rotating credentials, monitoring for connections to Sfrclak[.]com, and implementing npm configuration changes like `ignore-scripts=true` and `min-release-age=7`. → gbhackers.com |
| 2026-04-21 2026 | The Vercel Breach: OAuth Supply Chain Attack Exposes the Hidden Risk in Platform Environment Variables news 27 min read | Analysis of the Vercel breach, an OAuth supply chain attack beginning around February 2026, details how a compromised third-party application and platform environment variables bypassed traditional defenses. The incident, initiated by Lumma Stealer malware infecting a Context.ai employee, exploited Vercel's environment variable model where non-sensitive credentials were exposed to attackers with internal access. This breach highlights risks inherent in OAuth trust relationships, amplified by AI-accelerated tradecraft and significant detection-to-disclosure latency, urging architectural changes like treating OAuth apps as third-party vendors and eliminating long-lived platform secrets. → trendmicro.com |
| 2026-04-21 2026 | The Vercel Breach: OAuth Supply Chain Attack Exposes the Hidden Risk in Platform Environment Variables news 27 min read | Analysis of the Vercel breach details an OAuth supply chain attack where a compromised third-party application granted long-lived, password-independent access, bypassing traditional defenses. This incident highlights the risk of platform environment variables being readable with internal access, especially when not explicitly marked as sensitive. The attack chain, initiated by Lumma Stealer malware affecting Context.ai, demonstrates AI-accelerated tradecraft and raises concerns about detection-to-disclosure latency in platform breaches, fitting a broader pattern of attacks targeting developer-stored credentials across various platforms. → trendmicro.com |
| 2026-04-21 2026 | The Vercel Breach: OAuth Supply Chain Attack Exposes the Hidden Risk in Platform Environment Variables news 27 min read | Analysis of the Vercel Breach details an OAuth supply chain attack where a compromised third-party application granted unauthorized access to Vercel's internal systems. This exploit, enabled by Lumma Stealer malware infecting a Context.ai employee, allowed attackers to exfiltrate environment variables for a subset of customer projects, bypassing perimeter defenses. The incident highlights risks associated with platform environment variable models, detection-to-disclosure latency, and the broader trend of credential compromises across developer tools, emphasizing the need for architectural changes like treating OAuth apps as vendors and assuming provider-side compromise. → trendmicro.com |
| 2026-04-21 2026 | Astrix Security Highlights Rising Risk in OAuth-Driven Supply Chain Attacks news | Astrix Security Highlights Rising Risk in OAuth-Driven Supply Chain Attacks https://ift.tt/pdx7G9Z → tipranks.com |
| 2026-04-20 2026 | The Vercel Breach: OAuth Supply Chain Attack Exposes the Hidden Risk in Platform Environment Variables news 27 min read | Analysis of the Vercel breach details an OAuth supply chain attack where a compromised third-party application granted attackers long-lived access to Vercel's internal systems. This allowed them to read environment variables, amplified by Vercel's model where non-sensitive credentials were exposed without additional controls for compromised teams. The incident highlights risks in platform environment variables, detection-to-disclosure latency, and a convergence pattern of targeting developer-stored credentials across various platforms. → trendmicro.com |
| 2026-04-20 2026 | Vercel incident falls short of a supply chain attack news 3 min read | Analysis of the Vercel incident highlights how a third-party AI tool compromise, Context.ai, led to a Google Workspace account takeover, granting access to internal Vercel systems. While not a full supply chain attack like SolarWinds, experts like Guillaume Valadone (GitGuardian) and Morey Haber (BeyondTrust) emphasize its supply chain characteristics, cautioning that such incidents can escalate if attackers access publishing pipelines. Recommendations include aggressive credential rotation, redeployment of builds, and hunting for persistence artifacts, as compromised platforms like Vercel pose risks to downstream applications and services. → scworld.com |
| 2026-04-20 2026 | Supply Chain Attack Hits Vercel: User Data is Being Sold on BreachForums For $2M news 5 min read | Analysis of the Vercel and Context AI supply chain attack, detailing how compromised OAuth tokens and a malicious Chrome extension led to Vercel's internal database being offered for sale on BreachForums. The incident highlights risks associated with AI systems and third-party integrations, emphasizing the need for immediate key rotation, 2FA enablement, and auditing of third-party app access, particularly for Google Workspace and Vercel-maintained packages like Next.js. → ox.security |
| 2026-04-20 2026 | Why the Axios attack proves AI is mandatory for supply chain security news 4 min read | Library for AI-powered security operations, necessitated by attacks like the recent Axios supply chain compromise by North Korean threat actors. This resource highlights how AI-driven monitoring can detect malicious code changes in real-time, a crucial capability against adversaries leveraging AI for automated reconnaissance and evasive malware. It argues that AI is essential for matching the speed and complexity of modern threats, transforming Security Operations Centers (SOCs) into agentic workflows that amplify human analysts and significantly reduce mean time to detect and respond. → cyberscoop.com |
| 2026-04-20 2026 | Aikido Security Launches Endpoint Protection for Developer Devices as Software Supply Chain Attacks Hit Unprecedented Scale news 2 min read | Library for protecting developer devices from software supply chain attacks. Aikido Endpoint inspects and blocks risky packages, IDE extensions, browser plugins, and AI tools before installation, addressing threats like those seen in the TeamPCP and Axios compromises. It monitors all installs across a machine, enforces protective defaults like blocking packages published less than 48 hours ago, and covers npm, PyPI, Maven, NuGet, VS Code extensions, and AI agent marketplaces. |
| 2026-04-20 2026 | Aikido Endpoint offers developers additional protection against supply chain attacks news 2 min read | Library for blocking supply chain attacks, Aikido Endpoint protects developer endpoints by monitoring and blocking high-risk packages, IDE extensions, browser plugins, and AI tools before installation. Built on the open-source Safe Chain CLI firewall, it prevents threats like those seen in Shai-Hulud, TeamPCP, and the Axios attack by employing default settings such as blocking packages published less than 48 hours ago. This targets vulnerabilities on developer machines, which contain sensitive information like cloud credentials and SSH keys, often missed by repository-focused security tools. → techzine.eu |
| 2026-04-20 2026 | Aikido Security Launches Endpoint Protection for Developer Devices as Software Supply Chain Attacks Hit Unprecedented Scale news 2 min read | Library for protecting developer devices against software supply chain attacks, inspecting and blocking risky packages, IDE extensions, browser plugins, and AI tools before installation. It monitors and blocks all installs across the machine, enforcing protective defaults like a 48-hour minimum install age to mitigate threats from compromised accounts and malicious packages, referencing attacks like those from TeamPCP and the Axios compromise. Coverage extends to npm, PyPI, Maven, NuGet, VS Code extensions, browser extensions, and AI agent skills marketplaces. |
| 2026-04-20 2026 | New security agent helps fight software supply chain attacks news | New security agent helps fight software supply chain attacks https://ift.tt/tRoy3LB |
| 2026-04-20 2026 | Aikido launches Endpoint to secure AI-native developer workflows news 6 min read | Library that secures AI-native developer workflows by blocking malicious packages, IDE extensions, and AI tools in real-time before they impact developer machines. Aikido Endpoint inspects installations against Aikido Intel, a threat intelligence feed, and automatically halts packages published within the last 48 hours. It offers ecosystem-wide malware protection, granular access controls with approval workflows, and visibility into AI tool usage and costs, building upon the open-source Aikido Safe Chain. |
| 2026-04-19 2026 | Shai-Hulud: A Persistent Secret Leaking Campaign — GitGuardian news 3 min read | Analysis of the Shai-Hulud campaign details a persistent supply chain attack targeting NPM packages like @ctrl/tinycolor, using malicious GitHub Actions to exfiltrate secrets from local environments and repositories. Similar to the s1ngularity and GhostActions campaigns, this attack injects compromised workflows to steal credentials, including GitHub tokens, NPM tokens, and AWS Keys. GitGuardian's HasMySecretLeaked service allows developers to check for compromised secrets without exposing their values. → blog.gitguardian.com |
| 2026-04-19 2026 | Defending Against npm Supply Chain Attacks — Splunk intermediate 17 min read | Library for detecting and analyzing npm supply chain attacks. It offers tools like `npm-threat-emulation` for safe adversary simulation and `Package-Inferno` for deep package analysis. The library addresses the challenges of understanding npm's attack surface, the detection gap in traditional security tools, and the need for realistic testing against evolving threats, including self-propagating worms and sophisticated phishing campaigns targeting cryptocurrency wallets and CI/CD environments. |
| 2026-04-19 2026 | Multiple Supply Chain Attacks against npm Packages — Red Hat news 2 min read | Analysis of multiple npm supply chain attacks, including "s1ngularity" targeting Nx, a broad "popular packages" campaign hitting developers of frequently downloaded packages like `debug` and `chalk`, and the "shai-hulud" worm and its subsequent waves. These campaigns impacted hundreds of Node.js components, though Red Hat products remained unaffected due to version pinning practices. |
| 2026-04-19 2026 | Shai-Hulud Malware: Second-Wave npm Supply Chain Attack news 4 min read | Analysis of the Shai-Hulud malware campaign details a second wave of supply-chain attacks targeting npm packages, exploiting preinstall scripts like setup_bun.js to exfiltrate developer secrets including GitHub, AWS, GCP, and Azure credentials. This malware self-propagates using stolen npm tokens and can delete home directories if exfiltration fails. Recommendations include reviewing GitHub for malicious repositories, identifying and removing affected npm packages, and rotating compromised secrets such as AWS access keys and GitHub personal access tokens. → arcticwolf.com |
| 2026-04-19 2026 | CISA: Widespread Supply Chain Compromise Impacting npm Ecosystem news 2 min read | Alert regarding a widespread supply chain compromise impacting the npm ecosystem. A self-replicating worm, "Shai-Hulud," has compromised over 500 packages, exfiltrating sensitive credentials like GitHub PATs and API keys for AWS, GCP, and Azure. CISA urges dependency reviews, checking lock files, pinning versions, rotating credentials, mandating MFA, and hardening GitHub security to detect and remediate this threat. |
| 2026-04-18 2026 | Supply Chain Cyber Attacks Surge as EU Breach Exposes Weaknesses news 4 min read | Analysis of a supply chain cyberattack targeting the Trivy security scanner, which led to a significant European Commission cloud breach. Attackers exploited misconfigured GitHub Actions workflows to compromise Trivy, subsequently harvesting data from CI/CD environments and exfiltrating sensitive information after gaining AWS credentials. This incident highlights the widespread impact of compromised dependencies, affecting thousands of repositories and multiple EU entities, and underscores the increasing reliance on and vulnerability of open-source tools within modern software supply chains. |
| 2026-04-18 2026 | Trivy Supply-Chain Attack: Trusted Scanner Compromised Rotate CI/CD Secrets Now news 7 min read | Library for securing CI/CD pipelines against supply-chain attacks, particularly concerning the Trivy scanner compromise (CVE-2026-33634, GHSA-69fq-xp46-6×23). The library details techniques for mitigating risks associated with compromised scanning tools, including mandatory secret rotation, auditing pipeline runs, pinning GitHub Actions tags to immutable SHAs, enforcing least-privilege for runners, and increasing monitoring. It highlights how attackers exploit tag mutability and privileged scanner access to steal credentials and access cloud environments. |
| 2026-04-17 2026 | Q1 2026 Open Source Malware Index: Adaptive Attacks Exploit Trust news 5 min read | Index of Q1 2026 open source malware details 21,764 malicious packages, with npm accounting for 75% and trojans dominating credential theft and host reconnaissance. Defining the quarter was trust abuse, as seen in the SANDWORM_MODE campaign's adaptive behavior, the LiteLLM compromise via trusted tooling, and the axios compromise exploiting transitive dependencies, highlighting attackers' success by hiding behind legitimate workflows and package names. → sonatype.com |
| 2026-04-17 2026 | Critical Supply Chain Attack on EssentialPlugin WordPress Suite Exposes Over 400000 Websites to Malware news 6 min read | Writeup of a critical supply chain attack on the EssentialPlugin WordPress suite, impacting over 400,000 websites. The attack involved a dormant backdoor, introduced after the plugin's acquisition, which activated to enable arbitrary file writes and malware injection. The technique utilized unauthenticated REST API endpoints and PHP object injection to create a backdoor file (wp-comments-posts.php) and modify wp-config.php, leading to spam pages and redirects. Mitigation involves immediate removal of affected plugins and manual inspection for malicious files. → rescana.com |
| 2026-04-17 2026 | Closing the Chain: How to reduce SolarWinds/Log4j/XZ risk (arXiv) intermediate 1 min read | Analysis of SolarWinds, Log4j, and XZ Utils attacks systematically maps attacker techniques to 73 mitigation tasks across 10 software supply chain frameworks. Prioritized mitigation tasks include role-based access control, system monitoring, and boundary protection. The analysis also identified critical missing tasks, such as sustainable open-source software support and environmental scanning tools, highlighting continued vulnerabilities in existing frameworks. → arxiv.org |
| 2026-04-17 2026 | SolarWinds Supply Chain Attack (Fortinet) news | SolarWinds Supply Chain Attack (Fortinet) |
| 2026-04-17 2026 | ossf/malicious-packages: Reports of malicious open source packages news 5 min read | Database of malicious open source packages, consumable via the OSV format, documenting attacks like typosquatting, dependency confusion, and account takeovers. This resource aims to protect the community by providing a comprehensive collection of identified malicious packages from various ecosystems, including npm and PyPI, serving as a data source for improved detection and analysis of emerging open source malware. |
| 2026-04-17 2026 | 5 Examples of Dependency Confusion Attacks (Spectral) intermediate 6 min read | Examples of dependency confusion attacks are detailed, showcasing how attackers exploit trust in public package repositories to inject malicious code into software supply chains. The article illustrates this through scenarios like mimicking internal library names, typosquatting, and exploiting versioning ambiguities, referencing specific instances with npm and PyPI. It highlights the risks, including remote code execution and data theft, and proposes countermeasures such as prioritizing internal repositories, specifying exact versions, and employing monitoring tools to detect suspicious package releases. |
| 2026-04-17 2026 | What Is a Dependency Confusion Attack? (Aqua Security) beginner 7 min read | Library detailing dependency confusion attacks, a software supply chain technique where malicious code replaces legitimate application dependencies. The article explains how attackers exploit dependency configurations by planting malicious versions in repositories, using typosquatting, or even leveraging "hallucinated" dependencies from AI-generated code. It references real-world incidents involving PyTorch, npm, and ethical hacking demonstrations against companies like Apple. |
| 2026-04-17 2026 | Defender's Perspective: Dep Confusion and Typosquatting (SLSA) intermediate 8 min read | Reference on dependency confusion and typosquatting attacks, detailing how these exploit package manager vulnerabilities for arbitrary code execution. It highlights the attacker's methods, including package name reconnaissance and malicious payload injection. The entry also discusses mitigations such as namespacing and pinning, and emphasizes how SLSA build provenance can create secure bindings between package names, versions, source repositories, and build systems to defend against these supply chain risks. |
| 2026-04-17 2026 | SBOMs in 2026: Some Love, Some Hate, Much Ambivalence news | SBOMs in 2026: Some Love, Some Hate, Much Ambivalence → darkreading.com |
| 2026-04-17 2026 | Software Bill of Materials (SBOM) (CISA) beginner 2 min read | Guide from CISA detailing Software Bill of Materials (SBOM) as a critical component for software security and supply chain risk management. It outlines SBOM's role as a nested inventory of software ingredients, discusses advancements since 2018 through multistakeholder efforts, and promotes adoption through community work and operationalization. The guide also touches upon Vulnerability Exploitability eXchange (VEX) documents as attestations for vulnerability impact. |
| 2026-04-17 2026 | About SLSA (spec v1.2) beginner 5 min read | Framework for Supply-chain Levels for Software Artifacts (SLSA) v1.2 offers incrementally adoptable guidelines for supply chain security, aiding both software producers and consumers. It establishes a common vocabulary, provides methods to secure incoming supply chains by evaluating artifact trustworthiness, and includes checklists for improving software security, aligning with the Secure Software Development Framework (SSDF). SLSA addresses risks exposed by attacks like SolarWinds and Codecov, protecting against code modification and ensuring artifacts originate from expected build platforms, thereby increasing confidence in the integrity of software from source to binary. |
| 2026-04-17 2026 | What is a Software Bill of Materials (SBOM)? (Snyk) beginner 6 min read | Library for generating and managing Software Bills of Materials (SBOMs), providing formal records of software components and their supply chain relationships. SBOMs enhance transparency, aid in vulnerability management, and support regulatory compliance, especially for software sold to the federal government as mandated by Executive Order 14028. Standards like SPDX, SWID, and OWASP CycloneDX are supported, enabling detailed analysis of dependencies, licenses, and potential exploits, complementing efforts like SLSA for supply chain integrity. → snyk.io |
| 2026-04-17 2026 | SBOM Literature Review (arXiv) news 51 min read | Survey of Software Bill of Materials (SBOM) literature systematically reviews 40 studies on SBOMs for software supply chain security, identifying five key application areas: vulnerability management, transparency, component assessment, risk assessment, and integrity. Adoption barriers include generation tooling, data privacy, standardization issues with formats like SPDX and CycloneDX, and challenges with analysis and maintenance. The review maps these barriers to the ISO/IEC 25019:2023 Quality-in-Use model, highlighting deficiencies in trustworthiness and usability, and notes gaps in machine learning and software quality assurance applications. → arxiv.org |
| 2026-04-17 2026 | SBOM + SLSA: Accelerating SBOM success with SLSA intermediate 6 min read | Library that uses Supply-chain Levels for Software Artifacts (SLSA) principles to enhance Software Bill of Materials (SBOM) accuracy and trustworthiness. By integrating SLSA's tamper-evident provenance data, generated during the build process, with SBOMs, this approach addresses limitations in traditional SBOM generation. This results in more complete and verifiable SBOMs, helping users identify affected components, trust the software's origin, and respond effectively to supply chain attacks, drawing parallels with food safety standards and leveraging tools like Sigstore and in-toto. |
| 2026-04-17 2026 | SLSA - Comprehensive Approach to Supply Chain Security (SBOM Observer) beginner 2 min read | Framework SLSA offers a structured hierarchy of security practices for software supply chain fortification, building from fundamental component identification to hermetic sealing against tampering. When integrated with Software Bills of Materials (SBOMs), SLSA elevates transparency and mitigates risks by ensuring components are sourced, developed, and deployed securely, utilizing cryptographic signatures and trusted build environments like CI/CD. This comprehensive approach empowers organizations to dramatically reduce susceptibilities to cyberattacks and threats. |
| 2026-04-17 2026 | Understanding SBOM: Transparency & Security in Supply Chains (Cycode) beginner 28 min read | Library for generating and managing Software Bills of Materials (SBOMs), serving as a detailed inventory of all software components, libraries, and dependencies. This resource aids in enhancing application security, mitigating supply chain risks, ensuring license compliance, and meeting regulatory mandates like Executive Order 14028. It supports automation for DevSecOps pipelines and facilitates faster incident response by providing transparency into software composition. |
| 2026-04-17 2026 | What We Know About the NPM Supply Chain Attack (Trend Micro) news 9 min read | Library detailing the Shai-hulud worm's attack chain, which exploits compromised NPM maintainer accounts to inject malicious code into popular JavaScript packages. This worm self-propagates by hijacking web APIs, diverting cryptocurrency, stealing cloud service tokens, and deploying secret-scanning tools, impacting organizations across North America and Europe. → trendmicro.com |
| 2026-04-17 2026 | New Supply Chain Malware Operation Hits npm and PyPI news 6 min read | Library of malware operations targeting npm and PyPI packages, including GlueStack for remote command execution and screenshotting, express-api-sync and system-health-sync-api for file deletion, and imad213 on PyPI for harvesting Instagram credentials. These attacks leverage compromised accounts and malicious code injection to steal information, sabotage systems, and exfiltrate data via covert channels like SMTP. → thehackernews.com |
| 2026-04-17 2026 | npm Supply Chain Attack: Debug, Chalk + 16 Packages Compromise (Upwind) news 3 min read | Library compromised in an npm supply chain attack involving malicious versions of `debug`, `chalk`, and 16 other packages. The attacker used a phishing campaign, obtaining account credentials and a TOTP code via a fake 2FA reset email from `npmjs.help`. The malware, a browser-only script, targeted cryptocurrency wallets by intercepting `window.ethereum` calls and manipulating network responses using a Levenshtein algorithm, affecting Ethereum, Bitcoin, Litecoin, Tron, BCH, and Solana. |
| 2026-04-17 2026 | Malicious PyPI, npm, Ruby Packages Exposed (The Hacker News) news 5 min read | Library updates on npm, PyPI, and Ruby pose significant supply chain risks, with malicious packages identified for draining cryptocurrency, erasing codebases, and exfiltrating Telegram API tokens. These threats include typosquatting attacks like "xlsx-to-json-lh" on npm and impersonating "colorama" on PyPI, alongside novel techniques such as "monkey patching" Solana key generation and injecting infostealers into PyTorch models. Vendors like Checkmarx, ReversingLabs, Safety, and Socket reported these findings, highlighting the exploitation of geopolitical events and the growing threat of AI-themed package abuse. → thehackernews.com |
| 2026-04-17 2026 | A Closer Look at Software Supply Chain Attacks 2025 (Xygeni) beginner 6 min read | Tool for detecting software supply chain attacks; Xygeni's Malware Early Warning (MEW) identified malicious PyPI package `graphalgo` and npm package `express-cookie-parser`, both employing typosquatting, obfuscation via ZLib compression and Base64 encoding, a shared seed file URL, dynamic C2 resolution with a DGA, and persistence through startup scripts in Chrome user data directories. |
| 2026-04-17 2026 | The PyPI Supply Chain Attacks of 2025: What Python Engineers Should Learn beginner Python | The PyPI Supply Chain Attacks of 2025: What Python Engineers Should Learn |
| 2026-04-17 2026 | Securing software supply chain without slowing development beginner | Securing software supply chain without slowing development https://ift.tt/5YdRFCM → msn.com |
| 2026-04-17 2026 | Cyber threats for PV: What are supply chain attacks and how do they work beginner 4 min read | Analysis of supply chain attacks targeting PV systems, which exploit trusted third-party vendors and components like inverter firmware and monitoring software. These attacks introduce malicious code through compromised updates or hardware, enabling unauthorized access, data exfiltration, and system manipulation. Defense strategies include strict vendor risk management, code signing, network segmentation, continuous monitoring, and asset management to mitigate the risks of compromised components and their widespread impact. |
| 2026-04-17 2026 | Second Open Source Plugin Hijack Raises Alarm Across WordPress Ecosystem - Open Source For You news 1 min read | Library of techniques for securing open-source plugins, prompted by a recent supply-chain attack on WordPress, where a hijacked plugin was used to inject malicious code. This incident highlights vulnerabilities in ownership transfer processes and the need for rigorous code audits post-acquisition. Thousands of sites were exposed due to this attack, emphasizing the critical importance of robust security measures in open-source development and distribution. → opensourceforu.com |
| 2026-04-17 2026 | Securing software supply chain without slowing development beginner 4 min read | Library for securing software supply chains, focusing on automation, visibility, and policy enforcement. It addresses risks from third-party code and open-source libraries, citing examples like the SolarWinds and British Airways attacks. Best practices include end-to-end dependency insight, custom policy definition, automated updates, continuous monitoring, and developer education. The library aims to enable secure innovation without slowing development, aligning with mandates like the EU's Digital Operational Resilience Act. |
| 2026-04-17 2026 | Securing the Software Supply Chain: How SentinelOne's AI EDR Autonomously Blocked the CPU-Z Watering Hole Cyber Attack beginner 7 min read | Library detailing SentinelOne's AI EDR autonomous blocking of the CPU-Z watering hole attack. The attack involved trojanized download infrastructure and a reflective payload, CRYPTBASE.dll, employing XXTEA encryption and DEFLATE decompression, with STX RAT as the final payload delivering hidden VNC, credential theft, and a reverse proxy. The entry highlights behavioral detection's efficacy against supply chain compromises, anomalous API resolution, reflective code loading, suspicious memory allocation, process injection patterns, and heuristic shellcode signatures, noting attacker reuse of C2 infrastructure and STX RAT YARA rules from a previous FileZilla campaign. → sentinelone.com |
| 2026-04-17 2026 | Your Supply Chain Breach Is Someone Else's Payday news 6 min read | Analysis of the TeamPCP supply chain attack reveals how a single stolen credential can lead to cascading compromises across multiple software ecosystems. The group injected credential-harvesting malware into LiteLLM and poisoned Checkmarx GitHub Actions, demonstrating how identity is the primary attack surface. This breach highlights risks beyond ransomware, including payroll redirection, freight rerouting, and extortion, underscoring the need for continuous, AI-augmented integrity verification and third-party due diligence. |
| 2026-04-16 2026 | Learnings from Recent npm Supply Chain Compromises - Datadog intermediate 7 min read | Analysis of recent npm supply chain compromises, including the s1ngularity, Qix, and Shai-Hulud attacks, highlights critical vulnerabilities. Attackers exploited GitHub Actions pull_request_target triggers, phishing campaigns mimicking npm 2FA resets, and unrotated credentials to inject malicious code, steal secrets, and hijack cryptocurrency transactions. Specific malware like telemetry.js and crypto-stealing scripts were deployed across hundreds of compromised npm packages. The analysis emphasizes the need for hardened CI/CD workflows, immediate credential rotation, MFA, and fine-grained access tokens to mitigate these widespread risks. → securitylabs.datadoghq.com |
| 2026-04-16 2026 | Inside the Axios Supply Chain Compromise - Elastic Security Labs intermediate 7 min read | Analysis of the Axios supply chain compromise details how a maintainer account compromise led to malicious versions of the popular Axios npm package (versions 1.14.1 and 0.30.4) being published. These versions delivered cross-platform Remote Access Trojans (RATs) for macOS, Windows, and Linux via a backdoor in the `plain-crypto-js` dependency's `postinstall` hook. The RATs shared an identical C2 protocol, command set, and beacon cadence, employing an anachronistic IE8 user-agent for network communication. The dropper also performed anti-forensic cleanup by deleting itself and swapping its `package.json`. |
| 2026-04-16 2026 | Lockfile Poisoning: Introducing Malware in Supply Chain - SafeDep intermediate 3 min read | Tool for detecting Lockfile Poisoning attacks targeting the npm ecosystem. This technique exploits the cognitive load of reviewing auto-generated `package-lock.json` files to introduce malware by tampering with artifact URLs or adding malicious entries. The `vet` tool verifies package source URLs against trusted registries and checks for inconsistencies to prevent such supply chain compromises. |
| 2026-04-16 2026 | Shai-Hulud 2.0: Most Aggressive NPM Supply Chain Attack of 2025 - Check Point news 3 min read | Writeup of Shai-Hulud 2.0, an aggressive npm supply chain attack targeting developers. The campaign, active in November 2025, compromised hundreds of npm packages and thousands of GitHub repositories, exfiltrating multi-cloud and developer credentials like GitHub access tokens, AWS, GCP, and Azure credentials. Attackers utilized npm's preinstall lifecycle script and the Bun runtime for evasion, exfiltrating data to GitHub repositories. The attack demonstrated a significant escalation from dependency compromise to multi-cloud access and CI/CD infiltration. |
| 2026-04-16 2026 | Supply Chain Security: Sigstore and Cosign - GitGuardian beginner 9 min read | Library for signing and verifying container images using Sigstore's Cosign. This resource details Sigstore, a suite of tools designed to secure software supply chains by ensuring software integrity. It focuses on Cosign, a tool for signing artifacts within OCI registries, utilizing features like hardware and KMS signing, and integration with Kubernetes Secrets. The library allows users to generate key pairs, sign images by digest, and verify signatures against a provided public key, addressing the challenges of managing and integrating cryptographic signing into CI/CD workflows. → blog.gitguardian.com |
| 2026-04-16 2026 | GuardDog: CLI Tool to Identify Malicious PyPI and npm Packages beginner 4 min read | Tool for identifying malicious PyPI and npm packages, Go modules, RubyGems, GitHub actions, and VSCode extensions. GuardDog leverages Semgrep rules and metadata heuristics to scan package source code and metadata. It supports scanning local or remote packages and custom rule creation using Semgrep or Yara formats. Integration with GitHub Actions is facilitated through SARIF output for code scanning. |
| 2026-04-16 2026 | tj-actions Supply Chain Attack (CVE-2025-30066) - Sysdig news 3 min read | Writeup detailing the tj-actions/changed-files supply chain attack (CVE-2025-30066), where a malicious Node.js function was injected to steal GitHub Runner credentials via memory scanning and exfiltration. The writeup covers the attack mechanics, affected repositories, and detection strategies using Falco rules and Sysdig Secure runtime monitoring, emphasizing the need to rotate secrets in affected public and private repositories. |
| 2026-04-16 2026 | tj-actions/changed-files Compromised - Semgrep news 4 min read | Semgrep rule for detecting compromised GitHub Actions, specifically targeting `tj-actions/changed-files` and `reviewdog/action-setup@v1`. This action, `tj-actions/changed-files`, was previously compromised and may have leaked secrets. The rule helps identify usages of these actions within CI pipelines, enabling prompt remediation and security audits. Users can run this rule locally or within the Semgrep AppSec Platform in blocking mode to prevent further compromise. |
| 2026-04-16 2026 | Most Notable Supply Chain Attacks of 2025 - Kaspersky news 10 min read | Survey of notable supply chain attacks in 2025, detailing incidents including a RAT in DogWifTools, the US$1.5 billion Bybit heist via Safe{Wallet}, a GitHub Actions compromise targeting Coinbase, backdoors in 21 Magento extensions, ransomware distributed through an MSP exploiting SimpleHelp, injected malicious code in Gluestack npm packages, phishing attacks on npm package maintainers, and the s1ngularity attack on the Nx build system. |
| 2026-04-16 2026 | GitHub Actions Supply Chain Attacks: tj-actions and reviewdog - Hunters news 5 min read | Analysis of CVE-2025-30066 and CVE-2025-30154 details a CI/CD supply-chain attack targeting GitHub Actions, specifically impacting tj-actions/changed-files and reviewdog/action-setup. Threat actors injected malicious code to exfiltrate secrets by logging them, leveraging unauthorized modifications to repository tags to redirect users to compromised commits. This attack, potentially originating against Coinbase, evolved into a broader campaign, highlighting risks in CI/CD security and necessitating actions like ceasing usage of affected actions and rotating secrets. |
| 2026-04-16 2026 | Supply Chain Cyber Attacks Surge as EU Breach Exposes Weaknesses news 4 min read | Analysis of supply chain cyber attacks highlights increasing threats via compromised open-source tools like Trivy. Attacks leverage misconfigured GitHub Actions and exploit trust in legitimate update channels to infiltrate cloud systems, harvest credentials, and exfiltrate data. The European Commission breach, affecting multiple EU websites and Union entities, exemplifies how vulnerabilities in components like Trivy can cascade, impacting tens of thousands of repositories and exposing sensitive customer information. |
| 2026-04-16 2026 | Axios Supply Chain Attack Hits OpenAI: Users Urged to Update macOS Certificates news | Axios Supply Chain Attack Hits OpenAI: Users Urged to Update macOS Certificates https://ift.tt/3IP51Bc |
| 2026-04-16 2026 | Defending Supply Chains Software Pipelines Against Nation-State Compromise intermediate | Defending Supply Chains, Software Pipelines Against Nation-State Compromise https://ift.tt/erOhXZ7 |
| 2026-04-16 2026 | Supply chain dependencies: Have you checked your blind spot? beginner 9 min read | Survey of supply chain cyber risks, highlighting blind spots such as indirect vendor vulnerabilities, compromised software components, and reliance on single vendors. The analysis cites incidents like the 2023 3CX compromise, the 2024 CDK and Change Healthcare ransomware attacks, the 2025 Jaguar Land Rover ransomware attack, and the July 2024 faulty CrowdStrike update to illustrate how disruptions can cascade, impacting businesses, economies, and national security. |
| 2026-04-16 2026 | Over 25K systems exposed by adware app to supply chain compromise news | Library for identifying supply chain risks, exemplified by the Dragon Boss Solutions adware compromise. This adware exposed over 25,000 systems through an unsecured update channel, allowing attackers to push malicious payloads with SYSTEM privileges. The vulnerability was exploitable for approximately $10, and impacted numerous entities including educational institutions, operational technology networks, government organizations, and healthcare institutions globally, with a significant concentration in the U.S. → scworld.com |
| 2026-04-16 2026 | Why Software Supply Chain Security Requires a New Playbook beginner 4 min read | Library providing techniques for securing software supply chains, addressing risks from malicious dependencies like typosquatting packages, compromised trusted components, and insecure CI/CD pipelines. It advocates for an integrity-driven development approach, shifting from reactive defense to proactive prevention by controlling entry into development environments, verifying code integrity, minimizing access, and real-time monitoring, effectively treating software delivery as a security process. → sonatype.com |
| 2026-04-16 2026 | OpenAI Revokes macOS Signing Certificate After Axios Supply-Chain Attack news | OpenAI Revokes macOS Signing Certificate After Axios Supply-Chain Attack https://ift.tt/E3RXm9G → letsdatascience.com |
| 2026-04-15 2026 | Supply-chain attacks against open source projects could have incredible impact beginner 3 min read | Analysis of supply-chain attacks targeting open-source security scanners like Trivy, LiteLLM, and Telnyx, where attackers inject credential-stealing malware through GitHub Actions and container images. This compromises development pipelines, impacting thousands of organizations and potentially millions of users. Recommended mitigation includes waiting a week before adopting new open-source packages and implementing review processes to scan for backdoors. |
| 2026-04-15 2026 | GitHub Actions Supply Chain Attack: Trivy Breach & Workflow news 9 min read | Library detailing the GitHub Actions supply chain attack targeting the Trivy security scanner, where attackers leveraged misconfigured workflows and compromised credentials. This campaign, initially led by Hackerbot-claw and later by the TeamPCP group, resulted in code execution, token exfiltration, malicious artifact injection into Trivy's VSCode extension, and force-pushing of version tags. The attacks later expanded to compromise NPM packages and the Checkmarx AST GitHub Action, highlighting the pervasive risks of insecure CI/CD pipelines. → securityboulevard.com |
| 2026-04-15 2026 | The Future Of GitHub Actions Security And What You Can Do Right Now intermediate 7 min read | Library for securing GitHub Actions, focusing on proactive measures and current realities. It addresses GitHub's evolving roadmap toward deterministic workflow dependencies, centralized execution policy, and tighter secret scoping. The library helps organizations manage the immediate risks of scattered secrets and compromised automation layers, providing visibility, detection, and remediation for existing environments before platform-level controls are fully implemented. → blog.gitguardian.com |
| 2026-04-15 2026 | Someone bought 30 WordPress plugins and planted backdoors in all of them news 5 min read | Library detailing the compromise of 30+ WordPress plugins (Essential Plugin portfolio) and Smart Slider 3 Pro via supply chain attacks. The Essential Plugin attack involved purchasing plugins on Flippa, injecting a PHP deserialization backdoor, and activating it to serve SEO spam exclusively to Googlebot. Smart Slider 3 Pro was compromised through its update infrastructure. Both incidents highlight WordPress's lack of mechanisms for reviewing plugin ownership transfers and requiring code signing for updates. |
| 2026-04-15 2026 | 25000 Endpoints Exposed by Dragon Boss Solutions Update Domain Supply Chain Attack news 3 min read | Analysis of a Dragon Boss Solutions LLC domain supply chain attack exposing 25,000 endpoints, detailing how signed software used Advanced Installer and MSI/PowerShell payloads, including the `ClockRemoval.ps1` script to disable antivirus and prevent reinstallation by modifying hosts files and Windows Defender exclusions. The attack's scale was revealed when the unregistered update domain, `chromsterabrowser[.]com`, allowed attackers to control infected systems, impacting universities, critical infrastructure, and Fortune 500 companies. → cybersecuritynews.com |
| 2026-04-15 2026 | NetRise Highlights Software Supply Chain Risk and Showcases Provenance at VulnCon news | NetRise Highlights Software Supply Chain Risk and Showcases Provenance at VulnCon https://ift.tt/oecaP7C → tipranks.com |
| 2026-04-15 2026 | OpenAI Rotates macOS Certificates After Axios Supply Chain Attack news 2 min read | Analysis of OpenAI's response to a supply chain attack targeting the Axios npm package, attributed to a North Korea-linked actor. This incident led to OpenAI rotating its macOS code signing certificates to mitigate risks after a GitHub Actions workflow was compromised. Users of ChatGPT Desktop, Codex, and Atlas applications must update by May 8, 2026, as older versions will cease functioning due to certificate revocation. The attack highlights the vulnerability of dependency management, specifically referencing misconfigurations in pinning package versions. |
| 2026-04-14 2026 | WordPress Supply Chain Attack Hits Thousands of Sites news 3 min read | Library of WordPress plugins compromised in a supply chain attack, impacting thousands of sites. Attackers leveraged ownership changes of popular extensions to inject backdoors, creating vulnerabilities for data theft and full site control. The incident highlights systemic risks in the open-source ecosystem, emphasizing the need for better plugin governance and transparency in acquisition practices, similar to the SolarWinds breach's impact on enterprise networks. |
| 2026-04-14 2026 | CPUID Supply Chain Attack: STX RAT Malware Distributed via Trojanized CPU-Z and HWMonitor Downloads news 6 min read | Writeup of the CPUID supply chain attack, detailing how attackers compromised the official website for HWMonitor and CPU-Z, distributing trojanized installers via Cloudflare R2. This attack leveraged DLL sideloading with a malicious cryptbase.dll to execute a five-stage in-memory attack chain, ultimately deploying STX RAT, a remote access trojan capable of stealing credentials, session cookies, and crypto wallet keys. The incident highlights the risks of compromised download channels, affecting global users across various sectors. → rescana.com |
| 2026-04-14 2026 | You Don't Have to Be Hacked to Be Compromised beginner 5 min read | Analysis of the widespread impact of the Axios JavaScript library compromise by North Korean threat actor UNC1069, highlighting how compromised developer accounts and backdoored packages like WAVESHAPER.V2 demonstrate significant software supply chain risk. This incident underscores the business imperative for robust third-party risk management, including Software Composition Analysis, dependency integrity validation, and comprehensive incident response planning for supply chain scenarios. |
| 2026-04-14 2026 | Trojan Malware Dominates as Supply Chain Attacks Escalate news 4 min read | Library for detecting trojan malware and supply chain attacks, detailing incidents like SANDWORM_MODE's data harvesting and spreading, the Trivy/LiteLLM campaign abusing trusted tools, and the axios compromise exploiting transitive dependencies. It highlights the escalating trend of attackers injecting malicious code through seemingly legitimate open-source packages and trusted release channels, emphasizing the need for vigilance beyond package names to protect developer and CI environments from credential theft and further compromise. |
| 2026-04-14 2026 | OpenAI Impacted by North Korea-Linked Axios Supply Chain Hack Rotates Security Certificates news 1 min read | Library compromise impacting OpenAI, where North Korea-linked actors poisoned the Axios JavaScript library on NPM. Malicious versions deployed a RAT, affecting OpenAI's macOS application signing workflow and exposing code-signing certificates. OpenAI rotated certificates and stated no user data or intellectual property was compromised, though older macOS applications will lose support. → cxodigitalpulse.com |
| 2026-04-13 2026 | OpenAIs Mac apps needs an update thanks to the Axios hack news 2 min read | Library update requiring macOS users to install the latest versions due to a supply-chain attack on the Axios JavaScript library. A North Korean hacking group (UNC1069) injected malware into Axios after compromising its lead maintainer's accounts, impacting downstream software through millions of weekly downloads. OpenAI treated its signing certificate as compromised due to a misconfiguration in its GitHub workflow, even though no evidence suggests user data access or code alteration. → cyberscoop.com |
| 2026-04-13 2026 | OpenAIs macOS app-signing process hit by axios supply chain attack news 2 min read | Analysis of the axios supply chain attack impacting OpenAI's macOS app-signing process, where malicious versions [email protected] and [email protected] were published to npm, leading to a remote access trojan installation. OpenAI's GitHub Actions workflow for signing apps like ChatGPT Desktop, Codex, and Atlas automatically downloaded the compromised axios 1.14.1, prompting certificate revocation and rotation. The incident highlights risks from misconfigured workflows and a widespread dependency like axios, affecting numerous cloud and code environments. → scworld.com |
| 2026-04-13 2026 | OpenAI rotates macOS certs after Axios attack hit code-signing workflow news 3 min read | Library for securing applications against supply chain attacks, exemplified by OpenAI's response to a malicious Axios package compromising its GitHub Actions workflow. This incident, linked to UNC1069, led to the rotation of macOS code-signing certificates used for ChatGPT Desktop, Codex, and Atlas to prevent potential misuse of the signing key for distributing malware. OpenAI's investigation found no evidence of compromised certificates or user data, but users must update macOS applications to versions signed with new certificates before May 8, 2026, to avoid functionality loss. → bleepingcomputer.com |
| 2026-04-13 2026 | Distributed Risk: Open-Source Software as Strategic Infrastructure beginner 14 min read | Analysis of distributed risk highlights how open-source software is strategic infrastructure, vulnerable to upstream compromise attacks like the XZ Utils incident and the Axios package compromise. This "capture, poison, exploit" (CPE) framework details how malicious actors can manipulate project governance, poison distribution channels like npm and PyPI, or exploit known weaknesses such as Log4Shell in unpatched systems, leading to widespread downstream exposure and geopolitical leverage. |
| 2026-04-13 2026 | Axios Breach Fallout: OpenAI's MacOS App Updates Explained news 3 min read | Library updates address a supply chain attack that compromised the Axios JavaScript library, leading to a potential remote access trojan threat and exploited GitHub Actions workflows targeting OpenAI's macOS applications. OpenAI has rotated its macOS code signing certificate, released new versions of ChatGPT Desktop, Codex App, Codex CLI, and Atlas, and is revoking support for older, vulnerable versions to prevent credential misuse and the distribution of counterfeit software signed with compromised certificates. |
| 2026-04-13 2026 | OpenAI Impacted by North Korea-Linked Axios Supply Chain Hack news 2 min read | Writeup detailing the Axios supply chain attack, where malicious NPM packages of the popular JavaScript HTTP client were distributed by North Korea-linked hackers. OpenAI was impacted, with a GitHub Actions workflow for macOS app-signing inadvertently downloading and executing a compromised Axios version. While OpenAI believes its macOS signing certificate was not compromised, they are revoking and rotating it as a precaution against potential code signing abuses. Evidence suggests widespread impact, with malicious versions seen in multiple environments. → securityweek.com |
| 2026-04-13 2026 | OpenAI Flags Supply Chain Attack Risk Urges macOS Users news 1 min read | Library compromise highlights software supply chain risks, as North Korean threat actors are believed to have tampered with the Axios developer tool. This impacted OpenAI's GitHub Actions workflow, which accessed code-signing materials for macOS applications. OpenAI urges users to update ChatGPT Desktop and related tools to the latest versions by May 8 to mitigate potential threats, though investigations found no evidence of user data access or system breaches. |
| 2026-04-13 2026 | OpenAI Revokes macOS App Certificate After Malicious Axios Supply Chain Incident news 7 min read | Writeup detailing the OpenAI macOS app certificate revocation following a supply chain incident involving the malicious Axios library, which was poisoned by UNC104 and delivered a WAVESHAPER.V2 backdoor. The incident, alongside another targeting Trivy and leading to the deployment of the SANDCLOCK credential stealer and CanisterWorm, highlights widespread risks to open-source ecosystems and cloud environments, with vendors like CrowdStrike, Microsoft, and Trend Micro analyzing related campaigns such as CVE-2026-33634. → thehackernews.com |
| 2026-04-13 2026 | Axios npm Supply Chain Attack Triggers Security Fixes news 3 min read | Analysis of the Axios npm supply chain attack, linked to North Korea's Lazarus Group (UNC1069), details OpenAI's exposure through a GitHub Actions workflow misconfiguration. The incident involved a malicious version of Axios (v1.14.1) used in OpenAI's macOS app-signing process. OpenAI responded by rotating code-signing certificates, requiring users to update macOS applications, and coordinating with Apple to block notarization attempts with the old certificate. → thecyberexpress.com |
| 2026-04-12 2026 | OpenAI Rotates macOS App Certificates After Axios Supply-Chain Attack Says No User Data Was Breached news 3 min read | Library for detecting and mitigating supply-chain attacks, exemplified by the Axios vulnerability (version 1.14.1) impacting OpenAI's macOS applications. This resource addresses how compromised third-party developer tools can lead to certificate rotation and requires users to update applications like ChatGPT Desktop, Codex, and Atlas. The incident highlights risks to CI/CD pipelines and code-signing systems, a growing trend where attackers target developer infrastructure rather than end-users directly. |
| 2026-04-12 2026 | Hackers Exploit GitHub Copilot Flaw to Exfiltrate Sensitive Data news 2 min read | Writeup of CVE-2025-59145, the "CamoLeak" vulnerability impacting GitHub Copilot Chat, which allowed attackers to exfiltrate sensitive data like API keys and source code. The exploit weaponized hidden markdown comments within pull requests, manipulating Copilot into searching the codebase and encoding findings in base16. This encoded data was then embedded into pre-signed image addresses, bypassing Content Security Policy and network egress controls by routing outbound traffic through GitHub's trusted infrastructure. The attack chain highlights the risks of AI assistants with deep system access. → cybersecuritynews.com |
| 2026-04-12 2026 | OpenAI identifies security issue involving third-party tool says user data was not accessed news 1 min read | Writeup of a software supply chain attack affecting OpenAI, where a compromised third-party tool, Axios, was downloaded via a misconfigured GitHub Actions workflow. The attack attempted to exfiltrate a signing certificate for macOS applications like ChatGPT Desktop, Codex, and Atlas, but OpenAI's analysis indicates the certificate was likely not compromised. User data, API keys, and passwords remained unaffected. OpenAI is updating security certifications and requiring users to update macOS apps. |
| 2026-04-11 2026 | OpenAI Issues Urgent Warning: macOS Users Must Update ChatGPT & Codex Immediately news | OpenAI Issues Urgent Warning: macOS Users Must Update ChatGPT & Codex Immediately https://ift.tt/ekBf2XK |
| 2026-04-11 2026 | OpenAI Flags ChatGPT Desktop Security Issue After Attack news 4 min read | Library update highlights supply chain risks in Axios compromise, impacting OpenAI's ChatGPT Desktop and other tools by leveraging malicious code injection via GitHub workflows. This incident forced OpenAI to revoke and replace security certificates, underscoring the need for robust app verification to prevent fake applications. Separately, Google's Pentagon deal for AI integration into classified networks, unlike Anthropic's refusal due to concerns over autonomous weapons and domestic surveillance, raises questions about safeguards and employee dissent within AI firms. |
| 2026-04-11 2026 | DPRK Threat Actor Compromises Axios NPM Package news 9 min read | Library that analyzes a North Korea-nexus threat actor's compromise of the popular "axios" NPM package. The attacker introduced a malicious dependency, "plain-crypto-js," which acted as an obfuscated dropper for the WAVESHAPER.V2 backdoor across Windows, macOS, and Linux. The dropper uses `postinstall` hooks and OS-specific techniques involving PowerShell, curl, and bash to download and execute platform payloads, aiming for reconnaissance and command execution. GTIG attributes this to financially motivated UNC1069, noting infrastructure overlaps and the evolution of the WAVESHAPER backdoor. → cloud.google.com |
| 2026-04-11 2026 | 16 Minutes to Impact: npm crypto-draining malware news 11 min read | Library for detecting and mitigating npm supply chain compromises, detailing a September 2025 incident where attackers leveraged phishing to inject cryptocurrency-draining malware into popular JavaScript packages like 'chalk'. The malware intercepted browser traffic and manipulated wallet transactions, highlighting risks to crypto businesses and applications. It also details malware capabilities such as multi-chain targeting, real-time address manipulation, and stealth features designed to evade detection. |
| 2026-04-11 2026 | Widespread npm Supply Chain Attack: Billions at Risk news 8 min read | Analysis of a widespread npm supply chain attack targeting 18 popular packages, including debug, chalk, and ansi-styles, which are downloaded billions of times weekly. The attack, initiated via phishing and account compromise, injected crypto-stealing malware designed to hijack cryptocurrency transactions by imperceptibly altering destination addresses before user signing. This incident highlights the critical risks inherent in the open-source software supply chain, emphasizing the need for robust security measures to prevent malicious code propagation within development pipelines and cloud environments. → paloaltonetworks.com |
| 2026-04-11 2026 | npm Supply Chain Attack: debug, chalk, and Beyond news 6 min read | Library for detecting and mitigating widespread npm supply chain attacks, specifically detailing the debug/chalk incident. This resource unpacks how malicious versions of popular packages, including debug and chalk, were distributed and bundled into frontend applications. The attack hijacks browser network and wallet APIs to silently rewrite cryptocurrency recipients and approvals, diverting transactions to attacker-controlled wallets. It highlights the rapid propagation through CI/CD pipelines and the scope beyond initial reports, emphasizing the need for ongoing vigilance and registry updates. → wiz.io |
| 2026-04-11 2026 | The Nx s1ngularity Attack: Inside the Credential Leak news 8 min read | Tool for scanning local environments for compromise from the Nx s1ngularity supply chain attack. It detects leaked credentials, including GitHub tokens, npm keys, SSH private keys, API keys, and cryptocurrency wallet files, and checks for exploitation of LLM client configuration files for tools like Claude and Gemini. The tool also provides a privacy-preserving service to check if specific secrets were exfiltrated. → blog.gitguardian.com |
| 2026-04-11 2026 | s1ngularity: Nx supply chain attack leaks secrets news 4 min read | Writeup of the s1ngularity Nx supply chain attack, detailing how malicious Nx build system npm packages led to the exfiltration of sensitive developer assets like cryptocurrency wallets, GitHub tokens, and SSH keys. The attack leveraged AI CLI tools for reconnaissance and initially exfiltrated data to attacker-controlled GitHub repositories, which were later disabled by GitHub. A subsequent phase involved using leaked GitHub tokens to publicly expose over 5500 private repositories. The compromise was attributed to a flawed GitHub Actions workflow using `pull_request_target` with unsanitized pull request titles, granting arbitrary command execution and elevated permissions. → wiz.io |
| 2026-04-11 2026 | CISA 2025 Minimum Elements for SBOM beginner | Guidance on CISA's 2025 Minimum Elements for Software Bill of Materials (SBOM) seeks public comment to update the 2021 NTIA SBOM Minimum Elements. This revised guidance enhances software transparency and supply chain security by providing a detailed inventory of software components, enabling better risk management and vulnerability identification. It emphasizes machine-processable formats for scalable implementation and integration into cybersecurity practices, with comments due by October 3, 2025, via the Federal Register. |
| 2026-04-11 2026 | SLSA 3 Compliance with GitHub Actions and Sigstore intermediate 4 min read | Library for achieving SLSA 3 compliance, integrating GitHub Actions with Sigstore's Cosign, Fulcio, and Rekor. This solution automates the generation of non-forgeable build provenance for Go projects, enabling verification of software authenticity and build origins. It addresses supply chain security concerns highlighted by incidents like Log4j and Solarwinds, allowing users to audit and replicate builds without managing their own signing keys. → github.blog |
| 2026-04-11 2026 | cosign Verification of npm Provenance and GitHub Attestations intermediate 4 min read | Library for verifying npm provenance, GitHub Artifact Attestations, and Homebrew provenance using the cosign v2.4.0 release. It demonstrates how to verify artifacts by retrieving bundles containing signed attestations and applying verification policies via command-line flags. The library supports verifying public and private GitHub repositories, and also integrates with Homebrew's provenance. |
| 2026-04-11 2026 | Securing CI/CD After tj-actions and reviewdog Attacks beginner 6 min read | Guide detailing security hardening for GitHub Actions workflows following the tj-actions/changed-files and reviewdog/action-setup supply chain attacks. It explains the chained exploitation, tag redirection, and log-based exfiltration techniques used by attackers, emphasizing the dangers of mutable tags, unprotected secrets, and overly broad access controls. The guide offers a defense-in-depth blueprint including pinning to commit SHAs, enforcing MFA, enabling tag protection, avoiding persistent credentials, and implementing runtime monitoring to secure CI/CD pipelines. |
| 2026-04-11 2026 | GitHub Actions Supply Chain Attack: Coinbase to tj-actions news 30 min read | Writeup of a GitHub Actions supply chain attack, detailing how attackers compromised tj-actions/changed-files and reviewdog/action-setup. This multi-layered attack initially targeted Coinbase's open-source project agentkit before escalating to impact thousands of repositories by injecting malicious payloads that leaked CI/CD runner secrets and credentials. The analysis highlights abuse of third-party actions and dependencies, emphasizing the need for detection and prevention steps for consumers and maintainers. → unit42.paloaltonetworks.com |
| 2026-04-11 2026 | tj-actions/changed-files supply chain attack news 6 min read | Library update detailing a supply chain attack on the tj-actions/changed-files GitHub Action, leading to CVE-2025-30066. The compromise involved a malicious payload that leaked secrets from affected repositories into workflow logs, including AWS access keys, GitHub PATs, and private RSA keys. Mitigation steps include stopping usage of the affected action, rotating leaked secrets, pinning actions to commit hashes, and utilizing GitHub's allow-listing features. The attack vector likely involved compromising a GitHub personal access token. → wiz.io |
| 2026-04-11 2026 | tj-actions/changed-files compromise (CVE-2025-30066) news 2 min read | Alert detailing a supply chain compromise affecting the tj-actions/changed-files GitHub Action (CVE-2025-30066). This vulnerability, potentially linked to a reviewdog/action-setup@v1 compromise (CVE-2025-30154), allowed for the disclosure of secrets such as access keys, PATs, npm tokens, and private RSA keys. CISA urges users to audit repositories, rotate compromised secrets, and update to patched versions to mitigate this risk. |
| 2026-04-11 2026 | XZ Backdoor CVE-2024-3094 - JFrog news 10 min read | Analysis of CVE-2024-3094 details a sophisticated supply chain attack on XZ Utils, versions 5.6.0 and 5.6.1, which allowed unauthorized remote SSH access. The malicious payload, injected into the OpenSSH server (SSHD), modified decryption routines using ChaCha20 and Ed448 signatures to enable attackers with a specific private key to execute arbitrary commands or bypass authentication. The article outlines detection methods, remediation steps including downgrading and system restarts, and a kill switch, along with JFrog OSS tools for vulnerability scanning. → jfrog.com |
| 2026-04-11 2026 | xz Backdoor CVE-2024-3094 - OpenSSF news 3 min read | Writeup on CVE-2024-3094, detailing a sophisticated backdoor inserted into xz/liblzma versions 5.6.0 and 5.6.1. The backdoor was obfuscated within distribution tarballs, targeting RPM or DEB packages for x86-64 architecture built with gcc and the gnu linker, with the potential to break sshd authentication. The OpenSSF highlights how community vigilance and the paced release process of Linux distributions helped contain the impact, while emphasizing ongoing efforts to secure the open source supply chain. |
| 2026-04-11 2026 | XZ Utils backdoor (CVE-2024-3094) overview beginner 7 min read | Reference to CVE-2024-3094 details a significant backdoor discovered in xz-utils versions 5.6.0 and 5.6.1, impacting the sshd binary and enabling remote code execution. The article curates high-quality external analyses, OSINT reports, and technical breakdowns, including information on its distribution across Fedora, Debian, Kali, and Arch Linux. It also provides historical context, referencing past supply chain attack attempts on open-source software dating back to Ken Thompson's work. → securitylabs.datadoghq.com |
| 2026-04-11 2026 | Ultralytics PyPI package delivers coinminer news 4 min read | Library compromise of Ultralytics PyPI package: Malicious versions 8.3.41, 8.3.42, 8.3.45, and 8.3.46 distributed an XMRig coinminer by exploiting a GitHub Actions script injection. This allowed attackers to execute arbitrary code, leading to multiple releases containing downloader code in __init__.py. The initial compromise involved crafted pull requests to inject malicious payloads, with subsequent malicious versions published due to maintainers not fully locating the breach. This supply chain attack had a significant potential impact due to Ultralytics' widespread adoption. → reversinglabs.com |
| 2026-04-11 2026 | Supply-chain attack analysis: Ultralytics beginner 5 min read | Analysis of the Ultralytics supply-chain attack details how compromised GitHub Actions and PyPI API tokens led to malicious code injection in versions 8.3.41, 8.3.42, 8.3.45, and 8.3.46. The incident highlights the importance of securing build workflows, the use of Sigstore transparency logs, and PyPI provenance attestations for detecting and preventing future attacks. Recommendations include revoking unused API tokens, configuring GitHub Environments, and publishers auditing workflows for insecure patterns like `pull_request_target`, pinning dependencies, utilizing Trusted Publishers, and avoiding committing binary files. |
| 2026-04-11 2026 | GitLab discovers widespread npm supply chain attack news 7 min read | Library for detecting and analyzing the "Shai-Hulud" npm supply chain attack, which uses a destructive malware variant. The malware harvests credentials from GitHub, npm, AWS, GCP, and Azure, exfiltrates data, and propagates by infecting other packages. It features a "dead man's switch" that triggers data destruction if its propagation and exfiltration channels are severed, employing techniques like multi-stage loading, credential harvesting, and automated package republishing. |
| 2026-04-11 2026 | Shai-Hulud: Self-Replicating Worm Compromises 500+ NPM Packages news 12 min read | Library for detecting and analyzing the Shai-Hulud worm, which compromised over 500 NPM packages including @ctrl/tinycolor. This attack featured self-propagation via `NpmModule.updatePackage`, credential harvesting using TruffleHog and cloud SDKs for AWS, GCP, and Azure, and persistence mechanisms involving GitHub Actions workflows. The malware specifically targeted Linux and macOS environments, exfiltrating secrets like GitHub tokens and AWS access keys. → stepsecurity.io |
| 2026-04-11 2026 | Shai-Hulud npm supply chain attack overview news 9 min read | Writeup on the Shai-hulud npm supply chain attack, a self-replicating worm that compromises npm accounts to infect legitimate packages. This malware inserts malicious code into packages, spreading via `postinstall` scripts, and exfiltrates cloud service tokens (npm, GitHub, AWS, GCP) by installing TruffleHog and targeting specific secrets. The worm also attempts to exfiltrate GitHub tokens via malicious workflows and convert private repositories to public, impacting popular packages like ngx-bootstrap and ng2-file-upload. → reversinglabs.com |
| 2026-04-11 2026 | Shai-Hulud Worm Compromises npm Ecosystem news 8 min read | Analysis of the Shai-Hulud 2.0 npm worm details its aggressive propagation through pre-install execution, bypassing static analysis. This campaign targets GitHub repositories, stealing credentials for AWS, GCP, and Azure, exfiltrating them to public GitHub repositories, and even attempting to destroy home directories as a fallback. The worm also automates its spread by injecting malicious code into other packages maintained by compromised developers, potentially crippling CI/CD pipelines and leading to significant cloud service compromises. LLMs may have assisted in generating its obfuscated payload. → unit42.paloaltonetworks.com |
| 2026-04-11 2026 | Shai-Hulud 2.0: 25K+ Repos Exposed news | Shai-Hulud 2.0: 25K+ Repos Exposed → wiz.io |
| 2026-04-11 2026 | Shai-Hulud 2.0: Detection and Defense Guidance intermediate 9 min read | Library providing detection and defense guidance for the Shai-Hulud 2.0 supply chain attack, which compromised numerous npm packages via preinstall scripts and stole credentials using tools like TruffleHog. It details attack propagation paths, the use of fake personas like "Linus Torvalds," and offers mitigation strategies including credential rotation, CI/CD isolation, and leveraging Microsoft Defender for its code scanning, posture management, and runtime anomaly detection capabilities. → microsoft.com |
| 2026-04-11 2026 | Shai-Hulud 2.0 npm worm: analysis intermediate 9 min read | Analysis of Shai-Hulud 2.0, a self-replicating npm worm that backdoored 796 packages, reveals its sophisticated credential-stealing payload. This worm utilizes the Bun JavaScript runtime to evade detection, harvests credentials from local filesystems and cloud environments (AWS, Google Cloud, Azure) using techniques like `trufflehog` and accessing instance metadata services, and exfiltrates them to public GitHub repositories. It self-propagates by injecting malicious files like `setup_bun.js` and `bun_environment.js` into other npm packages, and can also establish GitHub self-hosted runners for remote code execution via vulnerable GitHub Actions. → securitylabs.datadoghq.com |
| 2026-04-11 2026 | Two different attackers poisoned popular open source tools - and showed us the future of supply chain compromise news 10 min read | Analysis of supply chain compromise via attacks on Trivy and Axios, demonstrating the future of malware delivery. Attackers leveraged vulnerabilities in open source tools, including a vulnerability scanner and a JavaScript library, to steal secrets and plant backdoors. These incidents highlight the growing threat of sophisticated social engineering and the potential for AI-driven attacks to target developer environments and compromise tens of thousands of organizations. → theregister.com |
| 2026-04-11 2026 | Mac ChatGPT App Gets Urgent Security Update After Supply Chain Threat news | Mac ChatGPT App Gets Urgent Security Update After Supply Chain Threat https://ift.tt/mp4TwQ6 |
| 2026-04-11 2026 | CrowdStrike: Stolen credentials used in Axios npm supply chain attack news 1 min read | Analysis of the Axios npm supply chain attack, where stolen maintainer credentials were used to inject ZshBucket malware variants across Linux, macOS, and Windows. The attack, attributed by CrowdStrike to Stardust Chollima, demonstrates enhanced malware capabilities including data exfiltration, remote command execution, and a unified JSON-based communication protocol. This incident highlights the significant risk posed by compromised open-source libraries to software supply chains. |
| 2026-04-11 2026 | The Scanner Was the Weapon: 36 Months of Precision Supply Chain Attacks Against DevSecOps Infrastructure advanced 16 min read | Library detailing 36 months of precision supply chain attacks, highlighting compromises of DevSecOps tools like vulnerability scanners and CI/CD pipelines. It examines the XZ Utils backdoor (CVE-2024-3094), the reviewdog GitHub Actions compromise (CVE-2025-30066 / CVE-2025-30154), and the multi-stage infostealer targeting Aqua Security's Trivy. The analysis reveals attacker sophistication in targeting trusted software, leveraging build-time injection and automated trust exploitation. → cloudsek.com |
| 2026-04-10 2026 | Crushing the Axios supply chain threat with Tenable Hexa AI: Use cases for agentic AI intermediate 5 min read | Tool for detecting and mitigating the Axios npm supply chain attack. Tenable Hexa AI, an agentic engine, automates scan configuration, identifies impacted assets, and prioritizes remediation, mirroring workflows applicable to emerging threats like CVEs or zero-days. Specific remediation steps for Axios include downgrading to safe versions, removing phantom dependencies, and rotating secrets. → securityboulevard.com |
| 2026-04-10 2026 | Supply chain attack at CPUID pushes malware with CPU-Z/HWMonitor news 3 min read | Library for analyzing supply chain attacks, specifically detailing a compromise at CPUID that distributed malware via trojanized versions of CPU-Z and HWMonitor. The attack involved DLL sideloading using a malicious CRYPTBASE.dll and delivered the STX RAT infostealer. This incident highlights a pattern targeting widely used utilities, similar to a prior FileZilla compromise. → bleepingcomputer.com |
| 2026-04-10 2026 | Renovate & Dependabot: The New Malware Delivery System news 8 min read | Library for detecting supply chain attacks that exploit automated dependency updates. It analyzes how tools like Renovate and Dependabot, designed to streamline updates, can inadvertently accelerate malware distribution. The library highlights real-world incidents, including the compromise of tj-actions/changed-files, Salesloft Drift, Shai-Hulud, trivy-action, and the Axios package, demonstrating how malicious code can be integrated into CI/CD pipelines and production code through compromised dependencies and automated merges. → securityboulevard.com |
| 2026-04-10 2026 | Renovate & Dependabot: The new Malware Delivery System news 8 min read | Library analyzing how automated dependency updaters like Renovate and Dependabot can inadvertently accelerate malware distribution in supply chain attacks. It details how these tools, designed for efficiency, can bypass security scrutiny by automatically merging malicious package updates, as seen with the Axios and trivy-action compromises. The entry highlights the implicit trust afforded to bot-generated pull requests and their potential to introduce malware rapidly, even into CI/CD pipelines through workflow modifications. → blog.gitguardian.com |
| 2026-04-10 2026 | Supply Chain Attacks Are Exploiting Our Assumptions beginner 12 min read | Library of techniques for defending against software supply chain attacks, addressing implicit trust assumptions exploited by attackers. It analyzes recent incidents such as the XZ Utils backdoor, npm and PyPI package compromises like `rustdecimal` and `torchtriton`, and attacks leveraging compromised accounts (e.g., `ctrl/tinycolor`, `Nx`, `rspack`). The library highlights methods to move beyond dependency scanning and SBOMs, focusing on verifying code provenance and build integrity to mitigate risks from deceptive doubles, stolen secrets, and poisoned pipelines. → blog.trailofbits.com |
| 2026-04-10 2026 | Protecting Your Software Supply Chain: Typosquatting and Dependency Confusion intermediate 9 min read | Library detailing typosquatting and dependency confusion attacks on software supply chains. These attacks exploit developers' typographical errors when downloading packages from registries like npm and PyPI, or through compromised dependencies. Real-world examples such as the Codecov and Event Stream breaches highlight how attackers infiltrate systems by mimicking legitimate packages, leading to data breaches, system compromises, and reputational damage. The library provides insights for engineering managers and security practitioners to protect their infrastructure from these evolving threats. → blog.gitguardian.com |
| 2026-04-10 2026 | LiteLLM PyPI Packages Compromised in TeamPCP Supply Chain Attacks news 2 min read | Library versions 1.82.7 and 1.82.8 of the LiteLLM Python package, a unified interface for AI model switching, were compromised on PyPI by the TeamPCP group. The malicious versions contained a credential stealer and malware dropper, posing significant risks due to LiteLLM's access to API keys and configuration data. This incident is part of a broader campaign by TeamPCP, which also targeted Aqua's Trivy scanner and CheckMarx's VS Code extensions. Sonatype advises affected organizations to remove the malicious package, rotate credentials, and investigate for persistence mechanisms. → helpnetsecurity.com |
| 2026-04-10 2026 | Supply-Chain Attack Defense: Developer Host Machine Hardening intermediate 6 min read | Library for hardening developer host machines against supply-chain attacks, detailing configurations for Python (pip, uv) and JavaScript/TypeScript (npm, pnpm, yarn, bun). It implements defenses such as release age gates and disabling install scripts, referencing techniques like `uv`'s `exclude-newer` and `npm`'s `min-release-age` and `ignore-scripts`. The guide also provides guidance on verifying AI-suggested packages and detecting suspicious package behavior through tools like Socket.dev. |
| 2026-04-10 2026 | TeamPCP Credential Infostealer Chain Attack Reaches Python's LiteLLM news 10 min read | Library for detecting credential infostealer supply chain attacks, specifically detailing the TeamPCP campaign targeting Python's LiteLLM. This multi-stage attack chain exploits vulnerabilities in Trivy, GitHub Actions, Docker images, and npm packages, ultimately compromising LiteLLM through a malicious `.pth` file executed upon interpreter startup. The malware harvests a wide array of credentials including SSH keys, cloud provider secrets, Kubernetes tokens, and Git credentials, exfiltrating them to a compromised domain, and can deploy privileged DaemonSets in Kubernetes environments. |
| 2026-04-10 2026 | Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers news 4 min read | Library for interacting with the dYdX v4 protocol, compromised versions of the JavaScript (`@dydxprotocol/v4-client-js`) and Python (`dydx-v4-client`) packages have been found to steal cryptocurrency wallet credentials and, in the Python version, execute remote access trojans. Threat actors inserted malicious code into core registry files, exploiting developer account compromise to distribute these poisoned updates across ecosystems. The attack also highlights risks associated with un-published packages on npm, where typosquatting can lead to malware distribution. → thehackernews.com |
| 2026-04-10 2026 | N. Korean Hackers Spread 1,700 Malicious Packages Across npm, PyPI, Go, Rust news 3 min read | Library detailing the Contagious Interview campaign, which has released over 1,700 malicious packages across npm, PyPI, Go, Rust, and Packagist. These packages, including `dev-log-core`, `logutilkit`, and `github[.]com/golangorg/formstash`, function as malware loaders, distributing infostealers and RATs capable of post-compromise activity. The malicious code is concealed within legitimate functions, making detection challenging. → thehackernews.com |
| 2026-04-10 2026 | The Next Wave of Supply Chain Attacks: NPM, PyPI, and Docker Hub news 7 min read | Survey connecting supply chain attacks across npm, PyPI, and Docker Hub, highlighting root causes like maintainer phishing and weak authentication, as seen in incidents involving npm packages like chalk and debug, PyPI packages like num2words, and official Debian base images on Docker Hub. It emphasizes the danger of malicious content persistence and reactive detection, pointing out how stolen credentials and exploitable registry gaps allow attackers to poison ecosystems. |
| 2026-04-10 2026 | PyPI, npm, and the New Frontline of Software Supply Chain Attacks news 5 min read | Library for analyzing software supply chain attacks, detailing incidents involving Trivy (CVE-2026-33634), LiteLLM, Telnyx, and Axios. These attacks targeted popular open-source packages and developer tooling, with attackers gaining unauthorized access to trusted projects and injecting malicious code. The primary objective was credential theft, including cloud keys and SSH keys, with some incidents also exfiltrating cryptocurrency wallet files. The library highlights the need for dependency hygiene and strong CI/CD security controls, such as pinning package versions, atomic credential rotation, and restricting egress from CI/CD runners. |
| 2026-04-10 2026 | Malicious PyPI and npm Packages Exploiting Dependencies in Supply Chain Attacks news 3 min read | Library detailing malicious PyPI and npm packages exploiting supply chain vulnerabilities. The `termncolor` PyPI package, leveraging the `colorinal` dependency, employed DLL side-loading via `vcpktsvr.exe` and `libcef.dll` for persistence and command-and-control communication. Similarly, compromised npm packages like `redux-ace` and `rtk-logger` targeted developers via job assessments, harvesting credentials and system data. These incidents highlight risks from automated dependency upgrades, exemplified by the `eslint-config-prettier` compromise. → thehackernews.com |
| 2026-04-10 2026 | Supply Chain Attack: How Attackers Weaponize Software beginner 25 min read | Library detailing software supply chain attacks, explaining how attackers weaponize trust in open source packages from registries like npm and PyPI, CI/CD platforms such as GitHub Actions, and cloud SDKs from vendors like AWS. It covers how compromised developer accounts, malicious updates, or abused CI/CD credentials can lead to vulnerabilities, citing the CCleaner incident as an example of malicious code injected into a digitally signed release. |
| 2026-04-10 2026 | 2026 Supply Chain Security Report: Attack Analysis news 9 min read | Report analyzing the 2025-2026 supply chain attack landscape, including the multi-wave Shai-Hulud campaigns, the s1ngularity attack on Nx, GhostActions on PyPI, and the September npm hijacking. It details common attack patterns like credential compromise, install-time execution, cross-ecosystem propagation, and CI/CD pipeline exploitation, noting incidents at Jaguar Land Rover and Marks & Spencer, alongside F5 BIG-IP source code theft. The report also maps supply chain security requirements to SOC 2 and ISO 27001 compliance frameworks. |
| 2026-04-10 2026 | Securing Software Supply Chains: 2026 Priorities beginner 5 min read | Survey of 2026 software supply chain security priorities, this event discussed critical infrastructure needs driven by AI-generated code and open-source components. Key themes included visibility gaps in AI and open-source, challenges aligning compliance with operations, and the necessity for better coordination across security, policy, and procurement teams. It also highlighted the importance of organizational resilience through role clarity, consistent third-party oversight, context-guided modernization, stronger compliance execution, improved metrics, and enhanced collaboration across sectors to address evolving threats. |
| 2026-04-10 2026 | 2026 Software Supply Chain Report news 13 min read | Report detailing the 2025 evolution of open source malware, with over 454,600 new malicious packages identified across major registries like npm and PyPI. The report highlights industrialized campaigns by state-linked entities such as the Lazarus Group, who deployed sophisticated multi-stage payload chains and introduced self-replicating malware like Shai-Hulud. Attacks increasingly leverage typosquatting, namespace confusion, and toolchain masquerading to target developer and build environments, with observed behaviors including TEA token harvesting, secrets exfiltration, and backdoor deployment. → sonatype.com |
| 2026-04-10 2026 | Supply Chain Attacks 2025-2026: Axios, Shai-Hulud, and More news 11 min read | Analysis of supply chain attacks from 2025-2026 details incidents like the Axios npm RAT, Shai-Hulud worm, Chalk/Debug compromise, Nx/s1ngularity attack, and the TeamPCP campaign. These attacks exploited compromised npm accounts, typosquatting, build pipeline infiltration, and dependency confusion across npm, PyPI, GitHub Actions, and container registries. The analysis explains common attack vectors, impact including credential exfiltration and crypto wallet draining, and outlines detection and automated remediation strategies for security teams. |
| 2026-04-09 2026 | Inside the TeamPCP cascading supply chain attack news 9 min read | Library for detecting and mitigating supply chain attacks, detailing the TeamPCP campaign that compromised the telnyx and LiteLLM PyPI packages, as well as Checkmarx extensions on Open VSX. The attacks leveraged stolen credentials to inject malicious code, exfiltrating cloud secrets and tokens, impacting security tools like Trivy and KICS GitHub Actions, and demonstrating the risks of unverified dependencies. → reversinglabs.com |
| 2026-04-09 2026 | Hackers Expose Vulnerabilities in Software Supply Chains news 4 min read | Library for detecting and mitigating software supply chain risks, exemplified by the Axios NPM package compromise attributed to North Korea-nexus threat actor UNC1069. This incident highlights how attackers exploit trust relationships in development workflows, injecting malicious code like WAVESHAPER.V2 via compromised maintainer accounts. The attack vector, involving a JavaScript dropper with obfuscation, demonstrates the cascading impact of transitive dependencies across development ecosystems, leading to potential credential theft, system compromises, and extortion. |
| 2026-04-09 2026 | LiteLLM PyPI Supply Chain Attack Reaches Mercor: Two Poisoned Releases AI Gateway Credential Risk and the Fallout That Froze Work news 7 min read | Library detailing a LiteLLM PyPI supply chain attack, specifically versions 1.82.7 and 1.82.8, which compromised AI gateway credentials. The incident highlights the risks of poisoned releases and the propagation of credential exposure through automated build systems and startup mechanism abuse. Remediation involves dependency verification, secret rotation, and auditing egress traffic, emphasizing the critical need for secure pipelines and hash validation protocols for third-party code. |
| 2026-04-09 2026 | Compromised litellm PyPI Package Delivers Multi-Stage Credential Stealer news 6 min read Python | Library for Python that, when compromised in versions 1.82.7 and 1.82.8, acted as a multi-stage credential stealer. The malicious code within the popular litellm package could exfiltrate sensitive data including API keys, environment variables, cloud credentials (AWS, GCP, Azure), and Kubernetes secrets. It deployed a three-layer payload for reconnaissance, data harvesting, and establishing persistence, potentially linked to TeamPCP and LAPSUS$. → sonatype.com |
| 2026-04-08 2026 | Axios Compromised: The Supply Chain Attack Shows How Thin the Line Between Everyday Packages and Malicious Code Has Become news 3 min read | Analysis of the Axios supply chain attack, where malicious dependency plain-crypto-js was injected into Axios versions 1.14.1 and 0.30.4 on March 31, 2026. Google Threat Intelligence and Microsoft confirmed the incident, linking it to UNC1069 and WAVESHAPER.V2 malware, with affected platforms including Windows, macOS, and Linux. The attack leveraged trust in everyday packages, potentially leading to RAT payload downloads and credential exfiltration in CI systems and build pipelines, highlighting the vulnerability of software supply chains. |
| 2026-04-08 2026 | Why the Next Supply Chain Shock Will Come From Cyber Not Shortages news 4 min read | Analysis of third-party cyber risk highlights how compromised suppliers like Collins Aerospace and the retailer Mango cause widespread disruption. Current reliance on static assessments is insufficient; a shift to continuous assurance is necessary. This involves embedding security into partnership agreements, ongoing verification through audits and monitoring, and aligning with frameworks like NIST 800-53 and ISO 27001 to manage the digital supply chain proactively. |
| 2026-04-08 2026 | Your developers work for cyber gangs news 9 min read | Library for securing open-source dependencies, addressing risks highlighted by March 2026 supply chain attacks. These incidents included credential theft via compromised scanners like Aqua Security's Trivy, invisible malware injection using Unicode payloads by GlassWorm, and a North Korean state actor hijacking the popular axios npm package. The library also covers the challenges posed by blockchain-based command-and-control infrastructure, making traditional takedown methods ineffective. |
| 2026-04-07 2026 | Malware distributed via ILSpy WordPress domain breach news | Library of techniques for mitigating supply chain attacks, specifically addressing the recent ILSpy WordPress domain breach. This incident involved malware distribution through a compromised official WordPress site, luring developers to install malicious browser extensions. The attack highlights the increasing threat of actors targeting software supply chains, urging developers to strengthen URL verification, utilize official repositories, and exercise caution with unsolicited browser extensions. → scworld.com |
| 2026-04-07 2026 | Guardarian Users Targeted With Malicious Strapi NPM Packages news 2 min read | Library of 36 malicious NPM packages targeting Strapi users, discovered by SafeDep, delivered payloads for Redis code execution, Docker container escape, credential harvesting, and reverse shell deployment. Payloads exploited Redis instances for webshells and reverse shells, escaped Docker containers, and targeted PostgreSQL databases. The campaign specifically aimed at Guardarian users, exfiltrating configurations and API modules, with attackers pivoting to reconnaissance and data collection after initial aggressive approaches failed. → securityweek.com |
| 2026-04-07 2026 | Behind the Scenes: How StepSecurity Detected and Helped Remediate the Largest npm Supply Chain Attack news 12 min read | Analysis of the largest npm supply chain attack detailing StepSecurity's real-time detection of a compromised axios package. The incident involved a state-sponsored actor hijacking the popular HTTP client, inserting a malicious dependency, and actively deleting GitHub issues to conceal the compromise. StepSecurity utilized its AI Package Analyst and Harden-Runner to identify suspicious indicators and anomalous network activity, enabling rapid notification and remediation efforts for customers. → stepsecurity.io |
| 2026-04-07 2026 | Malicious Axios npm Packages Trigger Supply Chain Attack: How Attackers Could Access Crypto Wallets and API Keys news | Malicious Axios npm Packages Trigger Supply Chain Attack: How Attackers Could Access Crypto Wallets and API Keys https://ift.tt/y4GF6z0 |
| 2026-04-07 2026 | Poisoned Axios Package Linked To Cross-Platform Malware Delivery Campaign news 2 min read | Library for identifying software supply chain attacks, detailing the malicious Axios versions (1.14.1, 0.30.4) that delivered a cross-platform Remote Access Trojan via a phantom dependency technique (plain-crypto-js) and an obfuscated setup.js script. The attack leveraged compromised package manager accounts and bypassed GitHub Actions, highlighting the risks of dynamic version ranges and the importance of strict version pinning and ignoring automated installation scripts. → cyberpress.org |
| 2026-04-07 2026 | Guardarian Users Targeted in Supply Chain Attack via Malicious Strapi NPM Packages news 1 min read | Writeup of a supply chain attack targeting Guardarian users via malicious Strapi NPM packages. Threat actors published 36 fake packages, disguised as Strapi plugins, designed to deliver payloads including remote shells, Docker escape, and credential harvesting. Techniques involved exploiting Redis, targeting PostgreSQL, scanning for wallet files, exfiltrating Strapi configurations, and establishing persistent access. The attack evolved from aggressive payloads to reconnaissance and targeted credential theft, specifically for the Strapi ecosystem. → cxodigitalpulse.com |
| 2026-04-07 2026 | Chainguard Emphasizes Short-Lived Tokens to Address Software Supply Chain Risks news | Chainguard Emphasizes Short-Lived Tokens to Address Software Supply Chain Risks https://ift.tt/pUAHQc3 → tipranks.com |
| 2026-04-07 2026 | North Korean Hackers Target High-Profile Node.js Maintainers news 2 min read | Analysis of UNC1069's social engineering campaign targeting Node.js maintainers, including those involved with Socket, Platformatic, Dotenv, and the Node.js Security Working Group. These attackers employ detailed, multi-week lures, mirroring tactics seen in Operation Dream Job and Contagious Interview, to trick high-profile maintainers into executing malware, as evidenced by the Axios supply chain attack. → securityweek.com |
| 2026-04-07 2026 | Avocado warns on code repository supply chain attacks news | Avocado warns on code repository supply chain attacks https://ift.tt/I76zWlE |
| 2026-04-07 2026 | Avocado warns on code repository supply chain attacks news | Avocado warns on code repository supply chain attacks https://ift.tt/SyPbT1q |
| 2026-04-06 2026 | AI-Assisted Supply Chain Attack Targets GitHub news | AI-Assisted Supply Chain Attack Targets GitHub https://ift.tt/W3OMdbX → darkreading.com |
| 2026-04-06 2026 | Researchers Uncover 36 Rogue npm Packages Delivering Redis RCE and Persistent Malware news 2 min read | Library of 36 malicious npm packages targeting Strapi content management systems, employing sophisticated supply-chain attacks. These packages, mimicking legitimate plugins, use “postinstall” scripts for automatic execution, enabling remote code execution (RCE) via Redis exploits and Docker container escapes. Variants deployed diverse malware, searched for sensitive data including .env files and wallet information, and established persistent command-and-control infrastructure through cron jobs and background processes. → cyberpress.org |
| 2026-04-06 2026 | How to Prevent OWASP Software Supply Chain Failures intermediate 17 min read | Reference for preventing OWASP A03:2025 Software Supply Chain Failures, emphasizing continuous third-party monitoring, SBOM management, and device fingerprinting. This category, ranked number one in community surveys, encompasses compromises in building, distributing, or updating software, often through third-party code or tools. Effective strategies involve preventive controls like SBOM and dependency governance, alongside detective controls that monitor for abnormal behavior, addressing risks such as using obsolete functions and unmaintained components, and validating software integrity and provenance. |
| 2026-04-06 2026 | Axios Compromise on npm Introduces Hidden Malicious Package news 5 min read | Writeup on the axios npm compromise, where attackers hijacked an account to publish malicious versions (axios@1.14.1, axios@0.30.4) that silently introduced a hidden dependency on `plain-crypto-js@4.2.1`. This technique, tracked as sonatype-2026-001623 and sonatype-2026-001622 respectively, leveraged npm's postinstall scripts to execute obfuscated code, download a RAT, and spread to other packages like those in the OpenClaw ecosystem. → sonatype.com |
| 2026-04-06 2026 | NPM Supply Chain Attacks Explained: Dependency Confusion Exploits and Defense intermediate 10 min read | Library detailing NPM supply chain attacks, focusing on dependency confusion exploits and defense strategies. It analyzes significant incidents like the 2025 NPM Phishing Hack compromising chalk and debug, the Shai-Hulud malware worm targeting credentials and proliferating through postinstall scripts, and the 2026 SANDWORM_MODE exploit poisoning AI toolchains via typosquatting. The library also covers critical NPM vulnerabilities such as install-time arbitrary code execution and extreme dependency depth, and outlines bug bounty methodologies for hunting dependency confusion. |
| 2026-04-06 2026 | Axios npm Package Compromised in Supply Chain Attack news 2 min read | Library compromised in a supply chain attack affecting axios@1.14.1 and axios@0.30.4 via the malicious plain-crypto-js@4.2.1 package. The attack, originating from a hijacked maintainer account, poisoned both the 1.x and 0.x branches of the popular npm HTTP client. Mitigation strategies include rolling back to unaffected versions, pinning dependencies, or using alternative HTTP clients like the native fetch API, got, or ky. → infoq.com |
| 2026-04-06 2026 | The 2026 Guide to Software Supply Chain Security beginner | The 2026 Guide to Software Supply Chain Security |
| 2026-04-05 2026 | Week in review: Axios npm supply chain compromise critical FortiClient EMS bugs exploited news 9 min read | Library of security news and analysis detailing recent exploits including the Axios npm supply chain compromise, FortiClient EMS vulnerabilities (CVE-2026-35616, CVE-2026-21643), Cisco IMC auth bypass (CVE-2026-20093), and a Google Chrome zero-day (CVE-2026-5281). It also covers the emergence of EvilTokens for Microsoft 365 phishing, malware distribution via Claude Code leaks, and TrueConf zero-day exploitation targeting government networks. → helpnetsecurity.com |
| 2026-04-05 2026 | 36 Malicious npm Packages Exploited Redis PostgreSQL to Deploy Persistent Implants news 6 min read | Library of 36 malicious npm packages disguised as Strapi CMS plugins, which exploit Redis and PostgreSQL to deploy persistent implants, harvest credentials, and execute reverse shells. These packages, uploaded under fake developer accounts, utilize the `postinstall.js` script to execute payloads including Docker container escape, system reconnaissance, and PostgreSQL database exploitation with hardcoded credentials. The campaign's evolution shows a pivot from aggressive exploitation to data collection and targeted credential theft, potentially indicating a cryptocurrency platform attack. → thehackernews.com |
| 2026-04-04 2026 | Hackers breached the European Commission by poisoning the security tool it used to protect itself news 5 min read | Library for securing applications, focusing on supply chain attacks. This library addresses vulnerabilities exploited in tools like Trivy, as demonstrated by the European Commission breach. It highlights the risks of compromised open-source security software and the sophisticated tactics employed by threat actors such as TeamPCP and ShinyHunters, who leveraged techniques like credential harvesting and force-pushing malicious code to gain unauthorized access and exfiltrate sensitive data. |
| 2026-04-04 2026 | Supply Chain Attacks Surge in March 2026 news 5 min read | Library for detecting and mitigating supply chain attacks impacting open-source software. It details compromises of the Axios NPM package, which distributed a cross-platform RAT via a hidden dependency ([email protected]), and the LiteLLM PyPI package, which aimed to harvest cloud credentials and SSH keys using a malicious `.pth` file and obfuscated payloads. Recommendations include reviewing lockfiles, searching for malicious domains, using SCA tools, implementing MFA, and revoking compromised secrets. → securityboulevard.com |
| 2026-04-04 2026 | Supply chain attack on Axios npm package: Scope impact and remediations intermediate 4 min read | Analysis of the Axios npm package supply chain attack details how attackers compromised versions 1.14.1 and 0.30.4 by injecting a malicious dependency, `plain-crypto-js`, which executed a remote access trojan dropper. This attack, targeting a popular HTTP client, poses significant risks of data theft, including credentials and API keys. The article stresses the need for immediate incident response, secret rotation, and proactive defense strategies like dependency pinning and environment scanning to mitigate future supply chain compromises. → securityboulevard.com |
| 2026-04-04 2026 | How critical Axios NPM package got hacked: maintainer shared full story intermediate | How critical Axios NPM package got hacked: maintainer shared full story https://ift.tt/cqQuNFB → cybernews.com |
| 2026-04-04 2026 | UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack intermediate 5 min read | Writeup detailing UNC1069's sophisticated social engineering campaign that compromised the Axios npm package. Threat actors, identified as North Korean, meticulously cloned company founders and branding to build rapport, then used fake Slack workspaces and Microsoft Teams calls to trick maintainers into downloading remote access trojans. This allowed them to steal npm credentials and publish trojanized versions (1.14.1 and 0.30.4) containing the WAVESHAPER.V2 implant, demonstrating a scalable pattern targeting high-impact open-source maintainers to poison the software supply chain. → thehackernews.com |
| 2026-04-04 2026 | European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack news 2 min read | Writeup detailing the European Commission's data breach, confirming over 300GB of data theft from its AWS environment. Hackers exploited an API key compromised during the TeamPCP-led supply chain attack on Aqua Security's Trivy vulnerability scanner. The attackers leveraged tools like TruffleHog to discover secrets and exfiltrate data related to 71 clients of the Europa web hosting service, with the stolen information later appearing on the ShinyHunters leak site. → securityweek.com |
| 2026-04-04 2026 | Mercor faces class action lawsuit after supply chain attack news 3 min read | Lawsuit against Mercor alleges failure to implement basic cybersecurity protections, including multifactor authentication and data encryption, leading to a supply chain attack via the LiteLLM open-source software tool. The breach, attributed to the Lapsus$ group, reportedly exposed over 40,000 individuals' sensitive personal data. The suit seeks damages for identity theft, fraud, and invasion of privacy, demanding significant overhauls to Mercor's data security systems and program. |
| 2026-04-03 2026 | The developer credential economy: Why exposure data is the new front line in the supply chain war news 4 min read | Analysis of the "Developer Credential Economy" highlights how supply chain attacks leverage exposed developer credentials, such as API keys and cloud access tokens, creating a lucrative black market. Endpoint detection and response (EDR) tools are insufficient as they operate reactively and lack visibility into CI/CD environments where credential theft occurs. A Continuous Threat Exposure Management (CTEM) strategy is crucial for proactively identifying and eliminating exposure conditions like long-lived access tokens before they can be exploited, as demonstrated by the Axios and Anthropic Claude Code incidents. → securityboulevard.com |
| 2026-04-03 2026 | North Korean hackers blamed for hijacking popular Axios open source project to spread malware news 3 min read | Library hijack of the popular JavaScript tool Axios, hosted on npm, is attributed to suspected North Korean hackers (UNC1049). The attackers compromised a developer account to push malicious versions containing a remote access trojan, impacting millions of developers and representing a significant supply chain attack. Security firms like StepSecurity and Aikido investigated, with Aikido advising users who downloaded the compromised code to assume their systems are compromised. The malware was designed to self-delete, complicating detection. → techcrunch.com |
| 2026-04-03 2026 | Do not get high(jacked) off your own supply (chain) news 3 min read | Analysis of recent supply chain attacks targeting widely used libraries like Axios and projects like Trivy, highlighting the impact of vulnerabilities such as React2Shell and Log4j. The entry emphasizes the ongoing threat posed by compromised open-source components and the necessity of securing CI/CD pipelines, maintaining software inventories, and implementing fundamental security practices like MFA and robust logging. → blog.talosintelligence.com |
| 2026-04-03 2026 | 12 Months That Changed Supply Chain Security - 2025 Month by Month news 10 min read | Survey of 2025 supply chain threats, month by month, detailing targeted developer compromises, CI/CD manipulation, and open-source module poisoning. Notable incidents include Lazarus Group's Operation 99 and Operation Marstech Mayhem, PlushDaemon's attack on IPany, UAC-0212 exploiting CVE-2024-38213, the compromise of GitHub Action tj-actions/changed-files via CVE-2025-30066, Scattered Spider's DragonForce ransomware attacks, and the theft of Solana keys via PyPI packages. The analysis highlights the escalating scale and sophistication of attacks across ecosystems, cloud platforms, and critical infrastructure. |
| 2026-04-03 2026 | Securing the Software Supply Chain: OpenSSF, SLSA, SBOM, and Sigstore intermediate | Securing the Software Supply Chain: OpenSSF, SLSA, SBOM, and Sigstore |
| 2026-04-03 2026 | OWASP Top 10 2025: A03 Software Supply Chain Failures (Beginner's Guide) beginner 5 min read | Guide to OWASP Top 10 2025: A03 Software Supply Chain Failures, this entry details common attack vectors such as malicious packages, compromised CI/CD systems, and vulnerable components, citing real-world examples like SolarWinds, Log4j (CVE-2021-44228), and the XZ Utils backdoor (CVE-2024-3094). It offers practical countermeasures including SBOM generation, continuous dependency scanning, artifact signing, and CI/CD hardening, aligning with community concerns over this critical risk. |
| 2026-04-03 2026 | SLSA Framework: The Definitive Guide for Securing Your Software Supply Chain intermediate 9 min read | Library detailing the SLSA (Supply-chain Levels for Software Artifacts) framework, designed to secure the software supply chain against attacks like SolarWinds and Log4Shell. It defines incremental security levels for build processes, focusing on verifiable provenance metadata and automated enforcement. The library explains SLSA's core concepts, including provenance structure, cryptographic signing with Sigstore (Cosign, Fulcio, Rekor), and its alignment with NIST SSDF and EO 14028. It breaks down SLSA's benefits for AppSec engineers and security professionals looking to prevent tampering, ensure artifact integrity, and secure build infrastructure. |
| 2026-04-03 2026 | Five Key Flaws Exploited in 2025's Software Supply Chain Incidents news 7 min read | Analysis of five major 2025 software supply chain incidents, detailing exploitation campaigns targeting critical vulnerabilities. These include the React2Shell RCE flaw (CVE-2025-55182) in React.js, exploited by nation-state groups; the Shai Hulud 2.0 worm that poisoned thousands of npm packages; and the Clop group's exploitation of a zero-day RCE vulnerability (CVE-2025-61882) in Oracle E-Business Suite. The analysis highlights the impact of these exploits on numerous organizations and the increasing sophistication of supply chain attacks. → infosecurity-magazine.com |
| 2026-04-03 2026 | Predictions for Open Source Security in 2025 | OpenSSF news 10 min read | Survey of open source security predictions for 2025, highlighting increased risks from state actors and AI. The xz Utils backdoor incident illustrates vulnerabilities in widely adopted open source projects, often maintained by few volunteers. Generative AI can accelerate vulnerability discovery and sophisticated social engineering attacks, enabling attackers to scale efforts previously requiring nation-state resources. While AI also offers defensive capabilities, the increased attack surface and potential for malicious code injection necessitates greater investment and vigilance in open source supply chains. |
| 2026-04-03 2026 | Supply Chain Attacks in Q4 2025: From Isolated Incidents to Systemic Failure Modes news 9 min read | Survey of systemic supply chain failure modes observed in Q4 2025, including exploits against developer tooling and distribution channels. Case studies like Shai-Hulud (npm) and GlassWorm (VS Code marketplaces) highlight attackers leveraging implicit trust and identity abuse for widespread compromise, while the F5 BIG-IP breach demonstrates vendor compromise propagating downstream. These incidents illustrate how attacks bypassed traditional defenses by targeting dependencies, identities, and update mechanisms, leading to deep initial access and significant "trust debt" across the software supply chain. |
| 2026-04-03 2026 | Supply Chain Security in CI: SBOMs, SLSA, and Sigstore intermediate 4 min read | Library for enhancing CI/CD supply chain security, enabling practical implementation of SBOMs, SLSA provenance, and artifact signing using tools like Syft, cosign, and Grype. It details how to generate CycloneDX or SPDX SBOMs, capture build provenance with SLSA generators, and sign container images or blobs with Sigstore's keyless or key-based signing. The library aids in creating auditable builds, ensuring release integrity, and automating vulnerability scanning by integrating SBOMs with scanners. |
| 2026-04-03 2026 | SLSA - Supply-chain Levels for Software Artifacts intermediate 2 min read | Framework for establishing and improving software supply chain security. SLSA offers a set of standards and controls designed to prevent tampering and enhance the integrity of software packages and infrastructure. It provides four compliance levels, each building on industry-recognized best practices for source code, builds, and dependencies, to create a common language for assessing software supply chain security and protecting against advanced threats. |
| 2026-04-03 2026 | A03 Software Supply Chain Failures - OWASP Top 10:2025 beginner 6 min read | Reference to OWASP Top 10:2025 A03 Software Supply Chain Failures, this entry details breakdowns in software building, distribution, or updates caused by third-party code, tools, or dependencies. It highlights risks like unpatched components (e.g., CWE-1104, CWE-1395), untracked dependencies, and vulnerable CI/CD pipelines, referencing attacks like SolarWinds, Bybit theft, and the Shai-Hulud npm worm, and vulnerable CVEs such as CVE-2017-5638. Prevention involves robust SBOM management, continuous vulnerability monitoring (CVE, NVD, OSV), securing developer tools, and implementing strict change and hardening processes for repositories and build servers. → owasp.org |
| 2026-04-03 2026 | Mercor Breach Linked to LiteLLM Attack Raises AI Supply Chain Security Concerns news 3 min read | Library compromise of LiteLLM, a Python Package Index tool, led to the Mercor breach via a supply chain attack. Attackers injected malicious code, exploiting stolen credentials to upload harmful versions of the library, which automated pipelines then downloaded. This incident exposed sensitive data, including user information, credentials, and proprietary assets, impacting numerous companies and raising significant concerns about AI supply chain security, open-source vulnerabilities, and the tactics of groups like TeamPCP and Lapsus$. |
| 2026-04-03 2026 | North Korean hackers implicated in major supply chain attack news | North Korean hackers implicated in major supply chain attack https://ift.tt/qYWBvLI |
| 2026-04-03 2026 | Source Code Leaks Highlight Lack of Supply Chain Oversight news 4 min read | Analysis of recent supply chain attacks, including compromises of Trivy, Axios, and Anthropic's Claude Code, reveals significant vulnerabilities in development pipelines and credential management. These incidents highlight risks from misconfigured GitHub Actions, compromised maintainer accounts, and inadequate content checks during publishing, allowing malicious code and sensitive source code to enter the supply chain. Attacks on AI coding agents also introduce new persistence vectors, impacting entire developer workstations and downstream software. → darkreading.com |
| 2026-04-03 2026 | Open Source Security Tool Trivy Hit by Supply Chain Attack Prompting Urgent Industry Response news 2 min read | Tool Trivy was compromised in a supply chain attack, with malicious release v0.69.4 briefly distributed, exfiltrating sensitive data and executing malicious code. Attackers leveraged compromised credentials and manipulated release processes, impacting downstream systems and related tooling like GitHub Actions. This incident highlights the vulnerability of trusted open source scanners and CI/CD pipelines, prompting calls for artifact integrity verification, credential scoping, and zero-trust principles in software supply chains. → infoq.com |
| 2026-04-03 2026 | Supply chain blast: Top npm package backdoored to drop dirty RAT on dev machines news 3 min read | Library alert detailing a sophisticated npm supply chain attack where a hijacked maintainer account for the popular Axios package (used by 100 million weekly) introduced two backdoored versions: axios@1.14.1 and axios@0.30.4. Attackers bypassed CI/CD pipelines, publishing a malicious dependency, plain-crypto-js@4.2.1, which delivered cross-platform remote-access trojans (RATs) tailored for macOS, Windows, and Linux. This highly organized campaign, attributed to suspected North Korean threat actor UNC1069, highlights the significant risks associated with compromised dependencies and the need for robust application security practices. → theregister.com |
| 2026-04-03 2026 | Axios supply chain attack victim posts postmortem to prevent a repeat news 2 min read | Writeup detailing the Axios supply chain attack by North Korean group UNC1069, which injected Remote Access Trojans (RATs) via malicious versions `axios@1.14.1` and `axios@0.30.4`. The attack leveraged social engineering, including a fake Microsoft Teams call, and delivered payloads through the `plain-crypto-js@4.2.1` dependency. Remediation involves downgrading Axios, cleaning dependencies, rotating credentials, and monitoring network connections to `sfrclak.com`. Axios is implementing OIDC-based publishing and immutable releases to prevent future incidents. → techzine.eu |
| 2026-04-03 2026 | Axios Compromised With A Malicious Dependency news 6 min read | Library for detecting and mitigating the Axios supply chain attack where versions 0.30.4 and 1.14.1 were compromised via the malicious dependency `plain-crypto-js` version 4.2.1. This attack installs a Remote Access Trojan (RAT) on Windows, macOS, and Linux systems, enabling attackers to gain complete control. Immediate actions include rotating credentials, pinning dependencies, and treating affected machines as fully compromised. The library can help identify affected versions and provide context on the attack's mechanisms across different operating systems. → ox.security |
| 2026-04-03 2026 | Mitigating the Axios npm supply chain compromise intermediate 13 min read | Analysis of a recent Axios npm supply chain compromise reveals North Korean state actor Sapphire Sleet injected malicious dependencies into popular Axios versions 1.14.1 and 0.30.4. These compromised packages, utilizing a fake runtime dependency `plain-crypto-js@4.2.1` with silent install-time code execution, connected to a Sapphire Sleet-controlled C2 server at `hxxp://sfrclak[.]com:8000/6202033` to download platform-specific remote access trojan (RAT) payloads for Windows, macOS, and Linux. The attack highlights the risks of poisoned open-source frameworks, enabling actors to achieve broad downstream impact by compromising widely adopted libraries. → microsoft.com |
| 2026-04-03 2026 | North Korean hackers bug software used by thousands of US companies in potential crypto heist attempt news 2 min read | Library: Axios, a software package used by thousands of US companies, was compromised in a supply-chain attack attributed to suspected North Korean hackers. This incident allowed unauthorized access to malicious updates, potentially enabling cryptocurrency theft to fund North Korea's nuclear and missile programs. Experts anticipate a lengthy recovery process and downstream impact, noting this as another instance of Pyongyang leveraging software vulnerabilities for financial gain. |
| 2026-04-03 2026 | Axios npm supply chain attack: Malicious updates add remote access trojan news 3 min read | Library detailing a sophisticated supply chain attack targeting the popular `axios` npm package. Malicious updates (`[email protected]`, `[email protected]`) introduced a remote access trojan via a compromised account and a pre-staged dependency, `plain-crypto-js`. The trojan deployed OS-specific payloads for Windows, macOS, and Linux, establishing backdoors to a command and control server at `sfrclak[.]com`. Cleanup involved obfuscated scripts and self-destructing RATs, with artifacts like `%PROGRAMDATA%/wt.exe` on Windows and `/Library/Caches/com.apple.act.mond` on macOS. → scworld.com |
| 2026-04-03 2026 | Update anxiety: is it safe to run apt update during active supply chain attack intermediate | Update anxiety: is it safe to run “apt update” during active supply chain attack https://ift.tt/xeBRmYn → cybernews.com |
| 2026-04-03 2026 | Axios NPM Distribution Compromised in Supply Chain Attack news 2 min read | Analysis of the Axios npm supply chain attack details how a compromised maintainer account led to malicious versions (v1.14.1, v0.30.4) being published, introducing a dependency on the trojanized `plain-crypto-js` package. This compromise, tracked as GHSA-fw8c-xr5c-95f9 and MAL-2026-2306, involved a dropper executing platform-specific RATs from `sfrclak.com:8000`. Security teams should audit axios usage, rotate exposed credentials, investigate compromise paths, and monitor for suspicious activity. → wiz.io |
| 2026-04-03 2026 | Axios compromise: How AppSec teams should respond intermediate 6 min read | Library response checklist for the Axios supply chain compromise, detailing steps to audit dependencies, rotate credentials, review CI/CD logs, and secure code repositories. It advocates for continuous dependency inventory, extended SBOMs (xBOMs) including SaaSBOMs and CBOMs, ongoing OSS package monitoring, short-lived CI/CD credentials, and modeling cascading risk, particularly for crypto and fintech assets, to mitigate threats posed by compromised packages like axios and its transitive dependencies. → reversinglabs.com |
| 2026-04-03 2026 | CyCognito Details Axios Supply Chain Attack After Malicious npm Releases Deliver Remote Access Trojan news 3 min read | Analysis of a software supply chain attack detailing how malicious versions of the npm package axios ([email protected] and [email protected]) delivered a remote access trojan during installation. The incident, identified by CyCognito, affected developer workstations, CI/CD runners, and other environments resolving dependencies during a limited exposure window, potentially exposing credentials and secrets within trusted engineering workflows. Recommended responses include precise exposure identification via lockfiles and build logs, credential rotation, and hardening dependency handling by limiting install-time script execution. → securityboulevard.com |
| 2026-04-03 2026 | GlassWorm Supply Chain Cyber Attack Threatens Connected Cars news 6 min read | Analysis of GlassWorm, a sophisticated supply chain attack targeting connected car development, highlights its novel use of invisible Unicode characters to conceal malicious payloads. Compromising popular Visual Studio Code extensions on Open VSX and npm packages, GlassWorm harvests developer credentials, VPN configurations, and authentication tokens. Command-and-control operations leverage the Solana blockchain and Google Calendar to exfiltrate data, posing a significant threat to automotive software pipelines and the security of modern vehicles. |
| 2026-04-03 2026 | North Korean hackers bug software used by thousands of US companies in potential crypto heist attempt news 2 min read | Library for securing software supply chains, this resource details a suspected North Korean APT attack leveraging the Axios open-source software. The incident highlights the risks of malicious updates, with potential cryptocurrency theft as a motive. Mandiant and Wiz identify the threat actor, emphasizing the broad economic impact across sectors and the ongoing challenges in assessing downstream consequences. The attack underscores vulnerabilities exploited by sophisticated state-sponsored actors, particularly in the context of AI-driven development. |
| 2026-04-03 2026 | North Korean hackers bug software used by thousands of US companies in potential crypto heist attempt news 2 min read | Writeup of a supply-chain attack targeting the Axios software package, attributed to suspected North Korean hackers. The attackers gained access to a developer's account, pushing malicious updates to thousands of US companies. Experts anticipate a long-term campaign to steal cryptocurrency to fund North Korea's nuclear and missile programs, with downstream impacts potentially taking months to assess. Mandiant and Wiz have commented on the incident, noting the sophistication and boldness of Pyongyang's hacking operations. |
| 2026-04-03 2026 | North Korea-Linked Hackers Hit Axios in Supply Chain Attack news | North Korea-Linked Hackers Hit Axios in Supply Chain Attack https://ift.tt/WXtKrSs |
| 2026-04-02 2026 | Software supply chain hacks trigger wave of intrusions data theft news 3 min read | Analysis of recent supply chain attacks, including the Axios npm compromise by North Korean hackers (UNC1069) and attacks involving Trivy, KICS, LiteLLM, and Telnyx linked to TeamPCP, reveals widespread intrusions and data theft. These incidents have led to stolen secrets being exploited for cloud environment compromises, ransomware, and cryptocurrency theft, impacting numerous organizations globally across various sectors. TeamPCP's activities include exploiting credentials for cloud intrusions and potential partnerships with Vect ransomware and their planned CipherForce RaaS program. → helpnetsecurity.com |
| 2026-04-02 2026 | Et Tu Agent? Did You Install the Backdoor? news 7 min read | Library for detecting novel software supply chain attacks, focusing on malicious dependencies like the one in the Axios incident and the TeamPCP campaign. It analyzes package behavior, examining network access, shell processes, obfuscation, and postinstall scripts, to identify threats that traditional CVE databases and vulnerability scanners miss, offering detection speeds orders of magnitude faster than industry averages. |
| 2026-04-02 2026 | The build pipeline is becoming the new frontline: Axios npm compromise highlights growing software supply chain risks experts warn news 4 min read | Analysis of the Axios npm compromise highlights the escalating risks of software supply chain attacks, where build pipelines become the new frontline. Attackers compromised the Axios npm account, publishing malicious versions that installed a remote access trojan (RAT) targeting macOS, Windows, and Linux. This sophisticated attack involved a staged dependency that self-deleted and cleared its tracks, making detection difficult. Researchers warn that such attacks exploit trust in open-source ecosystems and necessitate closer scrutiny of CI/CD systems, package dependencies, and developer environments to defend against evolving threat actor playbooks, potentially linked to groups like UNC1069. |
| 2026-04-02 2026 | Trivy supply chain intrusion reportedly compromises Cisco source code news | Library for identifying and mitigating supply chain risks, highlighted by the Trivy vulnerability scanner's role in a Cisco source code compromise. This incident involved threat actors leveraging illicit GitHub Action plugins to gain access to Cisco's build environment, steal credentials, and exfiltrate AWS keys. The attack resulted in the cloning of over 300 Cisco GitHub repositories, including sensitive AI-related code and data from government agencies and financial institutions, and points to potential further compromises from related LiteLLM and Checkmarx incidents. → scworld.com |
| 2026-04-02 2026 | Google links axios attack to suspected North Korean actor news | Google links axios attack to suspected North Korean actor https://ift.tt/Qo2k98l |
| 2026-04-02 2026 | Frequently Asked Questions About the Axios npm Supply Chain Attack by North Korea-Nexus Threat Actor UNC1069 news 6 min read | Library details a supply chain attack on the popular axios npm package, where North Korea-nexus threat actor UNC1069 injected malicious versions (1.14.1 and 0.30.4). This compromise, live for approximately three hours, delivered the WAVESHAPER.V2 cross-platform remote access trojan via a malicious dependency, plain-crypto-js. The attack targeted millions of developer environments, with affected systems needing to be treated as fully compromised. Remediation involves downgrading axios, blocking C2 traffic, and rotating credentials. → securityboulevard.com |
| 2026-04-02 2026 | North Korean hackers linked to Axios npm supply chain compromise news 3 min read | Writeup detailing the Axios npm supply chain compromise attributed to North Korean attackers (UNC1069), where malicious versions of the library introduced a hidden dependency with a post-install script to deploy WAVESHAPER.V2 backdoor variants targeting macOS, Windows, and Linux. The attack leveraged stealthy code and external infrastructure to evade detection, highlighting the significant downstream risk of compromised transitive dependencies in the JavaScript ecosystem. → helpnetsecurity.com |
| 2026-04-02 2026 | North Korean hackers behind axios critical supply chain attack Google says news | North Korean hackers behind axios critical supply chain attack, Google says https://ift.tt/bSufe84 → cybernews.com |
| 2026-04-02 2026 | Axios open source library targeted in sophisticated supply chain attack news | Axios open source library targeted in sophisticated supply chain attack https://ift.tt/m7Wu1vD → cybersecuritydive.com |
| 2026-04-02 2026 | North Korea-linked hack hits largely invisible software that powers online services news | North Korea-linked hack hits largely invisible software that powers online services https://ift.tt/SzoMu5C |
| 2026-04-02 2026 | Axios supply chain attack chops away at npm trust news 3 min read | Writeup on the Axios supply chain attack, detailing how compromised credentials led to malicious versions of axios (axios@1.14.1, axios@0.30.4) and a malicious dependency (plain-crypto-js@4.2.1) being published to npm. These versions inject a Remote Access Trojan (RAT) via a post-install script, potentially exposing secrets and leading to full machine compromise. Indicators of compromise include specific domains, IP addresses, and temporary file paths on affected operating systems. |
| 2026-04-02 2026 | LiteLLM Supply Chain Attack Exposes Credentials Across AI Ecosystems news 4 min read | Library detailing a LiteLLM supply chain attack where malicious PyPI packages, injected by threat actor TeamPCP, silently stole credentials and infrastructure data. The multi-stage malware used stealthy execution, harvested sensitive information including cloud credentials and Kubernetes secrets, and established persistence via system-level backdoors and privileged pod deployment. Mitigation strategies involve removing compromised versions, rebuilding systems, rotating credentials, auditing pipelines, and strengthening supply chain security through dependency pinning and verification. → esecurityplanet.com |
| 2025-12-11 2025 | 📚 tl;dr sec 308 news AI | 😈 MCP Security, ☁️ AWS re:Invent Recaps, 🤖 Detecting Malicious Pull Requests with AI https://t.co/gt4zMQKZpp |
| 2025-12-03 2025 | 30 low-high level honeypots in a single PyPI package news Python | https://t.co/sH0hx43Dcp |
| 2025-11-29 2025 | Story of Cyberattack: Salesforce Supply Chain Breach news 5 min read | Analysis of the 2025 Salesforce supply chain attacks, involving compromised Salesloft Drift and Gainsight integrations, highlights the abuse of OAuth tokens and third-party app vulnerabilities. Attackers leveraged stolen credentials and API access to exfiltrate sensitive data from over 200 companies, demonstrating a significant risk inherent in SaaS ecosystems where external applications possess broad permissions and often overlook security controls. |
| 2025-10-30 2025 | fr0gger/proximity: Proximity is a MCP security scanner powered with NOVA intermediate 3 min read AI | Library for security scanning of MCP (Model Context Protocol) servers and Agent Skills. Proximity leverages NOVA security rules to detect issues like prompt injection and jailbreak attempts, offering pattern-specific remediation. It supports MCP Spec 2025-11-25, providing detailed analysis of server capabilities, agent skill structures, permissions, and LLM evaluations. |
| 2025-10-15 2025 | The MCP Security Tool You Probably Need - MCP Snitch intermediate 7 min read AI | Tool for securing MCP proxy operations, MCP Snitch intercepts tool calls and enforces user-defined whitelists to prevent overprivileged access, inspired by browser security evolution. It addresses current authentication weaknesses, such as broad GitHub PAT scopes, by mediating operations and providing visibility and control, acting as a critical layer until MCP protocols and platforms implement native fine-grained, temporal scoping and sandboxing. |
| 2025-07-29 2025 | GitHub - jeanlucdupont/EXEfromCER: PoC that downloads an executable from a public SSL certificate intermediate RCE | Tool for demonstrating executable delivery via SSL certificates. This proof of concept embeds a full Windows executable within a custom extension of an X.509 certificate, served over HTTPS. A Python client connects to the server, extracts the embedded binary from the certificate, saves it to disk, and then executes it, showcasing a novel attack vector. |
| 2024-10-10 2024 | Security hardening for GitHub Actions - GitHub Docs beginner 19 min read | Guide for GitHub Actions security hardening detailing best practices for managing secrets, including the principle of least privilege, masking sensitive data using `::add-mask::`, deleting and rotating exposed secrets, avoiding structured data as secrets, registering transformed or generated secrets, auditing secret handling and usage, and reviewing run logs. It also covers mitigating script injection risks by using JavaScript actions or intermediate environment variables, and emphasizes pinning actions to full-length commit SHAs to prevent malicious code injection from third-party repositories. |
| 2024-09-30 2024 | GitHub - praetorian-inc/gato: GitHub Actions Pipeline Enumeration and Attack Tool intermediate 5 min read | Tool for enumerating and exploiting GitHub Actions pipeline vulnerabilities. Gato, or GitHub Attack Toolkit, identifies poisoned pipeline execution vulnerabilities and scans workflow artifacts for secrets using NoseyParker. It supports various attack modules including GitHub Classic PAT privilege enumeration, GitHub Code Search API enumeration, and self-hosted runner attack detection through workflow file and run-log analysis. This tool has been superseded by Trajan. |
| 2024-07-23 2024 | Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests intermediate | In this article, we’ll discuss some common security malpractices for GitHub Actions and workflows, and how to best avoid them. Our examples are based on real-world GitHub workflow implementation vulne... → securitylab.github.com |
| 2022-01-18 2022 | Making Sense of the Constantly Changing Log4Shell Landscape news 13 min read RCE | Library for application security, focusing on the evolving Log4Shell vulnerability. It provides a comprehensive overview of the Log4Shell landscape, detailing various techniques and considerations for managing the risks associated with this critical vulnerability. |
| 2022-01-15 2022 | 10 real-world stories of how weve compromised CI/CD pipelines intermediate 2 min read | Writeups detail 10 real-world compromises of CI/CD pipelines, showcasing vulnerability discovery and exploitation techniques. These NCC Group research articles highlight findings from their Exploit Development Group, emphasizing deep technical investigations and practical guidance for enhancing cyber resilience across various security domains, including software and AI security. |
| 2022-01-10 2022 | Open Source Developer Intentionally Corrupts His Own Widely-Used Libraries news 4 min read | Writeup of the intentional sabotage of the 'colors' and 'faker' JavaScript libraries by their developer, Marak Squires. Versions v1.4.44-liberty-2 of 'colors' and '6.6.6' of 'faker' contained infinite loops and disruptive code, impacting thousands of downstream projects including Amazon's Cloud Development Kit. This event highlights the complexities and potential repercussions of open-source development, particularly concerning developer compensation and corporate reliance on free software. The issue with 'faker' can be mitigated by downgrading to version 5.5.3. |
| 2021-12-29 2021 | Log4j: The Worst Vulnerability In Nearly A Decade? news | Log4j: The Worst Vulnerability In Nearly A Decade? |
| 2021-12-22 2021 | Why SBOM management is no longer optional beginner 4 min read | Library for Software Bills of Materials (SBOM) management, crucial for addressing software supply chain vulnerabilities like Log4Shell. It emphasizes generating, storing, and searching SBOMs for rapid incident response, supporting aggregation and various SBOM formats like SPDX. This proactive approach ensures visibility and quick identification of affected applications during zero-day exploits. → infoworld.com |
| 2021-12-22 2021 | Why the Log4j vulnerability is such a big deal according to a former NSA hacker news 5 min read | Library analysis by a former NSA hacker details the severe remote code execution (RCE) vulnerability, Log4Shell, found in Apache's Log4j logging tool. This critical flaw, rated 10 on the CVSS scale, is present in numerous widely-used applications and services, including those from Apple, Twitter, and Amazon, as well as Minecraft and Tesla vehicles. Its ubiquitous nature and the difficulty in locating and patching all instances make it a significant threat, enabling attacks like data theft, malware deployment, and system compromise by various actors, including nation-states and ransomware gangs. |
| 2021-12-16 2021 | Mitigate Log4j2 / Log4Shell in Elasticsearch intermediate 16 min read RCE | Reference detailing Log4Shell (CVE-2021-44228) and its impact on Elasticsearch versions 5.0 to 7.16.0. It explains mitigation strategies, including updating Log4j to 2.17.1, setting `log4j2.formatMsgNoLookups=true`, removing the `JndiLookup` class, and leveraging the Java Security Manager. The document also addresses subsequent vulnerabilities like CVE-2021-45046, CVE-2021-45105, and CVE-2021-44832, clarifying their applicability to Elasticsearch. |
| 2021-12-13 2021 | Semgrep beginner RCE | Semgrep |
| 2021-12-12 2021 | Digging deeper into Log4Shell - 0Day RCE exploit found in Log4j advanced 6 min read RCE | Writeup on CVE-2021-44228, a critical Remote Code Execution vulnerability in the Apache Log4j library that leverages JNDI lookups. Attackers can exploit this by controlling log messages, triggering LDAP calls to execute arbitrary Java code loaded from attacker-controlled servers, leading to widespread exploitation due to Log4j's common usage. |
| 2021-12-12 2021 | PSA: Log4Shell and the current state of JNDI injection intermediate 2 min read RCE | Writeup on JNDI Injection exploits, including the Log4Shell vulnerability (CVE-2021-44228). This entry details how Java runtimes, even newer versions, are susceptible. It explains that JNDI lookups via RMI and LDAP can lead to remote code execution, referencing earlier patches like CVE-2009-1094 and CVE-2018-3149. The writeup also covers exploitation vectors involving Apache XBean BeanFactory and Java deserialization, highlighting the importance of patching Log4J and disabling JNDI lookups. |
| 2021-11-01 2021 | Common Threat Matrix for CI/CD Pipeline intermediate | Matrix detailing CI/CD pipeline threats, modeled after MITRE ATT&CK®. It classifies adversary tactics and techniques specific to CI/CD environments, extending beyond just supply-chain attacks. This resource aims to share knowledge on securing CI/CD environments with the cybersecurity community, addressing the full attack surface. |
| 2021-10-27 2021 | Protect your open source project from supply chain attacks beginner 5 min read | Library for securing open source projects from supply chain attacks, this resource details best practices aligned with the SLSA framework and OpenSSF Scorecards rubric. It covers techniques such as enforcing multi-factor authentication, requiring commit reviews, using secret manager tools like HashiCorp Vault, implementing least privilege access controls, defining build configurations as code, assessing dependency risks with tools like deps.dev and Scorecards, generating authenticated build provenance, and verifying cryptographically signed artifacts using services like Sigstore. The Allstar project can automate many of these recommendations. |
| 2021-09-15 2021 | Native Container Image Scanning in Amazon ECR beginner 7 min read | Library for native container image scanning within Amazon ECR, leveraging the CoreOS Clair open-source project for static analysis of OS packages against CVEs. This solution offers scheduled re-scans via Lambda functions and an HTTP API, or immediate scans with "scan-on-push" or "scan-on-demand" modes. It integrates with AWS CLI and SDKs, providing actionable insights and enabling drill-down into specific findings, without requiring third-party licenses or infrastructure setup. → aws.amazon.com |
| 2021-06-24 2021 | Google Releases New Framework to Prevent Software Supply Chain Attacks news 2 min read | Framework outlining Supply chain Levels for Software Artifacts (SLSA) to secure the software development pipeline and prevent tampering. SLSA, inspired by Google's Binary Authorization for Borg, offers four progressive security levels for software packages and build platforms, culminating in SLSA 4's two-person review and hermetic build process, aiming to provide auditable metadata for policy engines. → thehackernews.com |
| 2021-05-25 2021 | Supply Chain Security Begins with Secure Software Development beginner 2 min read | Library of open-source tools and practical guidance for secure software development and supply chain security, stemming from NCC Group's vulnerability research across cryptography, hardware, AI, and exploitation. The Exploit Development Group (EDG) delivers high-impact research and bespoke exploit development, with academic partnerships further advancing cyber resilience and nurturing future talent. |
| 2021-05-19 2021 | Creating the Perfect Python Dockerfile intermediate | This content focuses on best practices for building efficient and secure Docker images for Python applications. Key considerations include choosing appropriate base images, minimizing image size through multi-stage builds and `.dockerignore` files, optimizing dependency installation, and implementing security measures like running as a non-root user. The goal is to create Dockerfiles that are faster to build, smaller in size, and more secure for deployment. |
| 2021-05-18 2021 | Colonial Pipeline Darkside and Models news 4 min read | Analysis comparing incident response models from Sophos and Mandiant for the Darkside ransomware attack. It highlights differences in kill chain stages, such as Sophos categorizing at least two steps Mandiant omits, and discrepancies in specific techniques listed for "move laterally," with Mandiant citing Beacon and plink while Sophos lists PSExec and SSH. The entry emphasizes the need for defenders to critically evaluate and unionize such data due to variations in observed post-exploitation actions, referencing CVE-2021-20016. |
Frequently Asked Questions
- What is a software supply chain attack?
- A supply chain attack targets the components, tools, or processes used to build software rather than the application itself. This includes compromising open-source packages, injecting malicious code into build pipelines, hijacking maintainer accounts, or distributing trojanized development tools — allowing attackers to affect thousands of downstream users simultaneously.
- What is dependency confusion?
- Dependency confusion (also called namespace confusion) exploits how package managers resolve dependencies. An attacker publishes a malicious package to a public registry with the same name as a private internal package. If the build system checks the public registry first or prefers higher version numbers, it installs the attacker's package instead of the legitimate internal one.
- How do you defend against supply chain attacks?
- Key defenses include maintaining a Software Bill of Materials (SBOM), using lock files and dependency pinning, enabling automated dependency scanning (Dependabot, Snyk, Socket), verifying package signatures and provenance, adopting the SLSA framework for build integrity, using private registries with allow-lists, and regularly auditing your dependency tree for known vulnerabilities.
Weekly AppSec Digest
Get new resources delivered every Monday.