Supply Chain Security
Software supply chain security addresses threats that target the dependencies, build systems, and distribution channels that modern applications rely on. High-profile incidents like SolarWinds, Log4Shell, and the xz backdoor demonstrated that attackers increasingly target upstream components rather than applications directly. Supply chain attacks include dependency confusion (substituting malicious packages with names matching internal packages), typosquatting in package registries, compromised maintainer accounts, malicious code injected into build pipelines, and trojanized development tools. Defenses include software bills of materials (SBOMs), dependency pinning and lock files, signature verification, provenance attestation (SLSA framework), regular dependency auditing with tools like Dependabot, Snyk, or Socket, and careful evaluation of new dependencies before adoption.
| Date Added | Link | Excerpt |
|---|---|---|
| 2026-06-02 NEW 2026 | Unpatched software is now the top way into banks news | Unpatched software has become the primary vulnerability exploited by attackers targeting banks. This highlights a critical security gap, as outdated systems provide easy entry points for cybercriminals. The article emphasizes the urgent need for financial institutions to prioritize patching their software to mitigate this growing threat and protect sensitive data. |
| 2026-06-02 NEW 2026 | Multiple redhat-cloud-services npm Packages compromised news | Multiple redhat-cloud-services npm Packages compromised https://ift.tt/r3RLzXA → stepsecurity.io |
| 2026-06-02 NEW 2026 | Containers on fire: from container escapes to supply chain attacks beginner | This article, "Containers on fire: from container escapes to supply chain attacks," explores the security risks associated with containerized environments. It discusses vulnerabilities such as container escapes, which allow attackers to break out of isolated containers, and supply chain attacks, which compromise the integrity of software components used within containers. The content likely delves into the methods attackers exploit and the potential impact of these security breaches on organizations utilizing container technology. |
| 2026-06-01 NEW 2026 | OpenAI Codex tool with over 29000 downloads linked to malicious npm supply chain attack stealing authentication tokens news | A malicious attack has been discovered within the OpenAI Codex tool on npm, a popular JavaScript package manager. This tool, downloaded over 29,000 times, was found to be stealing authentication tokens. The incident highlights a significant supply chain attack where a trusted tool was compromised, posing a risk to users' sensitive data and accounts. |
| 2026-06-01 NEW 2026 | Dozens of Red Hat packages backdoored through its offical NPM channel news | Dozens of Red Hat packages were compromised through their official NPM channel. This security incident involved malicious code being injected into legitimate software, potentially affecting numerous users. The vulnerability highlights the risks associated with supply chain attacks and the importance of secure development practices. Further details regarding the scope and impact of the backdoor are still emerging. → arstechnica.com |
| 2026-06-01 NEW 2026 | Miasma: Supply Chain Attack Targeting RedHat npm Packages news | A supply chain attack named "Miasma" has targeted RedHat npm packages. This attack involved the compromise of internal RedHat systems, allowing threat actors to inject malicious code into legitimate packages. These compromised packages were then distributed through the npm registry, potentially affecting a wide range of users and applications that rely on these dependencies. The investigation into the extent of the compromise and its impact is ongoing. No specific bounty payout amount was mentioned in the provided content. → wiz.io |
| 2026-06-01 NEW 2026 | Miasma Supply Chain Attack Compromises Red Hat npm Packages with Credential-Stealing Worm news | A Miasma supply chain attack has compromised Red Hat's npm packages, introducing a credential-stealing worm. This malicious code was embedded within the `ua-parser-js` package, a dependency used by numerous applications. The worm attempts to steal cryptocurrency wallet and browser credentials. While Red Hat has removed the compromised package, the incident highlights the significant risks posed by supply chain attacks on open-source software. → thehackernews.com |
| 2026-06-01 NEW 2026 | CrowdStrike and Google take down botnet used by hackers to target software developers in supply chain attacks news | CrowdStrike and Google have successfully dismantled a botnet that was being used by hackers to conduct supply chain attacks specifically targeting software developers. These malicious actors exploited vulnerabilities to compromise the development environment, potentially impacting a wide range of software products. The coordinated takedown aims to disrupt this threat and protect the software development ecosystem from further exploitation. No bug bounty payout amount was mentioned in the provided content. → msn.com |
| 2026-06-01 NEW 2026 | OpenAI Codex Authentication Tokens Stolen in codexui-android npm Supply Chain Attack news | OpenAI Codex authentication tokens were compromised in a supply chain attack targeting the `codexui-android` npm package. Attackers injected malicious code into the package, allowing them to steal sensitive credentials. This incident highlights the risks associated with open-source dependencies and the importance of supply chain security. The exact payout amount for bug bounty related to this vulnerability was not stated. → thehackernews.com |
| 2026-06-01 NEW 2026 | Microsoft discovers new npm attack in 14 packages news | Microsoft has identified a new supply chain attack impacting 14 npm packages, which collectively have over 1.5 million downloads. Attackers injected malicious code into these popular packages, aiming to steal user credentials and potentially execute arbitrary code. The malware was disguised as legitimate updates, making it difficult to detect. Microsoft's Security Response Center has confirmed the discovery and is working to mitigate the threat and inform affected users. → techzine.eu |
| 2026-06-01 NEW 2026 | Mercor Hit: 4TB Stolen via LiteLLM (95M Downloads) [2026] news | A significant data breach occurred at Mercor, resulting in the theft of 4TB of sensitive information. The attack was facilitated through a vulnerability in LiteLLM, a popular library with 95 million downloads. The specific year of the incident is indicated as [2026]. No bug bounty payout amount is mentioned in the provided content. |
| 2026-06-01 NEW 2026 | Emerging Threats to AI-Assisted Software Supply Chains Highlight Security Demand beginner | AI-assisted software development introduces new security vulnerabilities to the software supply chain. These threats can be exploited to compromise AI models, inject malicious code, or manipulate training data, leading to insecure software. The rise of these risks underscores the critical need for robust security measures throughout the AI development lifecycle to ensure the integrity and safety of AI-assisted software. → tipranks.com |
| 2026-05-31 NEW 2026 | SlowMist Says TrapDoor is One of 2026s Largest Supply Chain Attacks news | Analysis of the TrapDoor supply chain attack, identified by Socket and detailed by SlowMist, reveals a sophisticated campaign targeting crypto and AI developers via malicious packages on npm, PyPI, and Crates.io. The attack utilized hidden code within installation and build processes, leveraging trusted developer services like GitHub Pages to exfiltrate sensitive data including SSH keys, cloud credentials, and crypto wallets. The npm variant, particularly advanced, manipulated Git hooks and AI coding assistant files like `.cursorrules` and `CLAUDE.md`, employing prompt injection to spread malicious instructions. |
| 2026-05-31 NEW 2026 | 14 malicious npm packages impersonated OpenSearch Elasticsearch libraries news | Writeup on 14 malicious npm packages impersonating OpenSearch and Elasticsearch libraries, demonstrating a supply chain attack vector targeting developers. These packages, designed to mimic legitimate OpenSearch and Elasticsearch modules, pose a significant risk to software integrity and development pipelines. → theregister.com |
| 2026-05-31 NEW 2026 | CISA warns that Nx Console and GitHub repositories abused in multiple supply chain compromises tools across enterprise cloud and DevOps environments exploited news | Analysis of supply chain attacks by CISA details exploitation of Nx Console VSCode extension and GitHub repositories via the Megalodon campaign. Threat actors pilfered CI/CD secrets and cloud credentials by poisoning workflows. Recommended mitigations include auditing contributor activity, forensic reviews, rotating secrets, pinning trusted package versions, and delaying package pulls for community detection. |
| 2026-05-31 NEW 2026 | Solana Sui and Aptos wallet data targeted in TrapDoor package attack news | Library containing malicious packages on npm, PyPI, and Crates.io designed for the TrapDoor supply-chain attack. These packages disguised as developer utilities target Solana, Sui, and Aptos wallet data, along with SSH keys, GitHub tokens, and cloud credentials. Attackers also abused AI configuration files like `.cursorrules` and `CLAUDE.md` to exfiltrate secrets during AI coding sessions. |
| 2026-05-31 NEW 2026 | Hackers caught hiding OpenAI token-stealing malware in Codex npm package news | Hackers have embedded malware designed to steal OpenAI API tokens within the popular Codex npm package. This malicious code was discovered by security researchers, who identified it as a sophisticated attempt to gain unauthorized access to users' AI models and data. The discovery highlights a growing trend of supply chain attacks targeting software development tools. Further investigation is ongoing to determine the full scope of the breach and the potential impact on users. → cybernews.com |
| 2026-05-31 NEW 2026 | Perplexity launches Bumblebee: How its new read-only dev scanner differs from Chainguard news | Tool, Bumblebee, is a read-only scanner by Perplexity designed to check developer machines for risky packages, extensions, and AI tool configurations during supply-chain incidents. It targets four surfaces including language package managers like npm, pnpm, Yarn, Bun, PyPI, Go modules, RubyGems, and Composer. Unlike other tools, Bumblebee avoids executing scripts and directly inspects metadata files, preventing potential attacks triggered by scanner execution. It differentiates itself from Chainguard by focusing on the developer workstation environment rather than containers and build pipelines. |
| 2026-05-30 NEW 2026 | The hidden AI security flaw behind four major supply chain attacks news | Library for hardening software supply chains against AI-related supply chain attacks, this resource details vulnerabilities in build systems and release workflows that bypass traditional AI model security testing. It highlights incidents impacting OpenAI, Anthropic, Meta, and TanStack, specifically mentioning the TanStack Mini Shai-Hulud worm's exploitation of GitHub Actions and cache poisoning, and the LiteLLM attack's reliance on credential reuse in PyPI. The library emphasizes the need for pipeline-focused red teams, behavioral validation of build processes, dependency credential hygiene, mandatory human review before releases, and strict input sanitization in build tools to mitigate risks like command injection. |
| 2026-05-30 NEW 2026 | Download pumping: New npm deception technique for supply chain attacks news | A new npm deception technique called "download pumping" has been discovered, posing a threat to supply chain security. This method involves malicious packages registering fake download metrics to appear more popular and trustworthy than they are. Researchers observed campaigns where attackers used this technique to obscure malicious code within seemingly legitimate packages, making them harder to detect and leading to potential system compromises. This discovery highlights the evolving tactics used in supply chain attacks and the need for enhanced vigilance in package vetting. → securityboulevard.com |
| 2026-05-30 NEW 2026 | Malicious npm packages abuse dependency confusion to profile developer environments news | Library for detecting malicious npm packages that exploit dependency confusion to profile developer environments. These packages impersonate internal corporate namespaces and use obfuscated reconnaissance payloads downloaded from attacker-controlled C2 servers. They leverage npm lifecycle hooks for automatic execution during `npm install`, employing anti-analysis techniques and targeting various operating systems. The attack chain involves namespace squatting, spoofed enterprise metadata, and inflated version numbers, with a reconnaissance-only mode that collects system information and credentials for potential follow-on exploitation. → microsoft.com |
| 2026-05-29 NEW 2026 | Typosquatted npm packages used to steal cloud and CI/CD secrets news | Library detailing an npm supply chain attack where typosquatted packages like "opensearch-setup" and "elastic-opensearch-helper" were used to steal AWS credentials, HashiCorp Vault tokens, and CI/CD secrets. The malicious packages leverage npm lifecycle hooks to execute a credential harvester that targets AWS IMDSv2, ECS task metadata, Secrets Manager across multiple regions, and npm publish tokens, enabling cloud lateral movement and downstream supply-chain pivoting. → microsoft.com |
| 2026-05-29 NEW 2026 | Malicious Sicoob NuGet Steals Banking Credentials as npm Packages Target Cloud Secrets news | Library exploiting Sicoob NuGet and npm packages targets sensitive data. Malicious versions of "Sicoob.Sdk" exfiltrate client IDs and PFX certificates, while npm packages like "@vpmdhaj/devops-tools" harvest AWS credentials, Vault tokens, and CI/CD secrets. These attacks employ techniques such as typosquatting, dependency confusion, and brandjacking to achieve manufactured legitimacy and compromise developer workflows, echoing broader supply chain attack campaigns. → thehackernews.com |
| 2026-05-29 NEW 2026 | CISA adds Daemon Tools TanStack and Nx Console compromised versions to KEV catalog news | Catalog listing of CVE-2026-8398, CVE-2026-45321, and CVE-2026-48027, impacting Daemon Tools Lite, TanStack npm packages, and Nx Console. These vulnerabilities, identified by CISA for inclusion in the Known Exploited Vulnerabilities catalog, resulted from supply chain attacks. Compromised Daemon Tools installers utilized valid code-signing certificates, while TanStack packages were maliciously published via GitHub Actions. The Nx Console vulnerability involved a malicious version appearing on the Visual Studio Marketplace and OpenVSX. → scworld.com |
| 2026-05-29 NEW 2026 | CISA urges security teams to check for software development compromises news | CISA is issuing an urgent alert to security teams, advising them to proactively scan their systems for compromises within their software development environments. This directive highlights the critical need to safeguard the integrity of the software supply chain. The agency's recommendation stems from concerns about potential vulnerabilities and breaches that could affect the development process, leading to widespread risks for downstream users. Security teams are encouraged to implement robust checks and balances to ensure the safety and trustworthiness of their software development practices. → cybersecuritydive.com |
| 2026-05-29 NEW 2026 | AI Software Supply Chain Threats Escalate in 2026 beginner | Analysis of JFrog's Software Supply Chain Security State of the Union 2026 report reveals escalating AI-driven threats, including nearly 500 malicious AI models capable of credential theft and system compromise, a 451% surge in malicious npm packages, and attackers targeting developer tools and CI/CD pipelines. The report highlights governance gaps around AI coding assistants and IDE extensions, alongside an increase in insecure AI-generated code, leading to vulnerabilities like XSS and SQL injection. This growing "vulnerability noise" complicates risk prioritization, with over 48,000 new CVEs disclosed in 2025. → esecurityplanet.com |
| 2026-05-29 NEW 2026 | Typosquatted npm Packages Steal Cloud and CI/CD Secrets beginner | Library that details a coordinated npm supply chain attack leveraging typosquatted packages like "opensearch-setup" and "elastic-opensearch-helper" to steal cloud and CI/CD secrets. The malware uses npm lifecycle hooks for silent execution, with payloads designed to harvest AWS credentials, HashiCorp Vault tokens, GitHub Actions secrets, and npm publish tokens. Attackers exploit techniques like metadata spoofing, version number inflation, and embedded Bun runtimes to evade detection, with a unique "X-Supply: 1" header as a potential indicator of compromise. → gbhackers.com |
| 2026-05-29 NEW 2026 | How the Glassworm Takedown Secures Digital Supply Chains beginner | Operation. This summary describes the Glassworm botnet takedown, a coordinated effort by CrowdStrike, Google, and Shadowserver to dismantle a threat targeting developers. Glassworm employs trojanized VSCode extensions, compromised npm and Python packages, and poisoned GitHub repositories to inject malicious code. Its resilience is attributed to a decentralized command and control architecture utilizing the Solana blockchain, BitTorrent DHT, Google Calendar events, and commercial virtual servers, making it resistant to conventional takedown methods. |
| 2026-05-29 NEW 2026 | Supply chain attacks hide malicious code inside the software you trust beginner | Supply chain attacks insert malicious code into legitimate software, making it appear trustworthy. This sophisticated technique targets the development and distribution process, compromising the integrity of software before it reaches end-users. Attackers exploit vulnerabilities in third-party components, build systems, or distribution channels to inject malware. Once deployed, this hidden code can steal data, disrupt operations, or establish persistent access to systems. Protecting against these attacks requires rigorous security measures throughout the software lifecycle, including code verification, dependency scanning, and secure development practices. |
| 2026-05-28 NEW 2026 | GlassWorm Malware Takedown: Disruption of Developer Supply Chain Attacks Targeting VSCode npm Python and GitHub news | Library detailing the disruption of the GlassWorm malware campaign, which targeted the developer supply chain. The malware utilized trojanized VSCode extensions, compromised npm and Python packages, and poisoned over 300 GitHub repositories using stolen credentials. GlassWorm RAT, its payload, harvested credentials from various developer tools and crypto-wallets, deploying SOCKS proxies and VNC clients. Its resilient C2 infrastructure leveraged the Solana blockchain, BitTorrent DHT, Google Calendar, and traditional VPS providers, requiring a coordinated takedown on May 26, 2026. → rescana.com |
| 2026-05-28 NEW 2026 | CrowdStrike Google Shut Down Glassworm Malware Operation - Open Source For You news | Analysis of the Glassworm botnet operation, disrupted by CrowdStrike and Google, details the targeting of the open-source software supply chain. Attackers poisoned over 300 GitHub repositories, abused compromised NPM and Python packages, and used trojanized VS Code extensions on the Open VSX marketplace to spread malware and steal credentials. The operation highlights the growing threat to developer infrastructure and open-source ecosystems. → opensourceforu.com |
| 2026-05-28 NEW 2026 | New Edamame Platform Aims to Catch AI Coding Agents Going Off the Rails beginner | Platform for detecting AI coding agent drift and malicious behavior, Edamame monitors workstation posture, hardens environments, and integrates with agents like Cursor and Claude. Its divergence and attack-pattern detection engines analyze telemetry for credential exfiltration, token theft, and sandbox exploitation, providing runtime verification for coding agent workloads and identifying supply-chain attacks. → securityweek.com |
| 2026-05-28 NEW 2026 | Multiple German hospitals impacted in billing provider data breach news | Breach detailing how hackers compromised Unimed, a German medical billing provider, impacting multiple university hospitals and leading to the theft of vast amounts of patient data, including billing disputes and personal information, affecting thousands of individuals across cities like Freiburg and Cologne. |
| 2026-05-27 NEW 2026 | CrowdStrike Google shatter Glassworm botnet news | Tool for identifying and remediating application vulnerabilities, leveraging AI to detect issues before production. This resource discusses the impact of LLMs on API attacks, the challenges in data sovereignty, and the trend towards "headless" SaaS architectures, exemplified by Salesforce and Anthropic. It also touches on the hardware crunch impacting IT infrastructure and the evolving landscape of cloud-native platforms. → theregister.com |
| 2026-05-27 NEW 2026 | Glassworm Group: Software Supply-Chain Attackers Disrupted news | Analysis of the Glassworm Group's software supply-chain attacks details their use of GlasswormRAT, a Node.js-based remote access Trojan, to poison code repositories like VS Code Marketplace and Open VSX. The group leverages stolen developer credentials to force-push malicious code into default branches of over 300 GitHub repositories, targeting Windows, Mac, and Linux systems. Their resilient command-and-control infrastructure utilized the Solana blockchain, BitTorrent, and Google Calendar for C2 server resolution. Indicators of compromise include connections to CrowdStrike-operated IP address 164.92.88.210. → bankinfosecurity.com |
| 2026-05-27 NEW 2026 | CrowdStrike and Google take down botnet used by hackers to target software developers in supply chain attacks news | Analysis of the Glassworm botnet, a threat actor that targeted open source developers and their supply chains for two years. CrowdStrike, Google, and Shadowserver collaborated to disrupt Glassworm's operations by taking down four command-and-control channels. Glassworm employed strategies like distributing malicious extensions, malvertising, and credential stuffing to compromise over 300 GitHub repositories. The botnet leveraged infrastructure including the Solana blockchain, BitTorrent, and Google Calendar. → techcrunch.com |
| 2026-05-27 NEW 2026 | Glassworm botnet disrupted after resilient C2 infrastructure takedown news | Analysis of Glassworm botnet disruption details its resilient C2 infrastructure, which leveraged Solana blockchain transactions, BitTorrent DHT, Google Calendar, and direct server connections. Researchers from CrowdStrike, Google, and The Shadowserver Foundation simultaneously took down these four channels, preventing infected machines from receiving new instructions or payloads. The report highlights Glassworm's targeting of developers through malicious OpenVSX and VS Code extensions, as well as npm packages, and provides YARA rules to identify infections. → bleepingcomputer.com |
| 2026-05-27 NEW 2026 | Megalodon Malware Infects Over 5500 GitHub Repositories news | Megalodon malware has compromised over 5,500 repositories on GitHub. The malware, which targets Windows and Linux systems, installs itself as a cryptocurrency miner. Researchers discovered that Megalodon uses open-source tools and aims to steal cryptocurrency wallet credentials. This widespread infection highlights significant security vulnerabilities within the developer ecosystem, emphasizing the need for robust security practices and ongoing monitoring of code repositories. The exact impact and potential for data exfiltration are still being assessed. → securityboulevard.com |
| 2026-05-27 NEW 2026 | GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure news | Library focused on disrupting the GlassWorm software supply chain attack campaign, which targeted developers via trojanized VS Code extensions, npm, and Python packages. This campaign aimed to steal credentials, cryptocurrency, and exfiltrate system data, often deploying GlassWormRAT. Attackers leveraged resilient C2 channels including the Solana blockchain, BitTorrent DHT, Google Calendar, and commercial VPS providers to maintain access and propagate, poisoning over 300 GitHub repositories. → thehackernews.com |
| 2026-05-27 NEW 2026 | TeamPCP Compromised LiteLLM in AI Supply Chain Attack news | Library compromising LiteLLM through an AI supply chain attack involved poisoning the Trivy scanner to steal CI/CD tokens, enabling the publication of malicious LiteLLM packages to PyPI. These packages used source injection and stealthy .pth file execution to harvest credentials for OpenAI, Anthropic, Azure, AWS, and Kubernetes, highlighting risks in AI infrastructure and developer pipelines. → esecurityplanet.com |
| 2026-05-26 NEW 2026 | Socket Raises $60M for Wider Software Supply-Chain Defense news | Library for securing software supply chains, Socket provides protection for developer endpoints, AI ecosystems, browser extensions, and editor plug-ins. It addresses the growing threat of malicious packages and dependencies introduced by AI development tools and open-source packages, offering features like Socket Firewall to block threats before they reach pipelines. The company has secured $60 million in funding to expand its security controls across broader software ecosystems and enhance its human-vetted threat analysis capabilities. → bankinfosecurity.com |
| 2026-05-26 NEW 2026 | Well-architected best practices for software supply chain security beginner | Reference for software supply chain security best practices, aligned with the AWS Well-Architected Framework. This document details techniques to mitigate risks from compromised maintainer accounts and malicious package downloads, referencing incidents like Shai-Hulud and the exploitation of npm packages. Key recommendations include using temporary credentials, enforcing least privilege access, implementing multi-factor authentication, and utilizing artifact signing with services like AWS Signer to create defense-in-depth strategies. → aws.amazon.com |
| 2026-05-26 NEW 2026 | Supply Chain Cybersecurity: The Vital Lessons for All CSCOs beginner | Analysis of supply chain cybersecurity risks, highlighting the impact of NotPetya on Maersk and recent attacks on UK grocery chains and JLR. The article stresses the importance of patch management, business continuity, multi-factor authentication, asset visibility, dependency tracking, and continuous compliance monitoring to mitigate threats from increasingly complex, technology-dependent global networks and the growing attack surface from AI adoption. |
| 2026-05-26 NEW 2026 | New supply chain attack targets Laravel PHP packages with credential stealer news | Library for detecting and mitigating supply chain attacks targeting PHP packages, specifically those affecting Laravel-Lang. This attack campaign, identified on May 22-23, 2026, involved malicious version tags published to packages like `laravel-lang/lang` and `laravel-lang/attributes`. The campaign distributed a credential stealer designed to collect cloud credentials, authentication tokens, cryptocurrency data, browser data, password manager vaults, and API keys from infected hosts, then exfiltrate and self-delete. → scworld.com |
| 2026-05-26 NEW 2026 | Why Are Software Supply Chains Under Constant Siege? beginner | Library for securing software supply chains, addressing risks from AI-generated code, compromised dependencies like those in npm, and manipulated CI/CD pipelines. It highlights how AI accelerates development while also enabling sophisticated, autonomous attacks, evolving vulnerability discovery and exploitation. The library targets common attack vectors including open-source vulnerabilities, malicious packages, compromised maintainers, secrets, and developer environments, recognizing trust as a primary exploitable element. → paloaltonetworks.com |
| 2026-05-26 NEW 2026 | Why developer machines are now the number one target for supply chain attacks beginner | Library providing enhanced security for developer machines, addressing the growing threat of supply chain attacks targeting workstations. It extends visibility beyond package registries to include IDE extensions, browser plugins, and AI tools, offering granular telemetry to detect and prevent vulnerabilities before they impact production. Examples mentioned include attacks via malicious VS Code extensions, Trivy, and compromised packages, highlighting the limitations of traditional EDR tools in monitoring developer environments. → aikido.dev |
| 2026-05-26 NEW 2026 | TeamPCP Emerges as a Growing Threat to Open-Source Software and AI Ecosystems news | Analysis of TeamPCP details their emerging threat to open-source software and AI ecosystems through sophisticated software supply chain attacks. This hacker group compromises widely used open-source packages and developer tools, injecting malicious code into software dependencies and pipelines. TeamPCP's operations exploit developer trust in community-driven platforms, impacting numerous applications and organizations. Their activities highlight the growing trend of financially motivated attacks targeting software infrastructure, urging enhanced verification, dependency monitoring, and stricter governance around third-party software integrations, particularly with accelerating AI adoption. → cxodigitalpulse.com |
| 2026-05-26 NEW 2026 | Perplexity Bumblebee Stops Dangerous Supply-Chain Attacks news | Library for auditing local developer environments, Perplexity Bumblebee scans lockfiles and manifests directly to identify supply-chain risks without executing code. It addresses the gap left by SBOMs and EDRs, particularly concerning post-install scripts within packages like those affecting TanStack and SAP, and auditable MCP configurations for AI tools like Cursor and Claude Desktop. Bumblebee is a zero-dependency, read-only binary suitable for startups, solo developers, and enterprises to prevent unnoticed pipeline spread. |
| 2026-05-26 NEW 2026 | Google blocks AI Powered Cyber Attack on 2FA and Megalodon Malware attack on GitHub news | Analysis of AI-powered attacks and supply chain threats, detailing Google's blocking of an AI-driven attack on 2FA using PROMPTSPY malware, which leveraged Gemini AI to automate exploitation of server vulnerabilities, and the Megalodon malware campaign infecting over 5,500 GitHub repositories through poisoned pipeline execution attacks targeting automated workflows. |
| 2026-05-26 NEW 2026 | TrapDoor Supply Chain Attack Actively Exploiting npm PyPI and CratesIO to Steal Developer Credentials in Crypto DeFi Solana and AI Sectors news | Library of tools and techniques for detecting and mitigating the TrapDoor supply chain attack, which actively exploits npm, PyPI, and CratesIO packages to steal developer credentials. This sophisticated campaign targets the crypto, DeFi, Solana, and AI sectors, leveraging malicious packages to exfiltrate AWS keys, GitHub tokens, SSH keys, and cryptocurrency wallet secrets. TrapDoor also uniquely abuses AI coding assistants by embedding hidden instructions in `.cursorrules` and `CLAUDE.md` files, tricking tools into exfiltrating secrets. Mitigation involves auditing dependencies, rotating credentials, searching for persistence artifacts like cron jobs and Git hooks, and monitoring for suspicious network traffic. → rescana.com |
| 2026-05-26 NEW 2026 | Megalodon GitHub Supply Chain Attack Hits 5500 Repos news | Library of GitHub Actions workflows used in the "Megalodon" supply chain attack, which compromised over 5,500 repositories. This attack campaign leveraged malicious commits to inject workflows designed to harvest CI/CD secrets, cloud access keys, and API tokens. The campaign exploited the `workflow_dispatch` feature for dormant backdoor creation and was linked to compromised versions of the Tiledesk open-source package. → thecyberexpress.com |
| 2026-05-25 2026 | Automated 'Megalodon' Campaign Spreads GitHub Repo Backdoors news | Library for detecting automated supply-chain attacks like the "Megalodon" campaign, which injected malicious GitHub Actions workflows to steal secrets from over 5,000 repositories. The attack targeted CI/CD pipeline secrets, cloud credentials, and SSH keys. The campaign used fake push requests, base64-encoded bash payloads, and two variants: "SysDiag" for mass execution on every push/pull request, and "Optimize-Build" for dormant backdoors triggered via API. It affected numerous repositories, including Tiledesk. → bankinfosecurity.com |
| 2026-05-25 2026 | Automated 'Megalodon' Campaign Spreads GitHub Repo Backdoors news | Library of GitHub Actions workflows that spread the 'Megalodon' campaign, targeting over 5,000 repositories. This automated attack injects base64-encoded bash payloads via forged author identities, stealing CI/CD secrets, cloud credentials, and SSH keys. Variants include 'SysDiag' and 'Optimize-Build,' with affected repositories needing commit reverts, secret rotation, and audit log reviews, particularly for OIDC federation. |
| 2026-05-25 2026 | Hackers Compromise 34 npm PyPI and Crates Packages in Major Supply Chain Attack news | Survey of the "TrapDoor" supply chain attack, which compromised 34 npm, PyPI, and Crates.io packages, including `eth-security-auditor` and `wallet-security-checker`. The attack uses ecosystem-specific techniques like post-install scripts and compile-time code execution to steal SSH keys, cloud credentials, and crypto wallet data, while employing persistence mechanisms and attempting AI prompt injection via hidden instructions in files like `.cursorrules`. → gbhackers.com |
| 2026-05-25 2026 | Who is TeamPCP the rising hacker group targeting open-source software and AI tools? news | Writeup on TeamPCP, a hacker group executing software supply chain attacks. They have targeted entities like GitHub, OpenAI, and Mercor, exploiting vulnerabilities in tools like VSCode extensions, Next.js, and Trivy to deploy malware and steal credentials. TeamPCP utilizes worms like 'Mini Shai-Hulud' to automate its operations, aiming for financial gain through ransomware and data extortion. Their tactics involve corrupting open-source software and AI tools, impacting hundreds of companies and raising concerns about secure development practices. |
| 2026-05-25 2026 | Socket Uncovers Supply Chain Attack on Cryptocurrency and AI Developers news | Analysis of the TrapDoor supply chain attack reveals a sophisticated campaign targeting developers across npm, PyPI, and Crates.io. The malware, distributed via GitHub, infiltrates systems by masquerading as helpful developer tools, stealing sensitive data like wallet credentials, API keys, and browser extension information from popular services including Coinbase, Binance, and MetaMask. It specifically targets AI programming assistants like Claude and Cursor, aiming to trick them into executing workflows that expose secrets. Persistence mechanisms are employed via scheduler tasks and autostart, meaning simple removal is insufficient, necessitating comprehensive key rotation and system compromise checks. |
| 2026-05-25 2026 | Over 5500 GitHub Repositories Infected in Megalodon Supply Chain Attack news | Writeup on the Megalodon supply chain attack, which infected over 5,500 GitHub repositories. The campaign leveraged malicious GitHub Actions workflows to steal credentials, keys, and tokens. Attackers injected over 5,700 commits within a six-hour window, deploying payloads to exfiltrate sensitive information like AWS, GCP, and Azure credentials, as well as SSH keys. The attack was discovered following the identification of compromised Tiledesk NPM packages. → securityweek.com |
| 2026-05-25 2026 | npm Introduces 2FA-Gated Publishing and New Install Controls to Strengthen Supply Chain Security news | Library updates from npm introduce staged publishing, requiring 2FA approval for package releases to prevent automated compromise and malicious injections. New install controls like `--allow-file`, `--allow-remote`, and `--allow-directory` offer granular restrictions on package sources, addressing the rise in software supply chain attacks seen in campaigns targeting npm packages. → cxodigitalpulse.com |
| 2026-05-25 2026 | TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm PyPI and CratesIO news | Library detailing the TrapDoor supply chain attack campaign that spread credential-stealing malware across npm, PyPI, and Crates.io. This coordinated campaign utilized malicious packages like `async-pipeline-builder` and `cryptowallet-safety`, employing techniques such as `trap-core.js` JavaScript payloads, Rust `build.rs` scripts, Python import-time execution, and the unusual tactic of implanting hidden instructions in `.cursorrules` and `CLAUDE.md` files to trick AI assistants. The attack targeted developers in crypto, DeFi, Solana, and AI, aiming to steal secrets, wallets, and credentials, with persistence achieved via cron jobs, systemd, Git hooks, and SSH. → thehackernews.com |
| 2026-05-24 2026 | Megalodon Supply Chain Attack: TeamPCP Compromises 5561 GitHub Repositories via Malicious CI/CD Workflows news | Library detailing the Megalodon campaign, a supply chain attack by TeamPCP that compromised 5,561 GitHub repositories via malicious CI/CD workflows. The attack leveraged compromised developer credentials, injecting bash scripts that exfiltrated secrets like AWS and Azure credentials, SSH keys, and OIDC tokens to a C2 server. Variants included SysDiag and Optimize-Build workflows, and attackers also published malicious npm packages impersonating the Polymarket project, demonstrating worm-like propagation and reaching targets in Iran and Israel. → rescana.com |
| 2026-05-24 2026 | Active Exploitation Alert: Laravel Lang PHP Packages Compromised in Supply Chain Attack to Deploy Credential-Stealing Malware news | Writeup on a supply chain attack targeting Laravel Lang PHP localization packages (laravel-lang/lang, laravel-lang/attributes, laravel-lang/http-statuses, laravel-lang/actions) which deployed credential-stealing malware. Attackers exploited GitHub version tagging to inject malicious code, impacting developers by exfiltrating cloud provider keys, developer secrets, browser passwords, and cryptocurrency wallets via a PHP dropper and secondary payload communicating with flipboxstudio[.]info. → rescana.com |
| 2026-05-23 2026 | npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks news | Library enabling staged publishing for npm packages, requiring 2FA approval before release to mitigate supply chain attacks. It introduces "npm stage publish" via npm CLI 11.15.0+, demanding maintainer verification for every publish, including CI/CD and OIDC workflows. New install flags—`--allow-file`, `--allow-remote`, `--allow-directory`—provide granular control over non-registry installation sources, mirroring allowlist approaches. → thehackernews.com |
| 2026-05-23 2026 | Laravel-Lang Supply Chain Attack: Every Tag Across Multiple Composer Packages Rewritten to Steal CI Secrets news | Writeup of the laravel-lang supply chain attack where a single actor rewrote all git tags across four popular Composer packages, including `laravel-lang/lang` and `laravel-lang/http-statuses`, to point to malicious commits. These commits added `src/helpers.php` to the `autoload.files` map, executing a payload upon application startup. The payload contacted `flipboxstudio.info`, dropped a PHP loader and ELF binary in `/tmp`, exfiltrated runner environment data, and then self-deleted. This technique bypassed standard version pinning, making pre-May 22, 2026 commit SHAs the only safe option. → stepsecurity.io |
| 2026-05-23 2026 | Laravel-Lang PHP Packages Compromised to Deliver Cross-Platform Credential Stealer news | Library: The `laravel-lang/lang`, `laravel-lang/http-statuses`, `laravel-lang/attributes`, and `laravel-lang/actions` PHP packages were compromised in a supply chain attack. Malicious code embedded in version tags, specifically `src/helpers.php`, automatically executed on application startup. This dropper delivered a cross-platform credential-stealing payload capable of harvesting data from cloud environments, cryptocurrency wallets, browsers, password managers, and various application configurations. The stealer encrypts exfiltrated data with AES-256 and deletes itself from the disk. → thehackernews.com |
| 2026-05-23 2026 | This Week's Top Five Stories in Cyber news | Platform addresses AI agent security risks with Agentic Fabric, enhancing visibility and control over non-human identities. Experian launches Transaction Forensics, an AI-powered threat detection platform, in collaboration with Resistant AI, to combat financial crime. Supply chain attacks targeting npm and PyPi ecosystems with credential stealer payloads, attributed to TeamPCP, highlight software supply chain vulnerabilities. Additionally, a lawsuit filed against Netflix alleges a surveillance system monetizing user viewing habits, using addictive designs to collect data. |
| 2026-05-23 2026 | JFrog Reveals Rise In AI-Driven Software Supply Chain Attacks news | Report on the 2026 Software Supply Chain Security State of the Union, revealing significant vulnerabilities in Indian organizations' adoption of AI-driven development. Findings highlight critical gaps in malicious package detection, container security, and secrets scanning, leaving them exposed to escalating AI-weaponized attacks. The study details a 451% surge in malicious npm packages, the rise of the "Shai-Hulud" worm, and the challenges DevSecOps teams face validating AI-generated code, all exacerbated by an AI governance gap and unchecked Shadow AI. |
| 2026-05-23 2026 | How Koi Protects Against Developer Supply Chains beginner | Library designed for Agentic Endpoint Security (AES) to protect against developer supply chain attacks. It addresses vulnerabilities exploited in the TeamPCP attack on the Nx Console VS Code extension, which leveraged trusted infrastructure abuse, invisible payloads in orphan commits, and credential harvesting. Koi provides frictionless visibility, proactive extension monitoring, and verified update rollouts to neutralize threats before they compromise sensitive data like Vault tokens, AWS metadata, and GitHub tokens, offering a modern alternative to legacy EDR solutions. → paloaltonetworks.com |
| 2026-05-23 2026 | Supply Chain Attack Flags 700 GitHub Repos With Hidden Linux Payload news | A supply chain attack has impacted over 700 GitHub repositories, introducing a hidden Linux payload. The malicious code was discovered embedded in a compromised project, allowing attackers to gain unauthorized access. This incident highlights the vulnerability of software supply chains and the potential for widespread compromise. The full extent of the attack and any potential payout information were not disclosed in the provided content. |
| 2026-05-23 2026 | Supply Chain Attack Targets Laravel-Lang Packages with Credential Stealer news | Library detecting a supply chain attack targeting Laravel-Lang packages, where malicious version tags pointed to a fork containing credential-stealing code. This malware, delivered via composer's autoloader, collects AWS, GCP, Azure, and other cloud credentials, infrastructure secrets, developer keys, browser passwords, cryptocurrency wallet files, and VPN configurations. The attack was reported to Packagist and Aikido provides detection and prevention tools, including Aikido Safe Chain for intercepting package installations. → aikido.dev |
| 2026-05-22 2026 | TeamPCP Strikes (again): How a Trojan VS Code Extension Brought Down GitHub intermediate | Library detailing the Nx Console VS Code extension compromise, where a trojanized version (18.95.0) was published, allowing TeamPCP to exfiltrate data from GitHub internal repositories. The extension silently executed a malicious package, `nx-next`, which stole GitHub tokens, npm credentials, AWS keys, Vault secrets, SSH keys, and other sensitive information through multiple exfiltration channels including HTTPS, the GitHub API, and DNS tunneling. → ox.security |
| 2026-05-22 2026 | Megalodon GitHub Attack Targets 5561 Repos with Malicious CI/CD Workflows news | Analysis of the Megalodon campaign reveals an automated attack that injected malicious GitHub Actions workflows into 5,561 repositories, exfiltrating CI secrets, cloud credentials, SSH keys, and source code to a C2 server. The campaign utilized forged author identities and rotated commit messages to mimic routine CI maintenance, with payload variants including SysDiag and Optimize-Build. This attack, part of a broader trend of supply chain compromises by groups like TeamPCP, highlights the exploitation of CI/CD pipelines for credential theft, exemplified by the compromise of packages like @tiledesk/tiledesk-server and the theft of Ethereum/Polygon private keys through malicious npm packages impersonating Polymarket tools. → thehackernews.com |
| 2026-05-22 2026 | Hackers Use Hugging Face to Host Second-Stage Malware for npm Supply Chain Attack news | Library for detecting sophisticated npm supply chain attacks where threat actors leverage Hugging Face for second-stage malware hosting and data exfiltration. This library helps identify malicious packages like "terminal-logger-utils" and its associated variants, which exhibit keylogger, infostealer, and RAT behaviors, stealing sensitive data including Telegram information, SSH keys, and cryptocurrency wallets. It can also detect the persistence mechanisms and self-update capabilities employed by this malware. → cybersecuritynews.com |
| 2026-05-22 2026 | 5561 GitHub Repositories Hit by Megalodon Supply Chain Attack in Six Hours news | Analysis of the Megalodon supply chain attack, which compromised 5,561 GitHub repositories in six hours. The attack utilized fake GitHub accounts and official-looking sender identities like `build-bot` to push malicious code updates. Techniques such as SysDiag and Optimize-Build were employed, embedding data-stealing scripts and dormant backdoors triggered via the GitHub API. Victims like Tiledesk unintentionally published infected versions of their software to the npm registry. The malware targets cloud credentials for AWS, Google Cloud, and Azure, and steals verification tokens to impersonate GitHub Actions workflows. → hackread.com |
| 2026-05-22 2026 | TeamPCP Poisons 500 Open Source Tools Breaches GitHub news | A threat actor known as "TeamPCP" has intentionally compromised over 500 open-source software projects hosted on GitHub. The group injected malicious code into these widely used tools, effectively "poisoning" them. This widespread poisoning could lead to the compromise of numerous downstream projects and users who rely on these open-source components. The extent of the damage and the specific vulnerabilities exploited are still under investigation. There is no mention of a bounty payout amount. |
| 2026-05-22 2026 | New Megalodon Malware Hits Thousands of GitHub Projects news | Megalodon, a new malware strain, has compromised thousands of GitHub projects. The attack targets cloud-based development environments, specifically exploiting vulnerabilities in cloud configurations. Megalodon utilizes the "cloud malware" technique to embed itself within these environments. This sophisticated threat poses a significant risk to code repositories and potentially the software developed within them, impacting a wide range of projects hosted on GitHub. → sqmagazine.co.uk |
| 2026-05-22 2026 | Following repeated supply chain attacks npm has introduced a 'phased release' system adding a mechanism that prevents packages from being published using only leaked tokens. news | Library introduces staged releases, a pre-publication review process for npm packages to mitigate supply chain attacks like Shai-Hulud. This system prevents packages from being published using only leaked tokens by requiring maintainer approval and two-factor authentication, even for automated CI/CD workflows. Maintainers can review and approve packages via CLI commands like `npm stage publish` and `npm stage view`, or through the npmjs.com interface. This mechanism aims to reduce the risk of malicious code injection through compromised accounts or tokens, complementing measures like Trusted Publish. → gigazine.net |
| 2026-05-22 2026 | India's AI surge exposes software supply chain security gaps news | Library for assessing software supply chain security gaps, particularly relevant to India's AI adoption. The resource highlights challenges in detecting malicious npm packages (up 451% in 2025) and the impact of 48,000+ new CVEs disclosed globally in 2025, partly from AI-generated code introducing vulnerabilities like SQL injection. It details how AI necessitates a shift from code creation to validation, with DevSecOps teams spending 51% of their time reviewing AI-generated code. Model registries, like Hugging Face's 1.4 million new artifacts in 2025, represent a growing attack surface, with identified malicious AI models containing payloads for credential harvesting and command execution. |
| 2026-05-22 2026 | Shai-Hulud supply chain attack compromises 323 npm packages news | Writeup of the Shai-Hulud supply chain attack, detailing how compromised npm maintainer accounts injected the Mini Shai-Hulud worm into 323 packages, including widely used libraries like echarts-for-react. The worm targets cloud keys, tokens, and crypto wallets via obfuscated JavaScript and can survive package removal by writing hooks into development environment files like `.vscode/tasks.json`. The attack's automated propagation mechanism allows stolen npm tokens to be used to publish new malicious versions, impacting millions of downloads and extending across multiple ecosystems beyond npm. |
| 2026-05-21 2026 | GitHub Internal Repositories Breached via Compromised Nx Console VS Code Extension: 2026 Supply Chain Cybersecurity Incident Analysis news | Analysis of the 2026 supply chain attack where a compromised Nx Console VS Code extension (version 18.95.0) led to the exfiltration of credentials and 3,800 internal GitHub repositories. The attack leveraged a stolen GitHub token, with the payload harvesting secrets from cloud providers, CI/CD, password managers, and AI coding assistants, while establishing persistence on macOS systems via a Python backdoor. MITRE ATT&CK techniques T1195.002, T1546.001, T1555, and T1041/T1048 were observed. TeamPCP claimed responsibility for the incident. → rescana.com |
| 2026-05-21 2026 | TanStack npm Supply Chain Attack: Detailed Analysis of the May 2026 GitHub Actions Breach and Multi-Ecosystem Impact news | Analysis of the May 2026 TanStack npm supply chain attack details a sophisticated breach by TeamPCP targeting GitHub Actions workflows. Exploiting cache poisoning and OIDC token theft, attackers published 84 malicious versions across 42 @tanstack npm packages, compromising secondary victims like Mistral AI and UiPath. The payload, router_init.js, exfiltrated credentials and deployed a destructive daemon. This incident highlights the vulnerability of CI/CD pipelines and the challenge of trusting SLSA provenance in light of this first documented npm compromise to carry valid attestations. → rescana.com |
| 2026-05-21 2026 | GitHub Breach Linked to TeamPCP Supply Chain Attack Spree news | Writeup detailing the GitHub breach attributed to the TeamPCP supply chain attack spree. This incident involved a malicious VSCode extension leading to the compromise of thousands of GitHub repositories. TeamPCP, known for corrupting legitimate developer tools with malware, has conducted over 20 waves of attacks, affecting numerous organizations including OpenAI and Mercor, and utilizing tools like Mini Shai-Hulud. The group has also targeted vulnerabilities in platforms like Next.js and compromised software such as Trivy and LiteLLM. |
| 2026-05-21 2026 | Socket raises $60 million for its open-source security platform news | Library for securing open-source software development pipelines, Socket offers features to prevent supply chain attacks. It scans modules for malware, vulnerabilities, and license restrictions, reportedly blocking over 1,000 attacks weekly. The platform includes customization of responses, ongoing oversight with a "Monitor" feature, vulnerability scanning, and a "Reachability" tool to reduce false positives by up to 90%. Socket also provides "Certified Patches" and tools to reduce transitive dependencies. → scworld.com |
| 2026-05-21 2026 | Mini Shai-Hulud: Frequently asked questions about the TeamPCP npm and PyPI supply chain campaign beginner | This article addresses frequently asked questions regarding the Mini Shai-Hulud campaign, a supply chain attack targeting the npm and PyPI package repositories through the TeamPCP project. The campaign involved malicious code injected into packages, aiming to compromise users' systems. The FAQ likely clarifies the scope of the attack, the compromised packages, the method of infection, and steps for users to mitigate risks and secure their environments. It aims to provide clear information and guidance to the affected community. → securityboulevard.com |
| 2026-05-21 2026 | GitHub Breach: Severe VS Code Supply Chain Attack news | Library of security writeups detailing a severe GitHub breach where a malicious VS Code extension, linked to the TeamPCP group, compromised internal repositories by exploiting broad permissions granted to developer tooling. This incident highlights the increasing threat of supply chain attacks targeting developer ecosystems and the critical need for robust security measures for developer workstations and software infrastructure at every stage of development. |
| 2026-05-21 2026 | Grafana Labs links GitHub environment breach to TanStack npm supply chain attack news | Grafana Labs has linked a breach of their GitHub environment to a supply chain attack targeting the TanStack npm package. Attackers compromised the TanStack npm package, likely through unauthorized access, and then used it to inject malicious code. This malicious code was subsequently utilized to gain unauthorized access to Grafana Labs' GitHub environment. The investigation is ongoing to determine the full extent of the compromise and to implement necessary security measures. → cybersecuritydive.com |
| 2026-05-21 2026 | Software supply chain attacks hit record highs thanks to AI development news | Software supply chain attacks are at an all-time high, largely driven by the rapid expansion of AI development. This trend highlights increased risks within the interconnected ecosystem of software dependencies. The article points to the growing complexity and interconnectedness of AI development as a key factor contributing to this surge in attacks. |
| 2026-05-21 2026 | GitHub Grafana Labs breaches traced back to TanStack supply chain compromise news | Tool for identifying supply chain compromises impacting GitHub and Grafana Labs, traced back to a malicious Nx Console VS Code extension and the TanStack npm supply chain attack, part of the Mini Shai-Hulud campaign by TeamPCP. This attack leveraged stolen credentials for HashiCorp Vault, Kubernetes, AWS, npm, GitHub, 1Password, GCP, and Docker, with attempted sudoers injection on Linux. → helpnetsecurity.com |
| 2026-05-21 2026 | JFrog Exposes Severe Blind Spots in Indias Software Supply Chain Security news | Library for securing software supply chains. This resource examines severe blind spots identified by JFrog within India's software supply chain security, highlighting how websites utilize cookies for functionality and personalization. It also touches upon Google reCAPTCHA for spam protection, Google Analytics for traffic analysis, and X Pixel for ad performance optimization on the X platform. |
| 2026-05-21 2026 | TeamPCP breaches GitHub accessing 3800 internal code repositories news | Writeup of TeamPCP's software supply-chain attack on GitHub, detailing how a malicious VS Code extension granted access to 3,800 internal code repositories. The stolen source code includes components for GitHub Actions, Copilot, and CodeQL. Attackers are attempting to sell this data for at least $50,000, posing significant risks to the crypto industry due to its reliance on GitHub for development and deployment infrastructure. |
| 2026-05-21 2026 | A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale news | Library providing defensive measures against unprecedented software supply chain attacks, detailing the techniques employed by the threat group TeamPCP. The group has successfully compromised hundreds of open source tools, including VSCode extensions, AntV, Trivy, LiteLLM, Checkmarx, pgserve, TanStack, and Mistral AI, leading to breaches at entities like GitHub, OpenAI, and Mercor. TeamPCP utilizes self-spreading worms like Mini Shai-Hulud and exploits long-lived credentials to gain access, often for ransomware and data extortion. → wired.com |
| 2026-05-21 2026 | Supply Chain Security Crisis: Too Many Vulnerabilities Too Little Visibility news | Analysis of the supply chain security crisis highlights the overwhelming number of CVEs, such as the over 48,000 published in 2025, and the rapidly decreasing time-to-exploitation, as evidenced by Mandiant's finding of negative seven days. Black Kite's research reveals that only a small fraction of these, 58 critical CVEs, pose a genuinely discoverable threat to enterprises. The increasing velocity of vulnerabilities, exacerbated by AI development and rapid application growth, necessitates improved visibility to manage risks, moving beyond traditional patching strategies. → securityweek.com |
| 2026-05-21 2026 | Grafana Labs Says Code Breach Stemmed from TanStack Attack news | Analysis of the Mini Shai-Hulud campaign demonstrates a supply chain attack targeting TanStack packages, leading to a code breach at Grafana Labs. Threat actors, TeamPCP, injected credential-stealing malware into dozens of npm packages, including those within the @tanstack/* organization. This malware exfiltrated GitHub workflow tokens, granting attackers access to Grafana's codebase and internal operational information. The attack also impacted OpenSearch, PyPI mistralai, PyPI guardrails-ai, and @squawk packages, exploiting compromised CI/CD pipelines to distribute malicious, cryptographically signed versions. → infosecurity-magazine.com |
| 2026-05-21 2026 | More Than 320 npm Packages Targeted in New Shai-Hulud Supply Chain Attack news | Writeup detailing the Shai-Hulud campaign, a software supply chain attack that compromised over 320 malicious npm packages. These packages, disguised as legitimate developer tools, were designed to steal sensitive information and credentials by downloading additional payloads and executing remote commands on infected systems. The attack highlights the growing threat to open-source ecosystems and the importance of auditing dependencies and verifying package authenticity. → cxodigitalpulse.com |
| 2026-05-21 2026 | GitHub links repo breach to TanStack npm supply-chain attack news | Writeup detailing the Nx Console VS Code extension compromise, which was exploited by the TeamPCP group to breach 3,800 GitHub repositories. This supply-chain attack, originating from a TanStack npm compromise, leveraged stolen CI/CD credentials and a malicious Nx Console payload designed to exfiltrate secrets from npm, AWS, Kubernetes, GitHub, and GCP/Docker. The compromised extension, version 18.95.0, was available on the Visual Studio Marketplace and OpenVSX for a limited time, impacting approximately 6000 VS Code users. → bleepingcomputer.com |
| 2026-05-21 2026 | Indias software stack consolidation raises supply chain risk pushes partners into governance roles news | Analysis of India's software stack consolidation reveals increased supply chain risk, with fewer development stacks and AI-driven coding pushing partners into governance roles. Enterprises standardizing on limited frameworks and AI assistance, as noted by JFrog's Sudhir Narla, amplify the blast radius of attacks. This trend drives partners towards advisory and operational services focusing on DevSecOps maturity, continuous compliance, and software trust management, rather than traditional resale. The evolving landscape necessitates governance models that keep pace with AI adoption, ensuring visibility and continuous enforcement across development, testing, and production, as organizations grapple with insecure dependencies and expanding attack surfaces due to developer tools. |
| 2026-05-21 2026 | GitHub Hit by Supply Chain Attack Through VS Code Extension news | GitHub was targeted by a supply chain attack exploiting a vulnerability in a VS Code extension. The attackers gained unauthorized access to customer data, including GitHub user information. The company is investigating the full scope of the breach and has notified affected customers. This incident highlights the risks associated with software supply chains and the importance of securing third-party integrations. No specific bounty payout amount was mentioned in this content. → sqmagazine.co.uk |
| 2026-05-21 2026 | GitHub Internal Repositories Breached via Malicious Nx Console VS Code Extension news | Writeup detailing the GitHub internal repositories breach caused by a malicious Nx Console VS Code extension. The incident, attributed to the TeamPCP group, involved a trojanized version of the `nrwl.angular-console` extension that exfiltrated credentials from 1Password, Anthropic Claude Code, npm, GitHub, and AWS. The attack exploited the automatic update feature of VS Code extensions and targeted developer tooling, highlighting risks in software supply chain security and open-source distribution. Other organizations like OpenAI, Mistral AI, and Grafana Labs were also affected by the preceding TanStack compromise. → thehackernews.com |
| 2026-05-21 2026 | 5 Supply Chain Attacks in 48 Hours: Why Securing One Layer Is Not Enough beginner | Library for securing the software supply chain, this resource details five distinct attacks in 48 hours targeting VS Code extensions, GitHub Actions, npm packages, and PyPI. It highlights how traditional tools like SCA and SAST fall short, failing to monitor CI/CD runtime or developer machines. The library offers runtime security for CI/CD, visibility into developer workstations, and ecosystem-wide threat intelligence to address these multi-layered threats. → stepsecurity.io |
| 2026-05-21 2026 | Mini Shai Hulud: Compromised @antv npm packages enable CI/CD credential theft news | Library for detecting and mitigating the Mini Shai Hulud supply chain attack, which compromised @antv npm packages. This attack used obfuscated JavaScript to steal credentials from GitHub Actions, AWS, HashiCorp Vault, npm, Kubernetes, and 1Password. The payload employed techniques like runner memory scraping, privilege escalation via bind mounts, dual-channel exfiltration through HTTPS and Git Data API, and SLSA provenance forgery. The library helps identify affected systems and pin safe package versions. → microsoft.com |
| 2026-05-20 2026 | Shai-Hulud: What to Know About the Malware Spreading Through Software Pipelines beginner | Library Shai-Hulud is a malware campaign spreading through software pipelines, impacting approximately 320 npm and PyPI packages. It abuses trusted workflows like GitHub Actions, affecting major entities including OpenAI, Microsoft, and Mistral AI. This threat exploits the reliance on third-party code, allowing attackers to gain access to downstream projects, steal credentials (cloud, crypto wallet, SSH keys), and enlist machines into botnets, posing a significant risk to enterprise systems beyond developer environments. |
| 2026-05-20 2026 | The Extension Blind Spot: How One VS Code Plugin Gave Attackers GitHub's Source Code news | A vulnerable VS Code extension, "Expandable", inadvertently exposed GitHub's source code. The extension's unauthenticated endpoints allowed attackers to download sensitive files, including proprietary code. This vulnerability highlights the security risks associated with extensions and the importance of thorough vetting. → securityboulevard.com |
| 2026-05-20 2026 | New JFrog Report Warns: AI Governance Fails as Software Supply Chain Attacks Hit Record Highs news | Report detailing JFrog's 2026 Software Supply Chain Security State of the Union findings, highlighting a record high in software supply chain attacks. The report exposes a growing gap in AI governance as threat actors target AI model registries and developer tooling, moving beyond traditional package registries. Key findings include a surge in malicious npm packages, AI agent skills becoming an attack surface, and organizations claiming AI governance while still using public registries with known malicious payloads, illustrating an "illusion of mastery." |
| 2026-05-20 2026 | New JFrog Report Warns: AI Governance Fails as Software Supply Chain Attacks Hit Record Highs news | Report on the state of software supply chain security in 2026 highlights accelerating enterprise risk as attackers target AI model registries and developer tooling, bypassing traditional package registries. This expansion creates significant blind spots within existing software governance frameworks, indicating a failure in AI governance amidst a record high for software supply chain attacks. |
| 2026-05-20 2026 | New JFrog Report Warns: AI Governance Fails as Software Supply Chain Attacks Hit Record Highs news | A new JFrog report reveals a significant surge in software supply chain attacks, reaching record highs. The report highlights that current AI governance frameworks are inadequate in preventing these attacks. This trend indicates a growing vulnerability in the software development lifecycle, with attackers increasingly targeting the dependencies and components used to build software. The failure of AI governance to keep pace with evolving threats is a major concern for cybersecurity professionals. |
| 2026-05-20 2026 | GitHub breached via a malicious VS Code extension: why developer devices are the real target news | Library for on-device application security, Aikido Device Protection, combats threats from trusted developer tooling like VS Code extensions. It features real-time malware blocking by checking against a live feed and a configurable minimum age policy, preventing installation of recently published or updated packages within a set timeframe. This approach protects against attacks like the compromised Nx Console extension and Durable Task Python SDK by enforcing security at the workstation, independent of network controls and beyond the scope of traditional EDR solutions. → aikido.dev |
| 2026-05-20 2026 | GitHub says internal repositories were taken in poisoned VS Code extension attack news | Attack detailing a supply chain compromise where a poisoned Visual Studio Code extension, specifically a trojanized version of Nx Console, led to the exfiltration of GitHub's internal repositories. This incident highlights the risks associated with third-party developer tools, as compromised extensions operating within development environments can gain access to sensitive source code, credentials, and build systems, with a hacking group claiming responsibility for the attack. → cyberscoop.com |
| 2026-05-20 2026 | Grafana GitHub Breach Linked to TanStack npm Supply Chain Ransomware news | Analysis of the Grafana GitHub breach, linked to a TanStack npm supply chain compromise and the "Mini Shai-Hulud" campaign, details how attackers leveraged compromised npm dependencies to inject malicious code. A missed GitHub workflow token allowed continued access, leading to exfiltration of source code, internal documentation, and business contact information. Despite token rotation, an overlooked CI/CD workflow facilitated the data theft, prompting a ransom demand which Grafana refused, aligning with FBI guidance. The incident underscores the risks of compromised npm packages within automated CI/CD workflows. → cybersecuritynews.com |
| 2026-05-20 2026 | GitHub Confirms Breach of Internal Repositories Via Malicious VS Code Extension news | Library detailing supply chain attacks, including TeamPCP's breach of GitHub's internal repositories via a malicious VS Code extension. This attack highlights the risks associated with compromised development tools and open-source projects, exemplified by TeamPCP's previous targeting of Aqua Security's Trivy and Checkmarx's KICS, as well as direct compromises of Python packages like LiteLLM. The group aims to steal sensitive information such as cloud credentials and SSH keys, often collaborating with ransomware actors. → infosecurity-magazine.com |
| 2026-05-20 2026 | GitHub Breached: Malicious VS Code Extension Exposes 3800 Repos news | Writeup of a GitHub supply chain attack where a poisoned Visual Studio Code extension on an employee's device led to exfiltration of approximately 3,800 internal repositories. While no customer repositories were compromised, the incident highlights the threat of malicious extensions to developer environments and the crypto industry's reliance on GitHub, emphasizing the need for credential rotation. |
| 2026-05-20 2026 | GitHub Confirms Hack Impacting 3800 Internal Repositories news | Library of techniques for preventing supply chain attacks targeting developer tooling, including VS Code extensions. The article highlights the GitHub incident where TeamPCP exploited a poisoned VS Code extension, leading to the exfiltration of approximately 3,800 internal repositories. It emphasizes the critical need for visibility into developer machine extensions and secrets management to counter threats that leverage compromised developer workstations, as seen with past attacks on Trivy, Checkmarx, Bitwarden CLI, and TanStack. → securityweek.com |
| 2026-05-20 2026 | Pip 26.1 Ships Dependency Cooldowns and Experimental Lockfile Support to Combat Supply Chain Attacks news | Library update, Pip 26.1, introduces dependency cooldowns to mitigate supply chain attacks by enforcing installation delays for new packages, drawing on analysis of past incidents like those affecting Essential Plugin and XZ Utils. It also adds experimental support for PEP 751 pylock.toml lockfiles, expanding adoption beyond uv. The release addresses CVE-2026-3219 and CVE-2026-6357, and updates vendored urllib3 to resolve three additional CVEs. |
| 2026-05-20 2026 | Tanium Highlights Supply Chain Attack Research on npm and PyPI news | Tanium Highlights Supply Chain Attack Research on npm and PyPI https://ift.tt/MlKiyuY → tipranks.com |
| 2026-05-20 2026 | Grafana GitHub Breach Exposes Source Code via TanStack npm Attack news | Writeup detailing the Grafana GitHub breach, originating from a TanStack npm supply chain attack by TeamPCP. The incident exposed public and private source code, alongside internal operational data and business contact information, impacting Grafana Labs, OpenAI, and Mistral AI. Despite missed tokens leading to repository access, Grafana opted against paying an extortion demand, instead focusing on rotating tokens, enhancing monitoring, and auditing commits. → thehackernews.com |
| 2026-05-20 2026 | GitHub Investigating TeamPCP Claimed Breach of 4000 Internal Repositories news | Analysis of the TeamPCP breach reveals a sophisticated supply chain attack originating from a poisoned Visual Studio Code extension, leading to unauthorized access to approximately 4,000 internal GitHub repositories. This incident also saw the compromise of the `durabletask` Python package on PyPI, distributing an infostealer capable of harvesting cloud provider credentials, password manager data, and SSH keys, with self-propagation mechanisms across AWS EC2 and Kubernetes environments. The malware employs a FIRESCALE mechanism to find backup C2 addresses by searching public GitHub commit messages. → thehackernews.com |
| 2026-05-20 2026 | Software Supply-Chain Attack Analysis Underscores Security Demand for Tanium news | A recent analysis of a software supply-chain attack highlights the critical need for robust security solutions like Tanium. These attacks, which compromise trusted software providers to distribute malicious code, pose a significant threat to organizations. The study emphasizes how Tanium's capabilities in asset visibility, threat detection, and rapid response are essential for mitigating the risks associated with these sophisticated attacks. By providing comprehensive endpoint management, Tanium empowers businesses to identify vulnerabilities, prevent breaches, and restore systems quickly, underscoring its value in defending against evolving cyber threats. → tipranks.com |
| 2026-05-19 2026 | Hackers have compromised dozens of popular open source packages in an ongoing supply chain attack news | Library for detecting compromised open source packages, focusing on supply chain attacks like "Mini Shai-Hulud." This library helps identify malicious updates pushed to downstream users, such as those targeting Antv, a library by Alibaba, and TanStack, which impacted OpenAI employees by stealing credentials for services like password managers. |
| 2026-05-19 2026 | Bitsight Beacon: Supply Chain Exposure Management for the SOC beginner | Tool for supply chain exposure management. Bitsight Beacon continuously monitors third-party environments for threats across the attack lifecycle, including infrastructure exposure, malicious activity, and post-compromise breach evidence. It correlates signals from attack surface intelligence, supply chain mapping, and threat intelligence to deliver validated alerts with IOCs, MITRE ATT&CK mappings, and remediation guidance, facilitating earlier detection and response between SOC and TPRM teams. |
| 2026-05-19 2026 | AntV data visualization tool the latest to be hit by ongoing npm supply chain attacks news | Library that has been compromised by the Mini-Shai-Hulud worm, a prevalent npm supply chain attack. The worm targets AntV data visualization tools and attempts to steal npm and GitHub tokens, along with credentials from numerous file paths including cloud platforms and cryptocurrency wallets. Attackers store exfiltrated data in public GitHub repositories themed on Dune, and the malware may attempt persistence via a Python backdoor. Developers are advised to audit and move to known safe versions, rotate all credentials, and strengthen monitoring and package verification. |
| 2026-05-19 2026 | TanStack weighs invitation-only pull requests after supply chain attack news | Library proposals address supply chain vulnerabilities following a Shai-Hulud worm attack that exploited a GitHub Actions misconfiguration. Measures include removing `pull_request_target` usage, disabling caches, pinning actions to commit SHAs, and implementing pnpm's `minimumReleaseAge` feature. A radical proposal considers invitation-only pull requests to mitigate risks, while acknowledging the impact on open-source contributions. |
| 2026-05-19 2026 | Massive npm Supply Chain Attack Compromises AntV Packages news | Library compromise targeting AntV packages in a supply chain attack, linked to the "Mini Shai-Hulud" campaign, injected malicious versions into over 300 npm libraries like @antv/g2 and echarts-for-react. The malware aimed to steal AWS credentials, GitHub tokens, npm tokens, SSH keys, and Docker/Kubernetes secrets, with some versions attempting container escapes. This follows similar patterns seen with Axios and TanStack package compromises, emphasizing the risk of hijacked maintainer accounts and automated dependency updates. → thecyberexpress.com |
| 2026-05-19 2026 | The @antv Ecosystem Was Compromised with Shai-Hulud Malware 300 Packages Affected news | Library for detecting the Shai-Hulud npm malware, which compromises over 300 packages and affects millions of downloads. This self-propagating worm, suspected to be from TeamPCP, harvests credentials via malicious `preinstall` scripts, exfiltrates data disguised as OpenTelemetry, and uses stolen GitHub tokens to create public repositories with the beacon string "niagA oG eW ereH :duluH-iahS". Recommended actions include rotating keys, adding 2FA, and downgrading affected packages. → ox.security |
| 2026-05-19 2026 | Hackers have compromised dozens of popular open source packages in an ongoing supply chain attack news | Analysis of "Mini Shai-Hulud," a supply chain attack campaign compromising dozens of open source packages, including Alibaba's Antv and TanStack. Attackers leverage compromised developer accounts to push malicious updates across hundreds of packages, aiming to steal credentials from users of password managers and other services. Researchers at StepSecurity and SafeDep identified this widespread threat, which has impacted numerous downstream projects and organizations like OpenAI. → techcrunch.com |
| 2026-05-19 2026 | Software Supply Chain Attacks Underscore Rising Cybersecurity Demand news | This article highlights the increasing threat of software supply chain attacks, where vulnerabilities in third-party software components are exploited to compromise larger systems. These attacks, like the recent SolarWinds incident, demonstrate a critical need for enhanced cybersecurity measures. The sophistication and potential impact of these breaches underscore the growing demand for robust security solutions and expertise to protect against evolving cyber threats. The content implies a significant and escalating concern within the cybersecurity landscape. → tipranks.com |
| 2026-05-19 2026 | TeamPCPs Mini Shai-Hulud Campaign Breaches TanStack npm news | Writeup on the Mini Shai-Hulud campaign that targeted TanStack npm packages, exploiting GitHub Actions vulnerabilities to poison caches and publish malicious versions. This supply chain attack, attributed to TeamPCP, utilized a credential stealer and self-propagating worm to exfiltrate tokens, including OpenID Connect, CI/CD, and cloud credentials, affecting organizations like OpenAI. The malware specifically avoided Russian-language systems. |
| 2026-05-19 2026 | What is Mini Shai-Hulud npm supply chain attack and was Microsoft and Socket hit by malware? Full explain beginner | Analysis of the Mini Shai-Hulud npm supply chain attack details a worm-like campaign that compromised npm accounts to publish malicious package versions. This attack injected credential-stealing code, targeting GitHub tokens, AWS credentials, SSH keys, and more, using preinstall hooks to execute during installation. Microsoft Defender detected the malware, while Socket reported extensive compromise within the @antv ecosystem, highlighting risks to CI/CD pipelines and developer environments. The campaign leverages stolen tokens for propagation and could be linked to financially motivated groups. |
| 2026-05-19 2026 | The Worm That Keeps on Digging: TeamPCP Hits @antv in Latest Wave news | Analysis of a coordinated software supply chain attack reveals malware targeting NPM packages within the @antv namespace, GitHub Actions like actions-cool/issues-helper, and the VSCode extension nrwl.angular-console v18.95.0. The campaign, attributed to "TeamPCP", leverages orphaned GitHub commits for payload hosting and uses `bun` for execution, stealing credentials and establishing persistence via a Python backdoor at `~/.local/share/kitty/cat.py`. The backdoor uses the trigger `firedalazer` for C2 communication, executing remote Python code. → wiz.io |
| 2026-05-19 2026 | One NPM accoun poisons over 600 packages with millions of weekly downloads in a new supply chain attack news | A threat actor compromised a single NPM account, injecting malicious code into over 600 packages. These poisoned packages, collectively downloaded millions of times weekly, represent a significant supply chain attack. The malware aims to steal environment variables, potentially exposing sensitive data like API keys and user credentials. This incident highlights the vulnerability of the NPM ecosystem and the widespread impact of compromised dependencies. → cybernews.com |
| 2026-05-19 2026 | Malicious GitHub Action Steals Workflow Credentials In Supply Chain Attack news | Library for detecting malicious GitHub Actions, specifically detailing an attack on the `issues-helper` action that manipulates repository tags and commits to exfiltrate workflow credentials. The attack involves downloading the Bun JavaScript runtime, using Python child processes to scrape secrets from runner memory, and exfiltrating data to an attacker-controlled domain. Security measures like Harden-Runner and StepSecurity can block these compromised actions and outbound connections. → cyberpress.org |
| 2026-05-19 2026 | Mini Shai-Hulud Malware Campaign Compromises Open-Source Packages in Major Supply Chain Attack news | Analysis of the Mini Shai-Hulud malware campaign reveals a large-scale software supply chain attack impacting hundreds of open-source npm and PyPI packages. Attackers exploited GitHub Actions and CI/CD pipelines via cache poisoning to inject malicious code, compromising popular packages from vendors like TanStack and UiPath. The malware steals credentials, establishes persistence in developer tools, and possesses destructive capabilities, highlighting the weaponization of trusted automation infrastructure and the evolution of supply chain threats targeting AI and cloud development. → cxodigitalpulse.com |
| 2026-05-19 2026 | GitHub Actions Supply Chain Attack Redirects Tags to Steal CI/CD Credentials news | Library for detecting supply chain attacks against GitHub Actions, specifically detailing a compromise of the "actions-cool/issues-helper" and "actions-cool/maintain-one-comment" workflows. Threat actors redirected repository tags to malicious commits, exfiltrating CI/CD credentials by executing code that reads runner memory and makes outbound calls to attacker-controlled domains like "t.m-kosche[.]com". This technique, involving imposter commits, bypasses PR reviews and achieves arbitrary code execution, potentially linked to the Mini Shai-Hulud campaign targeting npm packages. → thehackernews.com |
| 2026-05-19 2026 | Mini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer Account news | Library detailing the Mini Shai-Hulud software supply chain attack campaign, which leverages compromised npm maintainer accounts to inject credential-stealing payloads into popular packages like echarts-for-react and various @antv ecosystem modules. The campaign targets over 20 credential types, including AWS, Azure, and GitHub tokens, and utilizes techniques such as OIDC token abuse and Sigstore attestation forgery to mimic legitimate releases. The attack's payload exfiltrates data to actor-controlled domains and can propagate through stolen npm tokens by republishing trojanized package versions. → thehackernews.com |
| 2026-05-19 2026 | Dataminr Highlights Emerging Risks in Software Supply Chain and AI Security news | Dataminr has identified critical emerging risks within software supply chains and AI security. Their analysis points to the growing threats in how software is developed and deployed, emphasizing the need for enhanced security measures. The company's insights suggest a proactive approach is necessary to mitigate vulnerabilities in these complex and rapidly evolving areas. → tipranks.com |
| 2026-05-18 2026 | Shai-Hulud copycat hits another npm package news | Library for identifying and mitigating supply chain attacks, specifically addressing threats like the Shai-Hulud copycat worm targeting npm packages. It also covers other stealer malware found within packages, highlighting the risks posed by malicious code inserted into widely used software components. The entry also touches on broader security concerns such as AI-assisted attacks on APIs and the vulnerability of open-source registries. → theregister.com |
| 2026-05-18 2026 | OpenAI macOS Products Impacted by TanStack Supply Chain Attack via Mini Shai-Hulud Malware in TeamPCP Campaign news | Writeup on the TanStack supply chain attack, where the TeamPCP threat group used the Mini Shai-Hulud worm to compromise OpenAI's macOS products. Attackers injected malicious code into TanStack npm packages, stealing credentials from OpenAI employee devices. This incident highlights risks from compromised CI/CD pipelines and open-source dependencies, impacting multiple AI and software development organizations. OpenAI responded by rotating credentials and reviewing code-signing certificates. → rescana.com |
| 2026-05-18 2026 | OpenAI macOS Apps Targeted in TanStack Supply Chain Attack: Two Employee Devices Compromised Urgent Updates Required news | Writeup detailing the TanStack supply chain attack, orchestrated by TeamPCP, which compromised two OpenAI employee devices. The attack utilized the Mini Shai-Hulud malware, distributed via trojanized npm and PyPI packages, to exfiltrate credentials and establish persistence through modified VS Code tasks. OpenAI responded by revoking code-signing certificates for macOS, iOS, and Windows products, requiring mandatory updates for specific desktop applications before June 12, 2026, due to the incident's impact on internal source code repositories. → rescana.com |
| 2026-05-18 2026 | AI supply-chain attacks bypass model red teams intermediate | AI supply-chain attacks are a growing concern, as demonstrated by a recent incident where attackers successfully bypassed model red teams. This indicates that current defensive measures are insufficient against sophisticated methods that compromise the AI development lifecycle. The attack highlights a vulnerability where malicious inputs or data can be injected into the AI's training or deployment pipeline, leading to unintended or harmful behavior, even when the model has undergone rigorous testing. This necessitates a re-evaluation of AI security strategies to address these novel threats effectively. |
| 2026-05-18 2026 | TeamPCP compromises Python libraries via supply chain attack news | Writeup of CVE-2026-33634, a critical supply chain attack by TeamPCP targeting Python libraries. The attackers first compromised the vulnerability scanner Trivy, then used its publication tokens to upload malicious versions of the LiteLLM library to PyPI. These versions injected payloads to exfiltrate AI keys (OpenAI, Anthropic, Azure), cloud credentials (AWS, GCP, Azure), and SSH keys, then established a backdoor. The attack exploited LiteLLM's role as a gateway to over 100 LLM providers, impacting thousands of internet-facing instances. → techzine.eu |
| 2026-05-18 2026 | First Shai-Hulud Worm Clones Emerge news | Writeup detailing the emergence of Shai-Hulud worm clones following the release of its source code. The malware, previously used in supply chain attacks against NPM packages affecting developers, was adapted by threat actors and published in new NPM packages like 'chalk-tempalte'. These clones aim to steal credentials and API keys, propagating by injecting themselves into victim packages and publishing malicious versions, impacting users of Trivy, Bitwarden, Checkmarx, SAP, and TanStack. → securityweek.com |
| 2026-05-18 2026 | OpenAI Among the Companies Affected by TanStack Breach news | Writeup on the Mini Shai-Hulud campaign, detailing a supply chain attack in May 2026 that compromised npm and PyPi ecosystems. Threat actors exploited a GitHub Actions vulnerability to publish malicious versions of TanStack npm packages, affecting companies like OpenAI. The attack leveraged poisoned caches and stolen OpenID Connect tokens to publish malicious package versions, spreading like a worm by stealing CI/CD tokens, cloud credentials, and various registry tokens. The malware exhibited self-propagating worm capabilities within the npm ecosystem and included a check to terminate if Russian language settings were detected. |
| 2026-05-18 2026 | TanStack weighs invitation-only pull requests after supply chain attack news | Library usage changes follow a supply chain attack on TanStack, a popular JavaScript utility library. After a malicious actor compromised an npm package, TanStack is exploring changes like invitation-only pull requests to enhance its security posture and prevent future incidents, underscoring the growing risks in open-source software development. → theregister.com |
| 2026-05-18 2026 | OpenAI Rotates Certificates After TanStack Supply Chain Attack Hits Employee Devices news | Library affected by TanStack supply chain attack, exposing OpenAI employee devices and necessitating code-signing certificate rotation and mandatory macOS app updates. The incident, part of the "Mini Shai-Hulud" campaign, leveraged compromised GitHub Actions caches to distribute malicious npm packages. Malware within these packages pilfered credentials like GitHub tokens and SSH keys from affected systems. Experts emphasize this highlights critical vulnerabilities in CI/CD pipelines and developer workstations, advocating for stricter controls, immutable dependencies pinned to specific hashes, and secret isolation to mitigate risks. |
| 2026-05-18 2026 | Forcepoint details TeamPCP supply chain attack that turned LiteLLM into a credential stealer news | Library analysis detailing the TeamPCP supply chain attack that compromised LiteLLM versions 1.82.7 and 1.82.8. The attack leveraged a poisoned Trivy build, leading to credential theft including PYPI_PUBLISH tokens, OpenAI, Anthropic, Azure, and AWS API keys. Malicious payloads were embedded via proxy server modifications and a stealthy .pth file, enabling exfiltration of sensitive data and installation of a persistent backdoor. |
| 2026-05-18 2026 | Developer Workstations Are Now Part of the Software Supply Chain beginner | Library of techniques and tools for securing developer workstations, recognizing them as a critical part of the software supply chain. The resource highlights how attackers target secrets like API keys and cloud credentials on these machines, as demonstrated in campaigns like "mini Shai Hulud" and TeamPCP. It emphasizes the importance of securing local context, managing credential exposure, and integrating security into AI-assisted development workflows to prevent attacks before they reach repositories and CI/CD pipelines. → thehackernews.com |
| 2026-05-18 2026 | Hacking NPM is now a contest: copycats using TeamPCP code to compromise open source news | NPM has launched a bug bounty program due to copycat attackers leveraging TeamPCP code to compromise open-source projects. This initiative aims to incentivize the discovery and reporting of vulnerabilities within the NPM ecosystem, enhancing its security. The contest encourages ethical hackers to identify and disclose security flaws, thereby helping to protect the open-source software supply chain from malicious exploitation. Further details on the program and potential rewards can be found at the provided link. → cybernews.com |
| 2026-05-18 2026 | OpenAI responds to TanStack supply chain cyber attack news | Library update detailing OpenAI's response to the 'Mini Shai-Hulud' supply chain attack, which leveraged the compromised TanStack npm package. The incident involved credential-focused malware, affecting two employee devices and leading to limited exfiltration of credential material without impacting user data or production systems. OpenAI's mitigation included isolating systems, revoking credentials, and implementing new protections like stricter package verification and provenance validation for upstream libraries. This also necessitated a precautionary rotation of software signing certificates for products like ChatGPT Desktop and Codex App. |
| 2026-05-17 2026 | OpenAI Urges macOS Users to Update After TanStack Supply Chain Attack Hits Signing Keys news | OpenAI is strongly advising macOS users to update their systems following a supply chain attack on TanStack. The attack compromised signing keys, potentially affecting applications that rely on them. While specific details about the extent of the compromise or any direct impact on OpenAI products are not immediately clear, the alert highlights a significant security incident within the software development ecosystem. Users should ensure their macOS and any affected applications are updated to the latest versions to mitigate potential risks. No bug bounty payout amount was specified. → securityboulevard.com |
| 2026-05-16 2026 | OpenAI hit by supply chain attack linked to malicious TanStack packages news | Library impacting OpenAI, TanStack, UiPath, and DraftLab highlights the Mini Shai-Hulud worm campaign. Attackers leveraged hijacked GitHub Actions OIDC tokens to distribute malicious npm packages, including 84 tied to TanStack, that stole secrets from CI/CD environments and developer tools like VS Code. The worm generated valid SLSA Level 3 attestations, making it appear legitimate, and led to credential exfiltration from two OpenAI employee devices, compromising internal source code repositories and code-signing certificates. → securityaffairs.com |
| 2026-05-16 2026 | OpenAI Impacted by TanStack Supply-Chain Attack news | Writeup detailing the OpenAI supply-chain attack, where compromised TanStack npm packages, part of the "Mini Shai-Hulud" campaign, infected two employee devices. Attackers leveraged malicious code in 84 package versions to steal limited credentials from internal source code repositories, though OpenAI confirmed no user data or production systems were compromised. This incident underscores the growing risk of supply-chain attacks targeting AI companies and their reliance on open-source ecosystems. → cxodigitalpulse.com |
| 2026-05-16 2026 | Node-ipc supply chain attack targets crypto devs news | A malicious actor injected code into the popular Node-ipc package, a tool used by cryptocurrency developers. This compromised version, disguised as a legitimate update, contained a "protester-war" module that targeted developers in Ukraine and Russia. For users outside of these countries, the module would deploy cryptocurrency-mining malware. This incident highlights the vulnerability of software supply chains and the potential for malicious actors to exploit widely used tools to distribute harmful code. |
| 2026-05-16 2026 | OpenAI tells Mac users to update apps after software supply chain attack news | OpenAI has urged Mac users to update their applications following a software supply chain attack. Attackers compromised a third-party analytics provider, potentially exposing user data from certain OpenAI applications, including ChatGPT. While OpenAI states that their systems were not directly breached and no sensitive information like conversation history or payment details were compromised, they recommend users update their apps to mitigate any potential risks from this incident. → msn.com |
| 2026-05-16 2026 | Expired domain leads to supply chain attack on node-ipc npm package news | Library for Node.js Inter-Process Communication compromised via expired domain and email takeover. Malicious versions of the popular `node-ipc` npm package (9.1.6, 9.2.3, 12.0.1) were published, bundling credential-stealing malware designed to exfiltrate sensitive data from CI/CD tools, cloud services, Kubernetes, and more via DNS TXT queries. The attack leveraged a dormant maintainer account whose associated domain had expired and was subsequently re-registered by attackers. → csoonline.com |
| 2026-05-15 2026 | Two Employee Devices Impacted By TanStack Supply Chain Attack news | Library compromising TanStack npm was targeted by the Mini Shai-Hulud supply chain attack, impacting two employee devices and resulting in limited credential exfiltration from internal code repositories. OpenAI responded by isolating systems, rotating credentials, and updating security certificates for macOS applications by June 12 to prevent the distribution of fraudulent software. This incident highlights the vulnerability of shared software dependencies, prompting OpenAI to accelerate the deployment of security controls like package manager configurations with minimum release age requirements. |
| 2026-05-15 2026 | OpenAI tells Mac users to update apps after software supply chain attack news | OpenAI is advising Mac users to update their applications following a software supply chain attack. The attack targeted a third-party library used by several applications, potentially exposing user data. OpenAI's own ChatGPT desktop app was affected, and they are working with other affected vendors to address the vulnerability. Users are urged to apply any available updates promptly to protect themselves. No specific bounty payout amount was mentioned in the content. → msn.com |
| 2026-05-15 2026 | OpenAI Warns Mac Users to Update Apps After Supply-Chain Attack news | OpenAI has issued a warning to Mac users, advising them to update their applications promptly due to a supply-chain attack. This attack potentially compromised applications downloaded from unauthorized sources or modified by third parties. Users are urged to remove any suspect applications and reinstall them from official sources to mitigate the risk of malware or data theft. The specific payout for reporting this vulnerability was not mentioned. |
| 2026-05-15 2026 | OpenAI tells Mac users to update apps after software supply chain attack news | OpenAI has alerted Mac users to update their applications following a software supply chain attack. Attackers compromised a third-party data analytics provider used by OpenAI. This allowed them to gain access to customer data, including names, email addresses, and payment information for some users. OpenAI states that it has no evidence of unauthorized access to their main systems or any impact on ChatGPT or other OpenAI products. Users are advised to update their Mac applications as a precautionary measure. → msn.com |
| 2026-05-15 2026 | OpenAI Hit by TanStack Supply Chain Attack news | Writeup of the TanStack supply chain attack, detailing how the TeamPCP group compromised 42 packages and over 170 namespaces across NPM and PyPI. This coordinated campaign infected developer devices with the Shai-Hulud worm, leading to exfiltration of credential material from OpenAI's internal source code repositories via two employee devices. OpenAI responded by rotating credentials, revoking sessions, restricting workflows, and revoking/re-signing code-signing certificates for multiple platforms. → securityweek.com |
| 2026-05-15 2026 | The software supply chain is the new ground zero for enterprise cyber risk. Don't get caught short beginner | Analysis of recent AI-driven software supply chain attacks, including the TeamPCP breach targeting LiteLLM, Trivy, and Checkmarx, highlights the urgent need to treat AI middleware as critical infrastructure. The article emphasizes securing developer workflows, modernizing risk management for AI applications, and implementing continuous monitoring for unauthorized connections and data exfiltration. It advocates for developer upskilling, AI governance tools, and adherence to organizational rulesets to mitigate risks from sophisticated AI-assisted threats. |
| 2026-05-15 2026 | TanStack Supply Chain Attack Hits Two OpenAI Employee Devices Forces macOS Updates news | Library detailing a sophisticated supply chain attack campaign, prominently featuring the TanStack Mini Shai-Hulud worm. The attack targeted OpenAI, Mistral AI, and other vendors, leading to compromised macOS apps (ChatGPT Desktop, Codex App, Codex CLI, Atlas) requiring updates due to revoked signing certificates. The malware, delivered via compromised packages like guardrails-ai and mistralai, exhibits advanced capabilities including hardcoded C2 servers, fallback mechanisms like FIRESCALE, and exfiltration to GitHub repositories, while also incorporating destructive behaviors targeting specific geographic regions and exfiltrating AWS credentials across all availability zones. → thehackernews.com |
| 2026-05-15 2026 | OpenAI caught in TanStack npm supply chain chaos after employee devices compromised news | Library detailing supply chain risks, including the OpenAI incident stemming from compromised employee devices impacting the TanStack npm package. It also touches upon AI agents' ability to create exploits, the strain agentic AI places on memory hierarchies, and the challenge of securing open-source registries with insufficient funding. The information highlights the evolving landscape of application security threats and the increasing reliance on AI. → theregister.com |
| 2026-05-15 2026 | OpenAI confirms exposure in recent Shai-Hulud supply-chain attack news | Writeup of the Mini Shai-Hulud supply-chain attack impacting OpenAI, which involved compromised npm packages from TanStack and exposed limited internal credentials and code-signing certificates. The incident led OpenAI to rotate signing keys for its desktop applications and prompted macOS users to update software by June 12, 2026, to avoid disruptions. The attack leveraged techniques like cache poisoning and OpenID Connect token extraction to compromise repositories and harvest secrets. |
| 2026-05-15 2026 | node-ipc npm Package Hit by Credential Stealer Attack news | Library containing a credential stealer and backdoor functionality, targeting the widely-used `node-ipc` npm package. Malicious versions, including 9.1.6, 10.2.0, and 11.1.1, were published through what appears to be a hijacked dormant maintainer account. The malware, embedded in the `node-ipc.cjs` file, harvests sensitive data from developer environments, including cloud credentials, SSH keys, and secrets from various tools like Kubernetes and Docker, exfiltrating it via DNS TXT queries to a lookalike Azure Static Web Apps domain. A forensic indicator observed across infected tarballs is a consistent file timestamp of "Oct. 26, 1985." → thecyberexpress.com |
| 2026-05-15 2026 | TanStack npm Supply Chain Attack Prompts OpenAI Updates news | Library advisory detailing OpenAI's response to a TanStack npm supply chain attack, part of the Mini Shai-Hulud campaign. The attack, identified on May 11, 2026, compromised two employee devices, exfiltrated a small amount of credential material, and impacted code-signing certificates for macOS, Windows, iOS, and Android. OpenAI is rotating certificates and requiring macOS users to update applications before June 12, 2026, to avoid disruptions, emphasizing no customer data or production systems were affected. → thecyberexpress.com |
| 2026-05-15 2026 | OpenAI Says Hackers Stole Limited Data Following Latest Code Security Incident news | Writeup detailing a recent OpenAI supply-chain attack involving compromised TanStack npm packages. Hackers injected malicious code into the TanStack ecosystem, gaining access to two OpenAI employee devices and stealing limited internal data. The incident did not impact ChatGPT user data, production systems, or core intellectual property, but it underscores the growing threat of sophisticated supply-chain attacks targeting open-source libraries and AI infrastructure. → cxodigitalpulse.com |
| 2026-05-15 2026 | OpenAI Confirms Security Breach Via TanStack npm Supply Chain Attack news | Writeup of the Mini Shai-Hulud supply chain attack, which compromised TanStack npm packages and affected OpenAI, Mistral AI, UiPath, Guardrails AI, and OpenSearch. The campaign exploited CI/CD weaknesses to inject malicious code, leading to credential exfiltration from two OpenAI employee devices, though no user data or intellectual property was stolen. OpenAI rotated signing certificates and restricted code deployment as precautionary measures. → cybersecuritynews.com |
| 2026-05-15 2026 | node-ipc npm Package with 822K Weekly Downloads Compromised in Supply Chain Attack news | Writeup on the node-ipc npm package supply chain attack, which compromised versions 9.1.6, 9.2.3, and 12.0.1 with obfuscated stealer and backdoor payloads. Attackers exploited a dormant maintainer account takeover by acquiring its expired recovery email domain. The malicious payload targets CommonJS consumers, fingerprinting hosts, harvesting credentials from over 100 patterns including AWS, Azure, GCP, and Kubernetes secrets, archiving data, and exfiltrating it via DNS TXT queries to a fake Azure domain. Forensic timestamps of October 26, 1985, are used to identify malicious artifacts. → cybersecuritynews.com |
| 2026-05-15 2026 | Stealer Backdoor Found in 3 Node-IPC Versions Targeting Developer Secrets news | Library: node-ipc versions 9.1.6, 9.2.3, and 12.0.1 contain a stealer backdoor that fingerprints hosts, enumerates local files, and exfiltrates developer and cloud secrets including AWS, Google Cloud, Azure, SSH keys, Kubernetes tokens, and GitHub CLI configs to sh.azurestaticprovider[.]net. The malware uses an Immediately Invoked Function Expression (IIFE) and a SHA-256 fingerprint check for conditional execution, and can exfiltrate data via DNS TXT records by overriding the system's DNS resolver. → thehackernews.com |
| 2026-05-15 2026 | OpenAI says no user data compromised after supply-chain attack news | OpenAI has confirmed that no user data was compromised following a recent supply-chain attack. The incident involved a malicious actor gaining access to a third-party vendor's tools, which in turn had access to OpenAI's systems. While the attackers could view certain customer information, including names, emails, and payment details of some users, OpenAI states that no sensitive data like passwords or full credit card numbers were accessed. The company has since revoked the vendor's access and is working to prevent similar incidents in the future. → cybernews.com |
| 2026-05-14 2026 | OpenAI Tells Mac Users to Update Apps After Software Supply Chain Attack news | Library update for OpenAI macOS users following a software supply chain attack via malicious Tanstack npm packages. The attack, attributed to TeamPCP, leveraged three chained vulnerabilities to distribute credential-stealing malware. OpenAI's investigation found employee devices installed affected versions, leading to compromised internal source code repositories containing signing certificates. As a precaution, OpenAI is rotating code-signing certificates, necessitating updates for macOS applications to prevent potential distribution of fake OpenAI products. |
| 2026-05-14 2026 | Active Supply Chain Attack: Malicious node-ipc Versions Published to npm news | Tool detailing the node-ipc supply chain attack where malicious versions 9.1.6, 9.2.3, and 12.0.1 were published to npm. The attack, executed by a rogue maintainer, injected an obfuscated payload into the CommonJS bundle designed to steal over 90 categories of credentials and exfiltrate them to an attacker-controlled server. Version 12.0.1 includes a specific targeting gate based on the module's file path hash. → stepsecurity.io |
| 2026-05-14 2026 | OpenAI asks macOS users to update after TanStack npm supply chain attack news | Library for securing applications against supply chain attacks, exemplified by the TanStack npm compromise. This incident involved credential stealers and self-propagation targeting popular npm, PyPI, and other packages, impacting companies like OpenAI and Mistral AI. The attack, attributed to TeamPCP, highlights the risks associated with interconnected software ecosystems and the need for rigorous security controls to validate legitimate software and prevent unauthorized modifications. |
| 2026-05-14 2026 | OpenAI Contained Credential Theft After TanStack Supply-Chain Attack Sees No User Data Impact news | OpenAI recently addressed a supply-chain attack targeting TanStack, a developer tool. The attackers successfully gained access to a TanStack dependency, potentially leading to credential theft. However, OpenAI's security measures successfully contained the exploit, and they confirmed that no user data was impacted. The incident highlights the risks associated with supply-chain vulnerabilities, even when user data remains secure. → tipranks.com |
| 2026-05-14 2026 | OpenAI confirms security breach in TanStack supply chain attack news | Library impacting hundreds of npm and PyPI packages, the TanStack supply chain attack, also known as Mini Shai-Hulud, led to OpenAI confirming a breach on two employee devices. While no customer data or production systems were compromised, attackers exfiltrated limited credentials from internal repositories, prompting OpenAI to rotate code-signing certificates for its applications. The campaign utilized compromised GitHub Actions workflows and CI/CD configurations to inject malicious code and publish trojanized package versions, targeting developer and cloud credentials, including GitHub tokens and AWS credentials, and establishing persistence via modified code hooks. → bleepingcomputer.com |
| 2026-05-14 2026 | OpenAI says hackers stole some data after latest code security issue news | Writeup detailing OpenAI's incident where hackers compromised TanStack, a popular open-source library, leading to the theft of credentials from two employee devices. The attack involved malicious updates to TanStack, designed to steal credentials and self-propagate, similar to past supply-chain attacks on projects like Axios and Daemon Tools. While OpenAI reported no compromise of production systems or user data, limited internal source code repositories were accessed, prompting credential rotation. → techcrunch.com |
| 2026-05-14 2026 | OpenAI denies user data exposure from TanStack npm Mini Shai-Hulud supply chain attack news | Library of malicious packages, including those affecting TanStack npm and targeting OpenAI devices, comprised the "Mini Shai-Hulud" campaign. This supply chain attack exploited GitHub Actions to distribute 84 malicious versions across 42 TanStack libraries, aiming to steal credentials like GitHub tokens and cloud keys. While OpenAI confirmed two employee devices were compromised, they found no evidence of user data exposure or intellectual property theft, though some credential material was accessed. |
| 2026-05-14 2026 | npm Supply Chain Attack Targets GitHub AWS and Kubernetes Credentials news | Library of techniques for detecting and mitigating the "Shai-Hulud: Here We Go Again" supply chain attack, which compromises npm and PyPI packages to steal GitHub Actions secrets, AWS credentials, Kubernetes service account tokens, and HashiCorp Vault access. The malware self-propagates by injecting malicious code into other packages and features a destructive dead-man's switch that wipes user files if stolen credentials are revoked. → cyberpress.org |
| 2026-05-14 2026 | AI-driven supply chain attacks expose shift in cyber threat model Beazley warns news | Analysis of AI-driven supply chain attacks highlights a new cyber threat model where attackers exploit trusted software and automation systems, moving beyond malware to focus on credential compromise and workflow exploitation. This shift, detailed by Beazley, signifies an evolving attacker methodology. Access to the full analysis requires a paid subscription or a free trial. |
| 2026-05-14 2026 | TeamPCP and BreachForums Launch $1000 Contest for Supply Chain Attacks news | Contest details a $1,000 competition launched by TeamPCP and BreachForums, incentivizing supply chain attacks on open-source packages like npm, PyPI, GitHub Actions, Docker images, and OpenVSX extensions. Participants utilize the Shai-Hulud tool to compromise popular libraries, with scoring based on download counts. This initiative, distinct from previous TeamPCP campaigns targeting AI, manufacturing, and finance, aims to recruit attackers and enhance visibility by gamifying the exploitation of software supply chain trust. → cyberpress.org |
| 2026-05-14 2026 | Axios breach shows why software supply chains need zero trust news | Library for securing software supply chains, emphasizing zero-trust principles following the Axios breach. This event, where compromised maintainer accounts introduced RATs into npm packages, mirrors Business Email Compromise (BEC) attacks by exploiting trusted identities. Recommendations include enforcing phishing-resistant MFA for publishing accounts, utilizing OIDC tokens over long-lived credentials, disabling or auditing lifecycle scripts like `postinstall`, and implementing pipeline-level zero trust to isolate build environments and limit the impact of compromised dependencies. → scworld.com |
| 2026-05-14 2026 | Inside a Tor Backed Supply Chain Worm news | Library for detecting sophisticated npm supply chain attacks, featuring the `crypto-javascri` package that mimics `crypto-js`. This malicious package harvests npm and GitHub credentials, hijacks maintainer accounts to republish trojanized packages, and deploys a Tor-based command-and-control implant. The worm targets Linux developer systems and CI/CD environments, propagating by injecting itself into legitimate packages and updating their versions. |
| 2026-05-14 2026 | Mistral AI allegedly breached by Dune-loving criminals following TanStack supply chain hit 450 repositories exposed news | Mistral AI is reportedly the latest victim of a cyberattack following the recent TanStack supply chain incident. Threat actors, described as "Dune-loving criminals," are alleged to have breached Mistral AI, exposing 450 of its repositories. This attack highlights a growing trend of supply chain compromises targeting prominent tech companies. No bounty payout amount is mentioned in the provided content. → cybernews.com |
| 2026-05-14 2026 | OpenAI Confirms No User Data Stolen in TanStack Supply-Chain Attack news | OpenAI has confirmed that no user data was compromised during a recent supply-chain attack targeting TanStack. The attack involved malicious code being injected into the `tanstack-query` package, a popular JavaScript library. While the code was designed to steal user data, OpenAI's security measures effectively detected and prevented any data exfiltration. The company emphasizes that its users' information remains secure. No bounty amount is mentioned in this content. |
| 2026-05-14 2026 | Malicious Open Source npm Packages Breach OpenAI Employee Devices - Open Source For You news | Writeup of the "Mini Shai-Hulud" campaign, detailing how attackers compromised two OpenAI employee devices by uploading 84 malicious versions across 42 @tanstack/* npm packages. Exploiting GitHub Actions and CI/CD cache weaknesses, these packages were designed to steal GitHub tokens, cloud API keys, npm credentials, and CI/CD secrets, impacting projects from Mistral AI and UiPath. → opensourceforu.com |
| 2026-05-14 2026 | Analyzing TeamPCPs Supply Chain Attacks: Checkmarx KICS and elementary-data in CI/CD Credential Theft news | Library analyzing TeamPCP's supply chain attacks, specifically the Checkmarx KICS and elementary-data incidents. The campaign leverages CI/CD and release workflows to steal credentials like GitHub PATs, npm tokens, and cloud secrets. Techniques include multichannel poisoning across Docker Hub, VS Code extensions, and GitHub Actions, as well as GitHub Actions script injection to produce malicious packages signed by legitimate CI, targeting ecosystems like PyPI and GHCR. → trendmicro.com |
| 2026-05-14 2026 | Shai-Hulud Malware Exposes Future Supply Chain Risks news | Shai-Hulud is a newly discovered malware that poses significant future supply chain risks. It's designed to target development environments and compromise the software supply chain. The malware operates stealthily, aiming to inject malicious code into software projects before they are distributed. This could lead to widespread infections of end-user systems. Researchers have identified Shai-Hulud as a sophisticated threat requiring immediate attention to mitigate its potential impact on software integrity and security. No bounty payout amount is mentioned in the provided content. |
| 2026-05-14 2026 | OpenAI says two employee devices hit by TanStack malware attack but no user data breached news | OpenAI reported a malware attack affecting two employee devices due to a compromised dependency, TanStack. The company stated that no user data was accessed or breached as a result of the incident. The attackers gained access to employee tools, but OpenAI confirmed their systems have been secured and a thorough investigation is underway. No bug bounty payout amount was mentioned. → cybernews.com |
| 2026-05-14 2026 | DAEMON Tools installers hacked in global supply chain attack news | DAEMON Tools installers were compromised in a global supply chain attack. Attackers inserted malicious code into the software's legitimate installers, which were then distributed to users. This allowed the attackers to gain unauthorized access to systems. The exact payout amount for any bug bounty related to this incident is not specified in the provided content. → msn.com |
| 2026-05-14 2026 | OpenAI says no user data stolen after supply-chain hackers accessed employee devices news | Writeup detailing a supply-chain attack impacting OpenAI via the TanStack npm library. Attackers exploited GitHub Actions and CI/CD cache weaknesses to publish malicious package versions designed to exfiltrate developer credentials like GitHub tokens and API keys. While OpenAI reported unauthorized access and limited credential exfiltration from two employee devices, they found no evidence of user data, production systems, or intellectual property compromise. This incident highlights renewed concerns about open-source software security, particularly within the npm ecosystem. |
| 2026-05-14 2026 | TanStack Mistral AI UiPath targeted in major supply chain attack compromising 170 packages news | Analysis of the "Mini Shai-Hulud" supply chain attack, which compromised over 170 npm and PyPI packages from vendors including TanStack, Mistral AI, and UiPath. This attack leveraged GitHub Actions vulnerabilities, cache poisoning, and OpenID Connect abuse to deploy a credential-stealing worm targeting Web2 and Web3 infrastructure. The worm aimed to harvest cloud and developer credentials and propagate through dependency chains. |
| 2026-05-14 2026 | TanStack Mistral AI UiPath targeted in major supply chain attack compromising 170 packages news | A significant supply chain attack has impacted over 170 software packages, affecting prominent entities like TanStack, Mistral AI, and UiPath. The incident highlights the growing vulnerability of software supply chains to malicious actors. Details on the specific exploit or the extent of the compromise were not immediately available in the provided content. The attack underscores the critical need for enhanced security measures in the development and distribution of software libraries and dependencies. |
| 2026-05-14 2026 | Worm Redux: Fresh Mini Shai-Hulud Infections Bite Supply Chain news | A new worm, dubbed "Mini Shai-Hulud" by researchers, is actively infecting the software supply chain. This malware targets developers, aiming to compromise their development environments and potentially inject malicious code into legitimate software projects. The worm's propagation methods and specific targets are still under investigation, but its presence signifies a growing threat to the integrity of software development and distribution. Organizations are advised to enhance their security protocols and vigilance against such supply chain attacks. → darkreading.com |
| 2026-05-13 2026 | RubyGems pauses new account sign-ups amid major malicious attack news | Library pause of new account registrations on RubyGems.org due to a significant malicious attack. Hundreds of packages are impacted, with some containing exploits, highlighting a growing trend of software supply chain attacks against open-source ecosystems. Mend.io is involved in securing RubyGems and will release more details once the situation is under control. This event occurs amidst an increase in attacks where threat actors compromise widely used packages to distribute malware, including credential-stealing variants. → scworld.com |
| 2026-05-13 2026 | Mass Supply-Chain Attack Slams npm and PyPi Hits Mistral AI news | Library for securing supply chains against the "Mini Shai-Hulud" worm, which has targeted npm and PyPI packages, including those from Mistral AI. This worm autonomously spreads by stealing credentials from over 100 locations, including cloud platforms and developer tools, and can include a wiper payload. Recommendations include implementing code cooldown periods before integrating new packages, enforcing multifactor authentication, and routine key rotation to mitigate these attacks. → bankinfosecurity.com |
| 2026-05-13 2026 | Mass Supply-Chain Attack Slams npm and PyPi Hits Mistral AI news | Library for detecting and defending against supply-chain attacks, exemplified by the Mini Shai-Hulud worm that targeted npm and PyPI packages, including those from Mistral AI and TanStack. This malware family, known for credential stealing and wiper capabilities, spreads autonomously by compromising publish tokens and includes country-aware logic. Defense strategies include implementing code cooldown periods before package integration and enforcing multifactor authentication across developer accounts. |
| 2026-05-13 2026 | Risky Bulletin: RubyGems disables sign-ups after attack on staff news | Newsletter summarizing recent application security incidents, including the RubyGems supply chain attack involving malicious packages targeting developers, the TanStack framework's compromise affecting hundreds of npm libraries with a self-propagating worm, and Skoda's web store vulnerability exposing customer data. It also touches on the Nitrogen ransomware group claiming responsibility for a Foxconn hack, West Pharmaceutical experiencing a ransomware attack, and Vodafone source code leaks by Lapsus$. |
| 2026-05-13 2026 | Mistral AI and TanStack hit in supply chain attack with SLSA-attested malware news | Mistral AI and TanStack were targeted in a supply chain attack involving malware that was SLSA-attested. This means the malware's provenance was verified through SLSA (Supply-chain Levels for Software Artifacts), a framework designed to ensure the integrity of software development and distribution. The attack highlights a sophisticated method of malware deployment, leveraging trusted attestation to potentially bypass security measures and compromise users of these popular software projects. Further details on the attack's scope and impact are provided in the article. |
| 2026-05-12 2026 | Mini Shai-Hulud malware compromises open-source packages news | The Mini Shai-Hulud malware is targeting open-source packages. It's designed to steal sensitive information, including credentials and API keys, from infected systems. The malware achieves its distribution by compromising legitimate open-source projects, making it difficult to detect. Users are advised to exercise caution when updating or installing open-source software and to maintain vigilance against potential security threats. No specific bounty payout amount was mentioned in this content. → letsdatascience.com |
| 2026-05-12 2026 | Mini Shai-Hulud malware compromises hundreds of open-source packages in sprawling supply-chain attack news | Library for detecting credential-stealing malware like "mini Shai-Hulud" that compromises open-source packages including TanStack and UiPath. This malware exploits automated software publishing, bypassing two-factor authentication and using cryptographically valid signatures. It targets cloud infrastructure like AWS, Google Cloud, and Kubernetes, stealing security keys and passwords via obfuscated payloads disguised as initialization modules. The campaign uses Bun for exfiltration via anonymous messaging and embeds itself in developer tools such as VS Code and Anthropic's Claude Code, highlighting vulnerabilities in CI/CD pipelines and developer tooling directories. → cyberscoop.com |
| 2026-05-12 2026 | Mini Shai-Hulud attack compromises hundreds of npm PyPI packages news | Writeup of the Mini Shai-Hulud supply chain attack, which exploited OpenID Connect (OIDC) tokens to compromise hundreds of npm and PyPI packages, including TanStack, Mistral AI, Guardrails AI, UiPath, and OpenSearch. This technique bypasses SLSA Build Level 3 attestations and static scanning by weaponizing trust and executing payloads via the Bun runtime, enabling credential theft from developer environments and CI/CD pipelines. Remediation involves identifying and rotating compromised credentials. → scworld.com |
| 2026-05-12 2026 | Mistral AI SDK TanStack Router hit in npm software supply chain attack news | Writeup of a software supply chain attack targeting numerous npm and PyPI packages, including Mistral AI's SDK and the TanStack Router ecosystem. The TeamPCP threat group exploited GitHub Actions weaknesses and maintainer misconfigurations, leveraging the Mini Shai-Hulud malware to steal developer credentials and install a destructive 'dead man's switch' component. The attack highlights vulnerabilities in implicit trust within software usage networks and affects hundreds of packages, potentially compromising enterprise credentials. → csoonline.com |
| 2026-05-12 2026 | Shai-Hulud Here We Go Again: 170 Packages Hit Across npm & PyPi news | Library for detecting and mitigating the "Shai-Hulud: Here We Go Again" malware, which targets npm and PyPi. This self-propagating credential-stealing malware has affected over 170 packages, including those from Mistral AI, OpenSearch Project, and TanStack, impacting hundreds of millions of downloads. The variant includes token monitoring and a machine wipe function triggered upon token revocation, and exfiltrates stolen credentials to GitHub repositories. Immediate actions recommended include rotating keys, enabling 2FA, and downgrading affected packages. → ox.security |
| 2026-05-12 2026 | TanStack npm Packages Hit by Mini Shai-Hulud news | Library compromised by the Mini Shai-Hulud supply chain attack impacting @tanstack npm packages, leading to the publication of 84 malicious artifacts. This incident, attributed to TeamPCP, marks the first documented case of malicious npm packages possessing valid SLSA provenance, achieved by hijacking the legitimate release pipeline via a `pull_request_target` vulnerability, cache poisoning, and OIDC token extraction. Affected packages include `@tanstack/react-router`, with remediation involving treating affected install environments as compromised and rotating secrets. → snyk.io |
| 2026-05-12 2026 | RubyGems Suspends New Signups After Hundreds of Malicious Packages Are Uploaded news | Writeup detailing the recent suspension of new signups by RubyGems, the Ruby programming language's standard package manager, due to a "major malicious attack." Hundreds of malicious packages were uploaded, some containing exploits. This incident highlights the rising threat of software supply chain attacks against open-source ecosystems, with threat actors like TeamPCP compromising popular packages to distribute credential-stealing malware. Mend.io, securing RubyGems, intends to release further details once the incident is contained. → thehackernews.com |
| 2026-05-12 2026 | SailPoint Discloses GitHub Repository Hack news | Writeup of SailPoint's GitHub repository hack, occurring April 20th, resulted from a third-party application vulnerability. SailPoint contained the incident swiftly, with a cybersecurity firm's investigation finding no evidence of production or staging data compromise or service interruption. Affected customers in the accessed repositories were notified, with no further action currently required. The specific vulnerability and threat actor remain undisclosed, with no confirmed link to TeamPCP. → securityweek.com |
| 2026-05-12 2026 | Compromised Mistral AI and TanStack packages may have exposed GitHub cloud and CI/CD credentials in 'mini Shai Hulud' malware infection supply-chain campaign spreads across npm and AI developer ecosystems like wildfire news | Analysis of the "Mini Shai-Hulud" campaign reveals compromised Mistral AI and TanStack packages on npm and PyPI. Version 2.4.6 of the mistralai PyPI package injected malicious code that executed on import, downloading a credential-stealing payload disguised as transformers.pyz. Affected TanStack packages include @tanstack/react-router, @tanstack/history, and @tanstack/router-core. Developers are urged to rotate GitHub tokens, npm credentials, and CI/CD secrets due to the potential exposure of cloud and CI/CD credentials. |
| 2026-05-12 2026 | How AICanDetect Lateral Movement in Supply Chain Attacks intermediate | This content likely discusses how Artificial Intelligence (AI) can be employed to identify lateral movement within supply chain attacks. Lateral movement is a critical phase where attackers expand their access within a compromised network. AI's capabilities in analyzing large datasets and detecting anomalous patterns would be key to spotting these advanced persistent threats. The focus is on leveraging AI to enhance security defenses against sophisticated attacks that exploit the interconnectedness of supply chains. → securityboulevard.com |
| 2026-05-12 2026 | TanStack Mistral AI UiPath Hit in Fresh Supply Chain Attack news | Library that authors of the Mini Shai-Hulud supply chain attack compromised to steal developer credentials, API keys, and secrets. The attack targeted over 170 packages across NPM and PyPI, including TanStack, Mistral AI, and UiPath. Attackers exploited vulnerabilities in GitHub Actions OIDC tokens and cache poisoning to publish malicious packages with forged SLSA provenance, making them appear legitimate. The malware harvested sensitive data through multiple exfiltration channels, including a decentralized Session network. → securityweek.com |
| 2026-05-12 2026 | Hundreds of open source packages hacked: Im just not gonna run npm install anymore news | Hundreds of open source packages hacked: “I’m just not gonna run npm install anymore” https://ift.tt/rDlQGUa → cybernews.com |
| 2026-05-12 2026 | Checkmarx Jenkins AST Plugin Compromised in KICS Supply Chain Attack news | Library for detecting and mitigating the Checkmarx Jenkins AST plugin compromise, a supply chain attack attributed to TeamPCP. This compromise involved a malicious version 2026.5.09 being pushed to the Jenkins Marketplace, affecting KICS/Trivy linked ecosystems. The attack leveraged CI/CD credential theft to pivot into downstream software publishers, with the primary objective of exfiltrating secrets from CI/CD runners. Users are advised to revert to version 2.0.13-829.vc72453fa_1c16 or earlier. → gbhackers.com |
| 2026-05-12 2026 | Claude Code MCP Attack Enables Persistent Token Theft intermediate | Analysis of a Claude Code MCP attack reveals a sophisticated MitM technique that abuses integrations to steal OAuth tokens, enabling persistent access to connected SaaS platforms. The attack leverages malicious npm postinstall hooks to silently rewrite the `~/.claude.json` configuration file, redirecting traffic through attacker-controlled proxies. This method is difficult to detect as compromised OAuth sessions appear legitimate in audit logs and token rotation alone is insufficient. Organizations should implement layered controls focusing on configuration monitoring, OAuth security, and software supply chain governance. → esecurityplanet.com |
| 2026-05-11 2026 | JDownloader website compromised to distribute malicious installers news | Library for detecting supply chain attacks; this entry details a compromise of the JDownloader website where attackers used an unpatched CMS vulnerability to distribute malicious Windows and Linux installers. The Windows payload deployed a Python RAT, while the Linux installer injected code to establish persistence. JDownloader confirmed the breach, advising users to verify digital signatures for "AppWork GmbH" and recommending OS reinstallation for affected individuals. → scworld.com |
| 2026-05-11 2026 | AI Is Reshaping Software Supply Chain Risk beginner | Analysis of AI's impact on software supply chain security highlights expanding attack surfaces due to AI-assisted development, with 84% of developers using AI tools. Traditional security controls like EDR and MDM lack visibility into AI integrations, browser extensions, and package managers. This leads to increased risk from malicious open-source packages, with Aikido Intel identifying up to 100,000 daily. Organizations require real-time visibility and install-time controls for developer tooling, as compromised workstations grant attackers trusted access to repositories and credentials. → esecurityplanet.com |
| 2026-05-11 2026 | TeamPCP Compromises Checkmarx Jenkins AST Plugin Weeks After KICS Supply Chain Attack news | Writeup of TeamPCP's compromise of the Checkmarx Jenkins AST plugin, occurring weeks after their KICS supply chain attack. This incident highlights the exploitation of software supply chain trust and the potential for incomplete remediation, as evidenced by the defaced GitHub repository and malicious updates to the plugin. The ongoing attacks by TeamPCP underscore the persistent threat to developer tools and credentials. → thehackernews.com |
| 2026-05-11 2026 | Build Application Firewalls Aim to Stop the Next Supply Chain Attack beginner | Library from InvisiRisk, a build application firewall (BAF), enforces policy during the CI/CD build process by inspecting package activity rather than solely scanning code. This approach aims to prevent supply chain attacks, such as those involving the SolarWinds breach or hijacked npm libraries like Axios, by detecting unexpected or malicious actions within the build environment. The BAF, along with InvisiRisk's TruSBOM tool, provides detailed explanations for risky actions and generates accurate SBOMs by directly observing the software build process, offering a robust defense against evolving threats. → securityweek.com |
| 2026-05-11 2026 | Checkmarx Jenkins AST Plugin Compromised in Supply Chain Attack news | Plugin version 2.0.13-829.vc72453fa_1c16 of the Checkmarx Jenkins AST plugin is the secure version, after a malicious iteration was published to the Jenkins Marketplace. This compromise, attributed to the TeamPCP hacker gang and potentially the Lapsus$ extortion group, stems from a wider supply chain attack impacting Checkmarx's repositories since March, following a Trivy supply chain incident. → securityweek.com |
| 2026-05-11 2026 | Checkmarx tackles another TeamPCP intrusion as Jenkins plugin sabotaged news | Analysis of a TeamPCP intrusion targeting a Jenkins plugin, highlighting the evolving landscape of supply chain attacks. This incident underscores the risks associated with untrusted agentic development layers and the growing threat of AI agent skills being exploited for malicious purposes, mirroring concerns around identity-based cyber resilience and the black market for compromised identities. → theregister.com |
| 2026-05-11 2026 | Malicious Hugging Face model masquerading as OpenAI release hits 244K downloads news | Library of techniques for defending against malicious Hugging Face models masquerading as legitimate OpenAI releases. This incident highlights the emerging threat of AI repositories as a software supply chain attack vector, with one model, Open-OSS/privacy-filter, reaching 244,000 downloads before removal. The attack involved a malicious loader.py script that delivered infostealer malware targeting browser credentials, cryptocurrency wallets, and system information, bypassing traditional security controls and suggesting links to npm typosquatting and PyPI campaigns. → csoonline.com |
| 2026-05-11 2026 | Checkmarx tackles another TeamPCP intrusion as Jenkins plugin sabotaged news | Library that detects and mitigates supply chain attacks targeting CI/CD pipelines, as demonstrated by Checkmarx's response to an intrusion involving a sabotaged Jenkins plugin used by TeamPCP. The article highlights the increasing risks associated with untrusted agentic development layers and the potential for AI agent skills to be exploited for supply chain compromise. → theregister.com |
| 2026-05-11 2026 | Responsible for Systems You Cant See: A C-Suite Guide to AI Supply Chain Risk beginner | Guide for C-suites on AI supply chain risk, highlighting attacks on LiteLLM and axios, which exploited trusted open-source workflows. It emphasizes that AI expands and obscures the attack surface, making executives accountable for systems and dependencies they cannot fully see, audit, or control, necessitating a shift to ecosystem security and continuous dependency monitoring rather than assuming trust. |
| 2026-05-10 2026 | Supply Chain Attack: Fake OpenAI Repository on Hugging Face Distributes Infostealer Malware Targeting Developers and AI Tools news | Library of techniques detailing a supply chain attack involving a fake OpenAI repository on Hugging Face that distributed an infostealer malware. The malware targeted developers by exfiltrating credentials, session tokens, and cryptocurrency wallets from Chromium and Gecko browsers, Discord tokens, and local files. The attack leveraged typosquatting, social engineering, and evasion tactics like disabling SSL verification and checking for VMs, mapping to MITRE ATT&CK techniques such as T1566 (Phishing) and T1555 (Credentials from Password Stores). → rescana.com |
| 2026-05-10 2026 | Official JDownloader site served malware to Windows and Linux users between May 6 and May 7 news | Writeup of a supply chain attack on the JDownloader official website, which occurred between May 6 and May 7, 2026. Attackers compromised the site's content management system, altering download links to serve malware instead of legitimate Windows "Alternative Installer" and Linux shell installers. The deployed malware was a Python-based remote access trojan (RAT). Legitimate installers were digitally signed by "AppWork GmbH," while malicious ones were unsigned or signed by suspicious entities like "Zipline LLC" or "The Water Team." The website was taken offline for investigation and remediation, with correct installer links restored. → securityaffairs.com |
| 2026-05-09 2026 | Supply-Chain Attacks in an Era of Automation and Implicit Trust intermediate | Analysis of 2026 supply-chain threats, including the Axios compromise and the Trivy campaign, details how attackers exploit trust in automation and developer systems. The Axios incident involved a compromised npm maintainer account leading to RAT distribution via a malicious dependency, impacting numerous production environments. The Trivy attack leveraged credentials to inject malicious artifacts into CI automation, release binaries, and container images, resulting in secret exfiltration. Additionally, the Quest KACE System Management Appliance vulnerability (CVE-2025-32975) demonstrates how unpatched legacy infrastructure becomes a supply-chain risk. |
| 2026-05-08 2026 | DAEMON Tools devs confirm breach release malware-free version news | Writeup of DAEMON Tools supply chain attack confirming trojanized installers for version 12.5.1 (free). Hackers used digitally signed installers to backdoor systems, deploying an information stealer and a lightweight backdoor, with QUIC RAT malware observed in at least one instance. Disc Soft Limited released a malware-free version, 12.6, addressing the vulnerability. → bleepingcomputer.com |
| 2026-05-08 2026 | Quasar Linux RAT Steals Developer Credentials for Software Supply Chain Compromise intermediate | Library targeting developers' systems with the Quasar Linux RAT (QLNX) implants, a malware designed for credential harvesting from files like .npmrc, .pypirc, and .aws/credentials. QLNX masquerades as a kernel thread, wipes logs, and uses seven persistence methods including systemd and crontab. It features a PAM inline-hook backdoor and a kernel-level eBPF rootkit component to hide processes, files, and network ports, ultimately facilitating software supply chain attacks by compromising publishing pipelines and cloud infrastructure. → thehackernews.com |
| 2026-05-08 2026 | Kaspersky uncovers targeted DAEMON Tools supply chain attack affecting manufacturing government sectors news | Writeup of a targeted DAEMON Tools supply chain attack where trojanized installers, signed with legitimate developer certificates, deployed backdoors to select government, manufacturing, and scientific organizations. The attack, active since April 8, 2026, used a typosquatted domain and involved sophisticated techniques comparable to the 3CX supply chain incident, highlighting the risks of widely trusted software for attackers. |
| 2026-05-07 2026 | Supply chain security on alert as M&A targets agent security beginner | Library for mitigating supply chain security risks, particularly those amplified by AI. It addresses threats exemplified by the Axios NPM package tampering and trojanized Daemon Tools installers. The library offers solutions and insights relevant to the increasing M&A activity in agent security, such as Cisco's acquisition of Astrix Security and Palo Alto Networks' acquisition of Portkey. It also provides context for OpenAI's GPT-5.5 Cyber and Anthropic's Mythos, noting their capabilities in vulnerability discovery and potential for misuse, alongside Cisco's open-source Model Provenance Kit for AI model verification. |
| 2026-05-07 2026 | Vendor Says Daemon Tools Supply Chain Attack Contained news | Analysis of the Daemon Tools supply chain attack details how threat actors injected trojanized versions of Daemon Tools Lite (specifically version 12.5.1) released between April 8 and May 5 with code to collect information and deploy backdoors. Disc Soft has since contained the incident, removed compromised files, and released a clean version (12.6.0.2445), advising users to uninstall the affected software and scan their systems. → securityweek.com |
| 2026-05-07 2026 | Gemini CLI Vulnerability Could Have Led to Code Execution Supply Chain Attack news | Vulnerability analysis of Gemini CLI identified a critical flaw (CVSS 10/10) that could enable supply chain attacks. Exploiting indirect prompts in GitHub issues, attackers could bypass tool allowlists in –yolo mode, leading to arbitrary command execution. This allows for the extraction of secrets, gaining write access to repositories, and pushing malicious code to downstream users. The issue, affecting multiple Google repositories and also impacting headless mode via lax trust, was patched in Gemini CLI version 0.39.1. → securityweek.com |
| 2026-05-07 2026 | Disc Soft confirms DAEMON Tools Lite supply chain attack exposed thousands of systems worldwide news | Disc Soft has confirmed a supply chain attack targeting DAEMON Tools Lite, a popular disk imaging software. This attack, which exploited a vulnerability in the software's update mechanism, exposed thousands of systems globally. Attackers were able to distribute malware disguised as legitimate software updates. The exact number of affected users and the potential for further exploitation remain under investigation. No bug bounty payout amount was mentioned. |
| 2026-05-06 2026 | DAEMON Tools installers compromised in new supply chain attack news | Library for analyzing supply chain attacks, this entry details a compromise of DAEMON Tools installers. Attackers trojanized DTHelper.exe, DiscSoftBusServiceLite.exe, and DTShellHlp.exe, distributing malicious payloads signed with valid certificates. The implant communicates with env-check.daemontools[.]cc to download and execute further payloads like envchk.exe and cdg.exe, enabling a minimalist backdoor for remote command execution. The attack, active since April 8, 2026, targeted organizations in Russia, Belarus, and Thailand, with QUIC RAT observed against a Russian educational institution. → scworld.com |
| 2026-05-06 2026 | Remember DAEMON Tools? It Was Hacked to Serve Windows Malware news | Writeup on the DAEMON Tools supply chain attack, detailing how a hacker compromised versions 12.5.0.2421 through 12.5.0.2434 distributed from daemon-tools.cc. The attack involved injecting backdoors into installers, impacting thousands of users globally across various sectors, including retail, scientific, and government organizations, with evidence pointing to a Chinese-speaking threat actor. |
| 2026-05-06 2026 | Invisible Supply Chain Attack Risks and Trusted Access beginner | Library for detecting invisible supply chain attacks that weaponize trust in browsers, third-party services, and user behavior, bypassing traditional defenses by leveraging legitimate access paths. It details techniques like phishing pages requesting device permissions, QR code-based quishing, and adversary-in-the-middle attacks to intercept credentials and MFA codes, emphasizing the need for strict permission governance, behavioral monitoring, and Zero Trust architectures. |
| 2026-05-06 2026 | Malware Brief: Air gaps breached CPUs hijacked and supplychain chaos news | Analysis of APT37's Ruby Jumper, FAUX#ELEVATE cryptominer, and CanisterWorm supply-chain malware reveals attackers targeting air-gapped systems via removable media and cloud services, distributing illicit Monero miners through weaponized résumés, and automating propagation across open-source packages and CI/CD pipelines. These threats exploit assumed trust in isolation models, business workflows, and software supply chains, reducing defender reaction time and increasing blast radius. |
| 2026-05-06 2026 | Critical DAEMON Tools Supply Chain Attack: Malware-Compromised Windows Installers Threaten Organizations and Home Users (Versions 12.5.0.242112.5.0.2434) news | Writeup detailing a critical supply chain attack on DAEMON Tools Windows installers (versions 12.5.0.2421-12.5.0.2434), which distributed malware via trojanized executables signed with a legitimate AVB Disc Soft certificate. The malware, including an info-gatherer, backdoor, and QUIC RAT, exfiltrates system data and deploys advanced implants to targeted organizations and home users, leveraging MITRE ATT&CK techniques like T1195.002 (Supply Chain Compromise) and T1553.002 (Code Signing). → rescana.com |
| 2026-05-06 2026 | Video game supply chain attack Bleeding Llama US gets early LLM access news | The provided content is a title and a link, with no descriptive text. Therefore, it's impossible to summarize it beyond stating its title: "Video game supply chain attack Bleeding Llama US gets early LLM access". No bug bounty payout amounts are mentioned. |
| 2026-05-06 2026 | Attackers compromised Daemon Tools software to deliver backdoors news | Analysis of a supply chain attack where attackers compromised Daemon Tools, a popular Windows utility, to deliver backdoors. Signed, trojanized installers served from the official website (versions 12.5.0.2421-12.5.0.2434) downloaded a .NET information collector. This collector gathered system details for targeted deployment of payloads like a minimalistic backdoor and QUIC RAT, capable of injecting into legitimate processes. The attack leveraged legitimate digital certificates, making malicious binaries appear trustworthy. → helpnetsecurity.com |
| 2026-05-06 2026 | Hackers compromise Daemon Tools in global supply-chain attack researchers say news | Library installers for Daemon Tools were compromised in a global supply-chain attack, impacting users in over 100 countries. Attackers embedded backdoors, including Quic RAT, into versions 12.5.0.2421 through 12.5.0.2434 of the free Daemon Tools Lite, observed since early April. The campaign appears targeted, with initial data collectors deployed broadly and more advanced payloads reserved for specific organizations. Disc Soft has addressed the issue, recommending users update to the latest version. |
| 2026-05-06 2026 | Daemon Tools Hit by Suspected Chinese Supply Chain Attack Kaspersky Says news | Kaspersky reports that Daemon Tools, a popular file management software, has been targeted in a suspected Chinese supply chain attack. The attackers reportedly injected malicious code into the software's update mechanism, allowing them to gain access to user systems. Further details on the scope of the compromise and any specific payout amounts were not provided in this content. |
| 2026-05-06 2026 | Sophisticated Quasar Linux RAT Campaign Targets Software Developers in Supply Chain Attacks news | Analysis of the Quasar Linux RAT (QLNX) campaign targeting software developers via supply chain attacks. This sophisticated Linux-based malware aims to steal credentials, maintain remote access, and facilitate large-scale supply chain compromises. The campaign is linked to trojanized software installers, including compromised Daemon Tools, distributing backdoors globally. Attackers use staged deployment, selectively targeting high-value organizations after initial broad infection, with potential cyberespionage motives. Compromising developer environments grants access to source code, signing keys, and CI/CD pipelines, enabling downstream attacks. → cxodigitalpulse.com |
| 2026-05-06 2026 | QLNX Threat Actors Steal Developer Credentials For Supply Chain Attacks news | Library that implements Quasar Linux (QLNX) capabilities, a sophisticated Linux remote access trojan targeting developers. QLNX's fileless execution, process spoofing, and credential harvesting—specifically targeting `.npmrc`, `.pypirc`, `.git-credentials`, `.aws/credentials`, `.kube/config`, and `.env` files—facilitate supply chain attacks. It also utilizes a malicious PAM module for password interception and incorporates peer-to-peer networking for resilience. → cyberpress.org |
| 2026-05-06 2026 | Sophisticated Quasar Linux RAT Targets Software Developers news | Analysis of Quasar Linux (QLNX), a sophisticated backdoor targeting software developers. QLNX employs a modular architecture with rootkit capabilities, detection evasion, and multiple persistence methods including crontab, desktop entries, init scripts, service files, and shell lines. It focuses on stealing developer credentials for AWS, Kubernetes, Docker Hub, Git, NPM, and PyPI, enabling attackers to compromise publishing pipelines and pivot to cloud environments. The RAT uses a PAM backdoor and an eBPF rootkit to conceal its presence at both userspace and kernel levels, while supporting 58 commands for comprehensive system control and information harvesting. → securityweek.com |
| 2026-05-06 2026 | DAEMON TOOLS supply chain attack ongoing since April thousands affected news | Library containing information on the DAEMON Tools supply chain attack, which began in April 2026. Attackers compromised legitimate installers and signed binaries with valid certificates, embedding backdoors into components like DTHelper.exe and DiscSoftBusServiceLite.exe. The campaign delivered information-stealing payloads, and in some cases, advanced implants like QUIC RAT, targeting government, manufacturing, scientific research, and retail sectors across over 100 countries. Kaspersky detects malicious activity including suspicious PowerShell downloads and code injection. |
| 2026-05-06 2026 | Android Apps Get Public Verification System to Stop Supply Chain Attacks beginner | Android is launching a new public verification system to combat supply chain attacks targeting apps. This system will allow developers to publicly attest to the integrity of their app's source code, build environment, and signing keys. By making this information publicly verifiable, Android aims to increase transparency and trust in the app development process, making it harder for malicious actors to inject compromised code into legitimate applications. This initiative seeks to bolster the security of the Android app ecosystem. → thehackernews.com |
| 2026-05-06 2026 | Government Scientific Entities Hit via Daemon Tools Supply Chain Attack news | Library containing injected code in Daemon Tools versions 12.5.0.2421 through 12.5.0.2434 has been identified as part of a supply chain attack affecting government, scientific, and other organizations. The compromised binaries, including DTHelper.exe, DiscSoftBusServiceLite.exe, and DTShellHlp.exe, activate a backdoor that fetches and executes payloads, with targeted deployments of information collectors and the QUIC RAT observed. → securityweek.com |
| 2026-05-06 2026 | Kaspersky Links Suspected Chinese Hackers to Backdoor Planted in Daemon Tools Supply Chain Attack news | Analysis of a Daemon Tools supply chain attack, attributed to a Chinese-speaking threat actor, where malicious backdoors were implanted in official installers via compromised digital certificates. This sophisticated operation, affecting versions 12.5.0.2421 onward since April 8, 2026, leveraged Daemon Tools' elevated permissions to establish deep system persistence and deploy remote-control malware, resulting in thousands of global infection attempts targeting various sectors including government and industrial operations. → cxodigitalpulse.com |
| 2026-05-06 2026 | Extremely targeted supply chain attack hits DAEMON Tools news | Library for detecting and analyzing supply chain attacks, exemplified by the compromise of DAEMON Tools installers, which included a backdoor and a second-stage QUIC RAT payload. This incident, similar to past attacks on Notepad++ and CCleaner, highlights the targeting of high-value systems by Chinese-speaking threat actors for espionage. The library helps in identifying system data collection, remote server uploads, and targeted second-stage payload deployment. |
| 2026-05-06 2026 | North Korean hackers trojanize gaming platform to spy on ethnic Koreans in China news | Analysis of ScarCruft's supply chain attack targeting ethnic Koreans in China. North Korean threat actors trojanized the sqgame gaming platform, distributing backdoored Windows and Android software. The Windows variant utilized a patched mono.dll to deliver the RokRAT backdoor and BirdCall implant, while Android versions repackaged games with malicious code to exfiltrate data, targeting HWP files specifically. C2 communication leveraged Zoho WorkDrive accounts. → helpnetsecurity.com |
| 2026-05-06 2026 | Supply-Chain Attacks in an Era of Automation and Implicit Trust beginner | Library detailing software supply-chain attacks in 2026, focusing on how attackers abuse trusted automation and identity. It examines incidents like the Axios compromise and Trivy campaign, where compromised package maintainers and CI/CD automation led to widespread malicious dependencies and credential exfiltration. The resource also highlights the exploitation of legacy management systems, such as Quest KACE using CVE-2025-32975, emphasizing how attackers leverage inherent trust in these tools to gain entry. |
| 2026-05-05 2026 | Bootstrap script exposes PyPI to domain takeover attacks news Python | Library exposing PyPI packages to domain takeover vulnerabilities, discovered in legacy bootstrap scripts for tools like zc.buildout and older Python packaging utilities. These scripts, when executed, attempt to download and install the `distribute` package from `python-distribute[.]org`, a domain now available for sale. This vulnerability affects numerous popular packages, including `tornado` and `slapos.core`, potentially allowing attackers to compromise systems by controlling the abandoned domain and serving malicious code. → reversinglabs.com |
| 2026-05-05 2026 | Progress Software warns of critical MOVEit Automation vulnerability news | Advisory regarding CVE-2026-4670, a critical authentication bypass vulnerability in Progress Software's MOVEit Automation, enabling unauthenticated remote access. The alert also addresses CVE-2026-5174, a high-severity privilege escalation flaw. Over 1,400 instances are exposed online, with potential impact on government agencies. While no exploitation is reported yet, previous MOVEit vulnerabilities have been widely exploited by groups like Clop. → scworld.com |
| 2026-05-05 2026 | Supply-chain attacks take aim at your AI coding agents news AI | Library for defending against AI coding agent supply-chain attacks. This library addresses the threat of malicious packages, like those used by North Korea's Famous Chollima APT in the PromptMink campaign, which leverage LLM Optimization and knowledge injection to trick autonomous coding agents into incorporating compromised dependencies. It also targets "slopsquatting," where agents hallucinate package names, making them vulnerable to similarly named malicious replacements. → csoonline.com |
| 2026-05-05 2026 | DAEMON Tools Breach Used to Spread Malware in Supply Chain Attack news | Writeup detailing a supply chain attack involving trojanized DAEMON Tools installers, signed with legitimate certificates. Attackers compromised core binaries like DTHelper.exe, DiscSoftBusServiceLite.exe, and DTShellHlp.exe to deploy a three-stage payload chain: an information collector (envchk.exe), a minimalistic backdoor (cdg.exe), and a sophisticated QUIC RAT implant. The attack leverages typosquatted domains like env-check.daemontools[.]cc and malicious IPs such as 38.180.107[.]76, impacting thousands of users and dozens of organizations globally. → cyberpress.org |
| 2026-05-05 2026 | Widely used Daemon Tools disk app backdoored in monthlong supply-chain attack news | Writeup on the Daemon Tools supply-chain attack, detailing a monthlong compromise where malicious updates signed with official certificates infected versions 12.5.0.2421 through 12.5.0.2434. The malware, discovered by Kaspersky, exfiltrates system information and delivers follow-on payloads to select targets. This incident mirrors previous supply-chain attacks like CCleaner (2017), SolarWinds (2020), and 3CX (2023), highlighting the difficulty in defending against sophisticated, officially distributed compromises. → arstechnica.com |
| 2026-05-05 2026 | Kaspersky suspects Chinese hackers planted a backdoor into Daemon Tools in 'widespread' attack news | Writeup on a widespread supply chain attack where Chinese-linked hackers planted a backdoor in Daemon Tools, targeting thousands of Windows computers. This backdoor allowed the attackers to deploy additional malware on systems in the retail, scientific, manufacturing, and government sectors in Russia, Belarus, and Thailand. The attack, detected April 8th, remains active and highlights the growing trend of compromising popular software to distribute malicious code. → techcrunch.com |
| 2026-05-05 2026 | DAEMON Tools trojanized in supply-chain attack to deploy backdoor news | Writeup detailing a supply-chain attack that trojanized DAEMON Tools installers, versions 12.5.0.2421 through 12.5.0.2434, delivering a backdoor to thousands of systems globally since April 8. The attack compromised DTHelper.exe, DiscSoftBusServiceLite.exe, and DTShellHlp.exe, leading to initial infections and targeted deployments of a lightweight backdoor and, in one instance, the QUIC RAT, to high-value targets in retail, scientific, government, and manufacturing sectors across Russia, Belarus, and Thailand. → bleepingcomputer.com |
| 2026-05-05 2026 | Quasar Linux (QLNX) A Silent Foothold in the Supply Chain: Inside a Full-Featured Linux RAT With Rootkit PAM Backdoor Credential Harvesting Capabilities intermediate | Library for analyzing Quasar Linux (QLNX), a sophisticated Linux RAT with low detection rates, featuring a rootkit, PAM backdoor, and credential harvesting capabilities. QLNX targets developers and DevOps credentials in the software supply chain, extracting secrets from files like .npmrc, .pypirc, and .aws/credentials. It uses dynamic compilation of PAM modules and LD_PRELOAD rootkits, and employs P2P mesh networking for resilience, making eradication difficult. → trendmicro.com |
| 2026-05-05 2026 | New ScarCruft Supply Chain Attack Hits Gaming Platform With Windows and Android Backdoors news | Writeup detailing ScarCruft's supply chain attack on the sqgame platform, compromising Windows and Android versions with BirdCall and RokRAT backdoors. The attack, active since late 2024, targeted ethnic Koreans in China's Yanbian region, exploiting trojanized game packages and malicious update packages to exfiltrate personal data, contacts, and files via Zoho WorkDrive accounts. The analysis highlights the Android BirdCall backdoor's functionality, including silent operation, data collection, and microphone/screenshot capabilities, alongside the Windows RokRAT downloader. → cybersecuritynews.com |
| 2026-05-05 2026 | A rigged game: ScarCruft compromises gaming platform in a supply-chain attack news | Library by ESET researchers detailing a ScarCruft supply-chain attack targeting a gaming platform used by ethnic Koreans in China. The Windows client was compromised via a trojanized update containing the RokRAT backdoor, which deployed the BirdCall backdoor. Android games on the platform were also trojanized with an Android version of BirdCall, a new tool for ScarCruft, capable of espionage including data exfiltration, screenshots, and audio recording. |
| 2026-05-05 2026 | Supply chain attacks now make the budget case CISOs never could news | Perspective on supply chain attacks illustrating the budget case for application security. The piece highlights TeamPCP's exploitation of tools like Trivy, Checkmarx, and the LiteLLM library, leading to significant breaches impacting over 23,000 repositories and a $1.4 billion hack. It emphasizes the costly consequences of compromised pipelines, where attackers operate with internal permissions, and suggests mitigation strategies such as runtime monitoring, short-lived credential management, and integrity verification. → scworld.com |
| 2026-05-05 2026 | DAEMON Tools Supply Chain Attack Compromises Official Installers with Malware news | Writeup on the DAEMON Tools supply chain attack, where official Windows installers (versions 12.5.0.2421-12.5.0.2434) were trojanized with malware. Compromised binaries like DTHelper.exe launched an implant that fetched shell commands from "env-check.daemontools[.]cc." Payloads included envchk.exe for system info gathering and cdg.exe with cdg.tmp, leading to a backdoor and QUIC RAT. The attack impacted thousands globally, with targeted delivery to a dozen hosts across various sectors. AVB Disc Soft released version 12.6.0.2445 to fix the issue. → thehackernews.com |
| 2026-05-05 2026 | Kaspersky identifies ongoing supply chain attack on official Daemon Tools website distributing backdoor malware news | Analysis of a supply chain attack targeting Daemon Tools, which distributed backdoor malware via compromised installers disguised with valid digital certificates. The attack, affecting versions 12.5.0.2421 and later, granted threat actors arbitrary command execution and remote control capabilities by leveraging the software's elevated system privileges. Some targeted organizations also saw manual deployment of additional payloads like shellcode injectors and unknown RATs, with Chinese-language artifacts observed. |
| 2026-05-05 2026 | DAEMON Tools Software Hacked to Deliver Malware in a Supply Chain Attack news | Writeup of the DAEMON Tools supply chain attack, where trojanized installers (versions 12.5.0.2421-12.5.0.2434) signed with valid certificates delivered malware. The attack chain involves compromised binaries like DTHelper.exe, leading to a backdoor that uses PowerShell to download an information collector. Targeted secondary payloads, including the QUIC RAT backdoor, were deployed to high-value targets in government, scientific, manufacturing, and retail sectors. Indicators of compromise include SHA1 hash 2d4eb55b01f59c62c6de9aacba9b47267d398fe4 and the malicious domain env-check.daemontools[.]cc. → cybersecuritynews.com |
| 2026-05-05 2026 | Supply chain attack via DAEMON Tools news | Writeup detailing a supply chain attack via DAEMON Tools, where attackers injected malicious code into installers for versions 12.5.0.2421 through 12.5.0.2434, specifically compromising DTHelper.exe, DiscSoftBusServiceLite.exe, and DTShellHlp.exe. This compromise led to the deployment of information gatherers, a backdoor, and the QUIC RAT implant, targeting thousands of users globally since April 8, 2026. |
| 2026-05-05 2026 | 8.3M Downloads Compromised: Lightning & Intercom-Client Infected in Latest Shai-Hulud Attack news | Library update: The Python package `Lightning` (versions 2.6.2, 2.6.3) and the NPM package `intercom-client` (version 7.0.4) have been compromised by a Shai-Hulud supply chain attack, stealing credentials and API keys. Affected users should rotate keys, enable 2FA, and revert `Lightning` to version 2.6.1 or lower. The malware, a Node/Bun tool, collects secrets from the environment and exfiltrates them to an obfuscated host, while also using compromised npm tokens to download, patch, and republish trojanized packages. Over 1,800 repositories with stolen developer credentials were identified on GitHub. → ox.security |
| 2026-05-05 2026 | Popular Daemon Tools utility exploited in supply chain attack news | Writeup on the Daemon Tools supply chain attack, where trojanized installers from the official vendor website delivered a backdoor. The attack affected versions 12.5.0.2421 through 12.5.0.2434, tampering with DTHelper.exe, DiscSoftBusServiceLite.exe, and DTShellHlp.exe to establish a persistent foothold. Command-and-control communications utilized a typosquatting domain and sophisticated implants like QUIC RAT, supporting multiple protocols. This incident mirrors the 3CX attack and highlights the growing threat of supply chain compromises. → techzine.eu |
| 2026-05-05 2026 | Trellix Reveals Unauthorized Access to Source Code news | Writeup of Trellix source code breach, highlighting how unauthorized access to security vendor code provides attackers with a roadmap to controls and detections. This incident, linked to a pattern of targeting security vendors and software supply chains, underscores the risks associated with CI/CD gaps and overtrusted build workflows, echoing recent compromises like the Trivy software supply chain attack. → infosecurity-magazine.com |
| 2026-05-05 2026 | pnpm 11 Enables Default Release-Age Guard to Curb npm Supply Chain Attacks intermediate | Library update pnpm 11 introduces security-first defaults to mitigate supply chain attacks. It enforces a 24-hour minimum release age for new package versions, directly countering tactics used in campaigns like "Mini Shai-Hulud." The update also enables `blockExoticSubdeps` by default, preventing installations from non-standard sources like Git repositories. Furthermore, `allowBuilds` simplifies control over install-time script execution, a common vector for malicious code injection. These measures aim to disrupt common attack techniques by adding crucial delays and restrictions during dependency installation. → gbhackers.com |
| 2026-05-04 2026 | Local Guardrails for Secrets Security in the Age of AI Coding Assistants intermediate AI Secrets | Library for local secrets security, ggshield, by GitGuardian, helps protect developer workstations from credential theft in the age of AI coding assistants. This tool scans project workspaces, dotfiles, build output, and agent folders for exposed secrets, addressing the shift in attack surface towards developer environments. It aims to provide earlier checkpoints than traditional supply chain controls, catching issues while developers are still editing files rather than after they reach remote repositories. → blog.gitguardian.com |
| 2026-05-04 2026 | Cybercriminals Abuse Tanstack Package To Target Developer Environments news | Writeup detailing a supply chain attack where cybercriminals registered a malicious npm package named "tanstack," impersonating the legitimate TanStack project. This fake package, updated rapidly through versions 2.0.4 to 2.0.7, contained a postinstall hook that stole sensitive environment files like `.env` and `.env.local`, exfiltrating secrets such as AWS keys and API tokens via Svix webhooks. Immediate credential rotation for any exposed `.env` files is critical. → cyberpress.org |
| 2026-05-04 2026 | Tenable finds GitHub workflow flaw in Microsoft repo news | Tenable finds GitHub workflow flaw in Microsoft repo https://ift.tt/vVHJKMm |
| 2026-05-04 2026 | Tenable finds GitHub workflow flaw in Microsoft repo news | Tenable researchers discovered a critical vulnerability in a GitHub Actions workflow within a Microsoft repository. This flaw, if exploited, could have allowed for the potential compromise of code and sensitive information. Microsoft has since addressed the vulnerability, and Tenable has published details about the issue. No specific bounty payout amount was mentioned in the provided content. |
| 2026-05-02 2026 | Over 1800 Developers Impacted in Mini Shai-Hulud Supply Chain Attack Targeting SAP Lightning and Intercom news | Writeup of the Mini Shai-Hulud supply chain attack impacting over 1,800 developers through compromised SAP npm packages, the Lightning Python library (versions 2.6.2, 2.6.3), and Intercom integrations (intercom-client versions 7.0.4, 7.0.5; intercom-php). Attributed to TeamPCP, the attack steals credentials and API keys, exfiltrating them to public GitHub repositories and scanning for cloud environments and HashiCorp Vault secrets, evolving from earlier Shai-Hulud campaigns. → cxodigitalpulse.com |
| 2026-05-02 2026 | Shai-Hulud Hits SAP: Stolen Credentials Found in 1200 GitHub Repos news Secrets | Tool: Shai-Hulud worm variant, a Bun-based stealer, targets SAP npm packages, exfiltrating credentials, tokens, and cloud configurations. It uploads stolen data encrypted to over 1,200 public GitHub repositories, identifiable by the string "A Mini Shai-Hulud has Appeared." The malware attempts to steal secrets from developer machines, GitHub Actions environments, and cloud platforms like AWS, Azure, and GCP. Over 2.2 million monthly downloads are affected, with immediate actions including key rotation and upgrading affected packages. → ox.security |
| 2026-05-01 2026 | New software supply chain attack uses sleeper packages for credential theft and CI tampering news Secrets | Library providing insights into a new software supply chain attack campaign that uses sleeper packages, specifically malicious Ruby gems and Go modules, for credential theft and CI tampering. The attack, attributed to "BufferZoneCorp," leverages init functions within these modules to steal environment variables, SSH keys, and configuration secrets, exfiltrate data, tamper with GitHub Actions, and establish SSH persistence by adding attacker-controlled public keys. Developers are advised to remove suspicious packages and review systems for unauthorized changes. → scworld.com |
| 2026-05-01 2026 | 1800 Hit in Mini Shai-Hulud Attack on SAP Lightning Intercom news | Writeup of the Mini Shai-Hulud supply chain attack, impacting over 1,800 developers across PyPi, NPM, and PHP ecosystems. TeamPCP's campaign injected malicious versions of SAP NPM packages, the Lightning PyPi package, and the intercom-client NPM package with information-stealing malware. The payload, disguised with the description "A Mini Shai-Hulud has Appeared," exfiltrates credentials, keys, and tokens, targeting Kubernetes environments and HashiCorp Vault secrets, utilizing GitHub commits for C&C commands. → securityweek.com |
| 2026-05-01 2026 | Supply chain attack against SAP npm packages facilitates credential theft news Secrets | Library of npm packages, including `@cap-js/db-service`, `@cap-js/postgres`, and `@cap-js/sqlite`, were found to contain credential stealers. These malicious packages, deprecated from the npm repository, utilized pre-install scripts to exfiltrate developer credentials, tokens for GitHub and npm, GitHub Actions secrets, and cloud secrets for AWS, Azure, GCP, and Kubernetes. Researchers noted similarities to previous attacks and observed a departure from earlier methods, including AES-256-CGM encryption and self-commits to accessible GitHub repositories. → scworld.com |
| 2026-05-01 2026 | SAP Faces Twin Headwinds: A Supply Chain Attack and a Bruised Share Price news | Analysis of a sophisticated supply chain attack on SAP, where hackers compromised npm packages like the Cloud Application Programming Model and Cloud MTA Build Tool, injecting malicious scripts to steal credentials and security keys. This incident, coupled with a cautious market outlook, has led to a significant drop in SAP's share price, despite strong cloud business performance. The attack highlights the pervasive risk of open-source software infiltration, impacting investor confidence. |
| 2026-05-01 2026 | Open-source registries hit by 'Mini Shai-Hulud' supply chain attacks news | Library targeting supply chain attacks like 'Mini Shai-Hulud', which exploits polyglot environments by compromising popular packages such as PyTorch Lightning on PyPI and Intercom on npm to steal SSH keys, GitHub Actions tokens, and cloud provider credentials from developer machines and CI/CD pipelines across Python, PHP, Ruby, and Go ecosystems. |
| 2026-05-01 2026 | Poisoning the well: AI supply chain attacks on Hugging Face and OpenClaw news AI | Library of malicious AI skills targeting Hugging Face and ClawHub for malware delivery, including trojans, cryptominers, and AMOS stealer, leveraging indirect prompt injection and social engineering to execute encoded commands and hidden dependencies, expanding attack chains beyond initial user compromise. |
| 2026-05-01 2026 | Huntress Highlights Role in Analyzing High-Impact npm Supply Chain Attack news | Huntress played a crucial role in analyzing a significant npm supply chain attack. This attack targeted popular npm packages, demonstrating a sophisticated method of compromising software dependencies. Huntress's analysis provided critical insights into the attack's mechanics and impact, helping the security community understand and respond to this threat. The incident underscores the ongoing risks associated with software supply chains and the importance of robust security measures for package managers like npm. → tipranks.com |
| 2026-05-01 2026 | Poisoned Ruby Gems and Go Modules Exploit CI Pipelines for Credential Theft news | Attackers are exploiting vulnerabilities in Ruby Gems and Go Modules to compromise CI/CD pipelines and steal credentials. Malicious packages are disguised as legitimate dependencies, and once incorporated into a project's build process, they can execute arbitrary code. This allows attackers to access sensitive information like API keys and passwords stored within the CI environment. Organizations using these package managers should diligently audit their dependencies and implement robust security measures to prevent such attacks. → thehackernews.com |
| 2026-05-01 2026 | Supply Chain Attack Targets GitHub Actions via Malicious Ruby Gems and Go Modules news | Analysis of a supply chain attack targeting GitHub Actions via malicious Ruby Gems and Go modules. Threat actors leveraged deceptive packages, such as "knot-activesupport-logger" and "github[.]com/BufferZoneCorp/go-metrics-sdk," to compromise developer machines and CI pipelines by stealing SSH keys and AWS credentials, manipulating environment variables, disabling checksum verification, and establishing persistent backdoor access through SSH authorized_keys manipulation. → cyberpress.org |
| 2026-05-01 2026 | Kaspersky reveals a 37% increase in malicious packages compromising software supply chains news | Survey of a 37% increase in malicious packages compromising software supply chains, detailing incidents involving CPU-Z, HWMonitor, Axios (versions 1.14.1 and 0.30.4), and Notepad++, with Kaspersky GReAT analysis linking some attacks to Bluenoroff's GhostCall and GhostHire campaigns. The report emphasizes the growing threat to businesses and recommends solutions like Kaspersky Open Source Software Threats Data Feed and XDR/MXDR for monitoring and threat detection. |
| 2026-05-01 2026 | Ruby Gems and Go Modules Used in Campaign Targeting GitHub Actions news | Library detailing a sophisticated supply chain attack utilizing malicious Ruby gems and Go modules that target GitHub Actions. The attack exploits native extension builds for credential theft, scanning for secrets like SSH keys and AWS credentials, and exfiltrating data via hidden endpoints. Malicious Go modules subvert CI environments by tampering with dependency resolution, poisoning proxy settings, and disabling checksum verification. Some payloads attempt to establish persistent access by adding SSH public keys to authorized keys files. → gbhackers.com |
| 2026-05-01 2026 | The never-ending supply chain attacks worm into SAP npm packages other dev tools news | Survey of supply chain attacks targeting SAP npm packages, highlighting vulnerabilities within development tools. The article touches upon AI agents as potential attack vectors and the broader challenges in securing development environments and managing hardware lead times. It also mentions incidents like the "Ralph Wiggum" loop impacting Claude and the economic pressures on open-source registries to implement basic security measures. → theregister.com |
| 2026-04-30 2026 | SAP npm Supply Chain Attack Targets Developer Credentials news | Writeup of an SAP npm supply chain attack, TeamPCP group leveraging compromised @cap-js/sqlite, @cap-js/postgres, @cap-js/db-service, and mbt packages to steal developer credentials and secrets including GitHub, npm, AWS, Azure, GCP, and Kubernetes tokens via npm's preinstall script functionality and Bun JavaScript runtime. → esecurityplanet.com |
| 2026-04-30 2026 | TeamPCP Hits SAP Packages With 'Mini Shai-Hulud' Attack news | TeamPCP has developed a new attack targeting SAP applications called "Mini Shai-Hulud." This sophisticated threat leverages multiple vulnerabilities to bypass security controls and achieve remote code execution. The attack appears to be highly effective, capable of compromising SAP NetWeaver Application Server Java components. Further details on the exploit's mechanics and impact are available via the provided link. No specific bounty payout amounts were mentioned. → darkreading.com |
| 2026-04-30 2026 | SAP NPM Packages Targeted in Supply Chain Attack news | Library of compromised SAP NPM packages, including npm mbt 1.2.48, npm @cap-js/db-service 2.10.1, npm @cap-js/postgres 2.2.2, and npm @cap-js/sqlite 2.2.2, were found to contain malicious code as part of the Mini Shai-Hulud supply chain attack. The injected preinstall script acted as a bootstrapper, fetching and executing a Bun binary that stole local credentials, GitHub/NPM tokens, and cloud secrets. The malware exfiltrated data to GitHub repositories with a specific description and included a propagation mechanism, targeting SAP CAP and Business Technology Platform workflows. The incident is attributed to TeamPCP, leveraging a shared RSA public key for encryption. → securityweek.com |
| 2026-04-30 2026 | Google's fix for critical Gemini CLI bug might break your CI/CD pipelines news RCE | Writeup on a critical Gemini CLI bug fix from Google that may negatively impact CI/CD pipelines. The article discusses the implications of securing untrusted agentic development layers and the challenges of AI agents consuming significant API tokens. → theregister.com |
| 2026-04-30 2026 | Mini Shai-Hulud Targets SAP npm Packages With a Bun-Based Secret Stealer news | Library detailing "Mini Shai-Hulud," a Bun-based secret stealer targeting SAP npm packages like `@cap-js/sqlite`, `@cap-js/postgres`, `@cap-js/db-service`, and `mbt`. The malware uses a `preinstall` script to download and execute a credential stealer, harvesting GitHub tokens, npm tokens, cloud secrets from AWS, Azure, GCP, and Kubernetes, and exfiltrating encrypted results via public GitHub repositories. It propagates by injecting malicious code into other packages and commits. → aikido.dev |
| 2026-04-30 2026 | PyTorch Lightning Compromised in PyPI Supply Chain Attack to Steal Credentials news | Library compromised in a PyPI supply chain attack, pushing malicious versions 2.6.2 and 2.6.3 of PyTorch Lightning, leading to credential theft. The attack leveraged a hidden downloader and obfuscated JavaScript payload, executed automatically upon import, to harvest GitHub tokens, cloud credentials, and other secrets, with propagation techniques extending to npm packages. This incident is linked to the broader Mini Shai-Hulud campaign and threat actor TeamPCP. → thehackernews.com |
| 2026-04-30 2026 | Critical Gemini CLI Flaw Enabled Host Code Execution Supply Chain Attacks news RCE | Writeup of the Gemini CLI vulnerability, CVE-XXXX-XXXX, detailing how a flaw in the AI agent's handling of workspace configurations allowed for host code execution. Researchers at Novee Security discovered that Gemini CLI would load agent configurations without sandboxing or review, enabling attackers to inject malicious commands. This could lead to supply chain attacks within CI/CD pipelines, allowing unauthorized access to secrets and credentials, as demonstrated by a similar hijacking vulnerability affecting other AI agents like Claude and GitHub Copilot. → securityweek.com |
| 2026-04-30 2026 | Kaspersky Reports 37% Surge in Malicious Packages Targeting Global Software Supply Chains news | Survey of supply chain attacks, detailing a 37% surge in malicious packages targeting open-source projects by late 2025. Kaspersky GReAT research highlights compromised software like CPU-Z, HWMonitor, Axios (v1.14.1, 0.30.4), and Notepad++, noting shared tactics with Bluenoroff campaigns. The analysis emphasizes the need for monitoring open-source components, continuous infrastructure oversight via solutions like Kaspersky Next, and proactive incident response planning to mitigate these escalating threats. |
| 2026-04-30 2026 | Fake TanStack npm Package Exfiltrates Sensitive Developer Data news | Library that impersonates the legitimate TanStack npm package and exfiltrates sensitive developer environment variables. This supply-chain attack, detected by the Socket Research Team, involved malicious updates to the unscoped "tanstack" package, targeting files like `.env` and `readme` documents across versions 2.0.4 through 2.0.7, with one variant silently suppressing system logs. The incident also affected the dependent package "portalapp" version 1.0.0. → cyberpress.org |
| 2026-04-30 2026 | Huntress Highlights Analysis of axios npm Supply-Chain Attack news | Huntress Highlights Analysis of axios npm Supply-Chain Attack https://ift.tt/UZ8qry3 → tipranks.com |
| 2026-04-30 2026 | Shai-Hulud Worm Exposure Underscores Rising Software Supply Chain Risk news | The Shai-Hulud worm's exposure highlights growing software supply chain risks. This worm targeted specific vulnerable applications, showcasing how compromised components can spread malicious code throughout development pipelines. Its success emphasizes the critical need for robust security measures within the software supply chain, from development to deployment. Organizations must prioritize better visibility and control over their dependencies to mitigate such threats and prevent widespread damage. → tipranks.com |
| 2026-04-29 2026 | Supply Chain Campaign Targets SAP npm Packages with Credential-Stealing Malware news Secrets | Library for detecting the "Mini Shai Hulud" supply chain attack, which compromises SAP npm packages like `@cap-js/sqlite` and `@cap-js/postgres` using malicious preinstall scripts. The malware harvests developer and CI/CD secrets from GitHub, npm, and cloud providers (AWS, Azure, GCP) via multi-stage payloads, exfiltrating data through attacker-controlled GitHub repositories using the GraphQL API. It also attempts to poison GitHub repositories and steal browser credentials, with attribution to TeamPCP based on shared RSA keys and code similarities. → wiz.io |
| 2026-04-29 2026 | Malicious npm Dependency Linked to AI Assisted Commit Targets Crypto Wallets news AI | Library from ReversingLabs detailing the PromptMink campaign, involving the malicious npm dependency `@validate-sdk/v2`. This campaign, attributed to North Korean actor Famous Chollima, utilized AI-assisted commits (reportedly with Anthropic's Claude Opus) and a layered package structure to exfiltrate secrets, steal crypto wallet funds, and establish persistent remote access. The malware evolved from JavaScript to compiled binaries and Rust payloads, targeting both Linux and Windows, and demonstrated an increasing sophistication in leveraging AI development tools for supply chain attacks. → infosecurity-magazine.com |
| 2026-04-29 2026 | GitHub fixes RCE flaw that gave access to millions of private repos news RCE | Writeup on CVE-2026-3854, a critical remote code execution vulnerability in GitHub.com and GitHub Enterprise Server, allowing attackers with push access to gain read/write privileges to private repositories. The flaw stems from insufficient sanitization of user-supplied options during git push operations, enabling arbitrary code execution by chaining injected values. While GitHub.com was patched rapidly, many GitHub Enterprise Server instances remain vulnerable and require immediate upgrades. Wiz researchers discovered the vulnerability, which could have exposed millions of private repositories. → bleepingcomputer.com |
| 2026-04-29 2026 | Checkmarx Confirms Data Stolen in Supply Chain Attack news | Analysis of a supply chain attack targeting Checkmarx's KICS open source project, involving the Trivy supply chain compromise and attributed to TeamPCP. Attackers leveraged hijacked GitHub Action version tags, poisoned OpenVSX plugins, and two GitHub Actions workflows. Subsequently, Lapsus$ also joined in, claiming theft of source code, employee databases, API keys, and credentials, further poisoning a DockerHub KICS image, a GitHub action, and VS Code/Developer Assist extensions, impacting the Bitwarden CLI. → securityweek.com |
| 2026-04-29 2026 | Critical GitHub RCE bug exposed millions of repositories news RCE | Writeup of CVE-2026-3854, a critical command injection vulnerability in GitHub's Git push processing. This flaw, discovered by Wiz researchers and potentially aided by IDA MCP AI tooling, allowed authenticated users to execute arbitrary commands and achieve remote code execution by crafting malicious input within Git push requests. The vulnerability affected GitHub.com and GitHub Enterprise Server, granting access to millions of repositories and full server compromise in self-hosted environments. Patches have been released for affected GitHub Enterprise Server versions. → csoonline.com |
| 2026-04-29 2026 | Cursor AI IDE vulnerability allows code execution via hidden Git hooks news RCE | Writeup of CVE-2026-26268, an arbitrary code execution vulnerability in the Cursor AI IDE. This high-severity flaw, with a CVSS score of 8.1, is triggered when the AI agent processes a malicious Git hook hidden within a nested bare repository. The exploit allows attackers to gain control of a programmer's computer simply by cloning a compromised project, bypassing user interaction by leveraging the AI's autonomous command execution capabilities on untrusted code. Researchers from Novee discovered and reported this issue, which was fixed by Cursor developers in February 2026. → hackread.com |
| 2026-04-29 2026 | Critical GitHub Vulnerability Exposed Millions of Repositories news RCE | Writeup detailing CVE-2026-3854, a critical remote code execution vulnerability in GitHub's internal Git infrastructure. Exploitable via a single git push command by any authenticated user, this flaw impacted GitHub Enterprise Server and GitHub.com, potentially allowing arbitrary command execution on backend servers and access to millions of repositories and internal secrets. Wiz researchers discovered the vulnerability, noting easy exploitation and significant impact on both platforms, though GitHub has since deployed patches. → securityweek.com |
| 2026-04-29 2026 | GitHub.com and Enterprise Server Vulnerability Allows Remote Code Execution news RCE | Writeup detailing CVE-2026-3854, a critical RCE vulnerability in GitHub's git infrastructure allowing authenticated users to execute arbitrary commands via a standard `git push`. The flaw stems from improper sanitization of semicolon characters in the `X-Stat` header, enabling delimiter injection and overriding security policies. Attackers chained injections of `non-production rails_env`, `custom_hooks_dir`, and a `repo_pre_receive_hooks` definition with path traversal to bypass sandboxing and execute custom hooks, leading to full server compromise on GitHub Enterprise Server and broad filesystem access on GitHub.com. Wiz Research utilized AI-augmented tools like IDA MCP to analyze the exploit. → gbhackers.com |
| 2026-04-29 2026 | More fake extensions linked to GlassWorm found in Open VSX code marketplace news | Writeup on GlassWorm malware campaign, detailing the discovery of 73 new fake extensions impersonating trusted tools on the Open VSX code marketplace. These extensions, designed to evade detection with benign initial code and bundled native binaries, act as loaders to download the GlassWorm malware. Researchers highlight the systemic security gap in IDE extension management compared to software packages, lacking integrity verification and leading to credential theft. Recommendations include treating extensions as high-risk dependencies, disabling auto-updates, using SCA tools that cover extensions, and implementing strict approval processes. → csoonline.com |
| 2026-04-28 2026 | Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push news RCE | Writeup of CVE-2026-3854, a critical command injection vulnerability in GitHub.com and GitHub Enterprise Server, allowing authenticated users to achieve remote code execution via a single "git push" command. The flaw, discovered by Wiz, stems from unsanitized push option values within internal service headers, enabling attackers to override environment settings, bypass sandboxing, and execute arbitrary commands as the git user, potentially leading to cross-tenant repository exposure. Patches have been released for affected GitHub Enterprise Server versions. → thehackernews.com |
| 2026-04-28 2026 | Critical GitHub.com and Enterprise Server RCE Vulnerability Enables Full Server Compromise news RCE | Writeup detailing CVE-2026-3854, a critical RCE vulnerability in GitHub's internal git infrastructure, discovered by Wiz. This vulnerability, stemming from improper neutralization of special elements (CWE-77) in the babeld git proxy, allowed authenticated users to inject malicious fields into X-Stat headers via git push options. Exploitation required chaining three injected fields: non-production rails_env to bypass sandbox, custom_hooks_dir to redirect hooks, and repo_pre_receive_hooks with path traversal for arbitrary execution as the git service user. This could lead to full server compromise on GitHub Enterprise Server or access to millions of private repositories on GitHub.com. → cybersecuritynews.com |
| 2026-04-28 2026 | Securing the git push pipeline: Responding to a critical remote code execution vulnerability intermediate RCE | Writeup on CVE-2026-3854, a critical remote code execution vulnerability in GitHub's git push pipeline. The vulnerability allowed arbitrary command execution on the server by leveraging unsanitized user-supplied push options to inject metadata fields and bypass sandboxing. GitHub patched github.com within hours and released patches for GitHub Enterprise Server, recommending immediate upgrades. The writeup details the exploitation technique, response, and defense-in-depth measures, including the removal of an unnecessary code path. → github.blog |
| 2026-04-28 2026 | Bitwarden CLI Compromise Linked to Ongoing Checkmarx Supply Chain Campaign news | Writeup of the Bitwarden CLI compromise, a supply chain attack orchestrated by the Checkmarx campaign targeting developers. Threat actors compromised version 2026.4.0 by hijacking an npm package and injecting malicious code designed to steal credentials for GitHub, npm, AWS, GCP, Azure, AI tools like Claude Code, and even GitHub Actions secrets. The attack leveraged a GitHub Action within Bitwarden’s CI/CD pipeline, redirecting preinstall scripts to a custom loader that executed an obfuscated JavaScript payload. Stolen data was exfiltrated to a domain impersonating Checkmarx, with valid GitHub tokens used to enumerate and inject malicious workflows into repositories, turning compromised machines into pivot points for broader supply chain attacks. → securityboulevard.com |
| 2026-04-28 2026 | Hugging Face LeRobot Vulnerability Enables Unauthenticated Remote Code Execution Attacks news RCE | Writeup detailing CVE-2026-25874, a critical RCE vulnerability in Hugging Face's LeRobot framework. Unauthenticated attackers can exploit the unsafe use of `pickle.loads()` in LeRobot's PolicyServer, combined with insecure gRPC configurations (`add_insecure_port()`), to execute arbitrary system commands. This flaw, identified by researcher chocapikk, bypasses validation checks and allows malicious Python objects embedded in serialized payloads to achieve code execution before security checks are applied, potentially leading to full system compromise. → cyberpress.org |
| 2026-04-28 2026 | Hugging Face LeRobot Flaw Opens Door to Remote Code Execution Attacks news RCE | Writeup on CVE-2026-25874 in Hugging Face's LeRobot details a critical remote code execution vulnerability stemming from the use of Python's unsafe pickle.loads() function for deserializing data from an insecure gRPC PolicyServer. This flaw allows unauthenticated attackers with network access to execute arbitrary system commands by sending crafted serialized payloads to specific RPC endpoints like SendPolicyInstructions and SendObservations. The vulnerability is exacerbated by the lack of TLS encryption and authentication in the gRPC channel, and the use of #nosec comments indicates developers were aware of the risk. → gbhackers.com |
| 2026-04-28 2026 | Critical Cursor bug could turn routine Git into RCE news RCE | Writeup on CVE-2026-26268, a critical vulnerability in the Cursor IDE that allows arbitrary code execution through routine Git operations. Researchers at Novee Security discovered that a malicious repository, containing specially crafted Git hooks within a bare repository, can trigger the IDE's AI agent to execute attacker-controlled code upon operations like `git checkout`. This exploit bypasses traditional security by leveraging standard Git features autonomously executed by the AI. The issue is patched in Cursor version 2.5. → csoonline.com |
| 2026-04-28 2026 | Dozens of Open VSX Extension Clones Linked to GlassWorm Malware news | Analysis of 73 cloned extensions on the Open VSX marketplace reveals a sophisticated GlassWorm malware campaign. These extensions, masquerading as legitimate tools, employ social engineering and Unicode obfuscation to evade detection, stealing GitHub, Git, NPM credentials, and cryptocurrency. The malware's delivery mechanism involves bundled native binaries and remote payload retrieval, a tactic designed to bypass static analysis and compromise users through normal extension updates. → securityweek.com |
| 2026-04-28 2026 | Popular PyPI Package With 1 Million Monthly Downloads Hacked to Inject Malicious Scripts news | Writeup detailing a supply chain attack on the PyPI package elementary-data, version 0.23.3. Threat actors exploited a GitHub Actions pipeline vulnerability to inject a malicious script, bypassing standard security checks and publishing a compromised version. This information stealer payload targets cloud access tokens, SSH keys, Kubernetes tokens, cryptocurrency wallets, and environment variables. Affected users must rotate credentials and update to version 0.23.4. → cybersecuritynews.com |
| 2026-04-28 2026 | Malicious Python package poses new supply chain threat news Python | Writeup of elementary-data supply chain attack, detailing how attackers exploited a GitHub Actions vulnerability to steal signing keys and publish a malicious version (0.23.3). This compromised package, downloaded over a million times monthly, exfiltrated user credentials, cloud keys, and API tokens. Users are advised to rotate credentials and remove the malicious version, similar to past incidents involving Nx, TeamPCP, and GlassWorm. → techzine.eu |
| 2026-04-28 2026 | An open-source package with over 1 million monthly downloads has a vulnerability that has been exploited to distribute malware-infected versions and steal user credentials. news Secrets | Writeup of a supply chain attack on Elementary Open Source Python CLI v0.23.3, which was exploited to distribute malware and steal user credentials like API tokens and SSH keys. This incident highlights risks in developer account security and GitHub Actions workflows, impacting a package with over one million monthly downloads. Developers are advised to uninstall the compromised version, clear caches, rotate credentials, and check for malware. → gigazine.net |
| 2026-04-27 2026 | Ongoing supply-chain attack 'explicitly targeting' security dev tools news | Library of security and developer tools affected by a sophisticated supply-chain attack. Threat actors, including Lapsus$, have targeted tools like Trivy, KICS, and Checkmarx's GitHub repositories, injecting credential-stealing malware and poisoning Docker images. This campaign also compromised Bitwarden's CLI and exposed sensitive data, including source code and API keys, demonstrating a direct assault on the security ecosystem. → theregister.com |
| 2026-04-27 2026 | Open source package with 1 million monthly downloads stole user credentials news | Library **element-data** version 0.23.3 was compromised, stealing user credentials, cloud provider keys, API tokens, and SSH keys. A threat actor exploited a vulnerability in the developers' GitHub actions workflow to gain access to signing keys and sensitive information, allowing them to publish a malicious package to the Python Package Index and Docker image accounts. Users who installed the compromised version or ran the affected Docker image should assume their credentials may have been exposed. → arstechnica.com |
| 2026-04-27 2026 | Bitwarden CLI Impersonation Attack Steals Cloud Credentials and Spreads Across npm Supply Chains news | Writeup of the `@bitwarden/cli` npm supply chain attack by TeamPCP, detailing its worm-like propagation across AWS, Azure, and GCP credentials by harvesting secrets from local filesystems, environment variables, and cloud secret managers. The malicious package, version 2026.4.0, impersonated the legitimate Bitwarden CLI and spread to thousands of users before detection, impacting developer workstations and CI/CD pipelines. → paloaltonetworks.com |
| 2026-04-27 2026 | Claude Code is leaking API keys into public package registries news Secrets | Writeup on Claude Code's API key leak, where the AI coding assistant caches approved terminal commands, including credentials passed via environment variables, into a hidden `.claude/settings.local.json` file. This file, if not excluded by `.npmignore` or `package.json` configurations, can be inadvertently published to public registries alongside source code, exposing sensitive data to the software supply chain. Existing secret scanning tools often miss these exposures as they reside within AI tool-specific settings, requiring developers to manually update ignore files and package managers to preview artifacts before publishing. |
| 2026-04-27 2026 | Critical Gemini CLI Flaw Raises Supply Chain Security Concerns news RCE | Library update addressing GHSA-wpqr-6v78-jr5g, a critical Gemini CLI vulnerability enabling Remote Code Execution in CI/CD pipelines. The flaw arises from automatic workspace trust in headless mode and bypasses in Yolo execution mode, allowing command injection via malicious environment variables and prompt injection. Patches require upgrading the NPM package to 0.39.1 or 0.40.0-preview.3 and the GitHub Action to 0.1.22, alongside implementing workspace trust configurations and strict tool allowlists. → gbhackers.com |
| 2026-04-26 2026 | prompt-security/clawsec: A complete security skill suite for OpenClaw's and NanoClaw agents (and variants). Protect your SOUL.md (etc') with drift detection, live security recommendations, automated audits, and skill integrity verification. All from one installable suite. beginner AI | Library for comprehensive AI agent security, protecting against prompt injection and drift. It offers unified monitoring, integrity verification, and threat intelligence for platforms like OpenClaw, NanoClaw, Hermes, and Picoclaw. Key features include skill installer, file integrity protection with drift detection, live security advisories from NVD CVEs, automated audits for vulnerabilities, and SHA256 checksum verification for artifacts. The suite also supports advisory monitoring and hook-based protection flows, with Python utilities for local skill development and validation. |
| 2026-04-24 2026 | The npm Threat Landscape: Attack Surface and Mitigations beginner | Library detailing the evolving npm threat landscape, focusing on the Shai-Hulud worm and subsequent systematic supply chain compromises. It analyzes significant incidents like the Axios and Bitwarden CLI compromises, highlighting adversarial tactics such as wormable propagation via token theft, CI/CD pipeline persistence, and multi-stage payloads. The library also covers remediation playbooks for credential rotation and dependency purging, and details the technical specifics of obfuscation and execution mechanisms used by malware targeting npm users and distribution channels like Docker Hub and GitHub Actions. → unit42.paloaltonetworks.com |
| 2026-04-24 2026 | Flurry of Supply-Chain Software Library Attacks news | Library security overview detailing recent supply-chain attacks targeting open-source repositories like npm and PyPI. Attackers compromise popular packages, such as LiteLLM, Axios, Xinference, Namastex.ai, Checkmarx KICS, and Bitwarden CLI, injecting malware to steal developer credentials, secrets, and tokens. These poisoned packages, distributed via automated CI pipelines, can spread rapidly through software dependencies, highlighting the fragility of current development practices. → bankinfosecurity.com |
| 2026-04-24 2026 | Flurry of Supply-Chain Software Library Attacks news | Library attacks targeting npm and PyPI repositories have surged, compromising open-source projects like LiteLLM, Axios, Xinference, Namastex.ai, Checkmarx KICS, and Bitwarden CLI. Attackers inject data-stealing malware and worms, such as Shai-Hulud, into popular packages, which are then automatically merged into downstream projects via CI/CD pipelines. These compromises aim to steal developer credentials, cloud secrets, and spread laterally to other repositories, highlighting the fragility of software supply chains. |
| 2026-04-24 2026 | Checkmarx supply chain hack impacts Bitwarden CLI news | A supply chain hack, originating from Checkmarx, has impacted the Bitwarden command-line interface (CLI). This incident involved the compromise of a Bitwarden dependency, leading to the modification of the `pass` library. While the vulnerability was quickly identified and mitigated, users of the Bitwarden CLI are advised to update their software to ensure they are protected from any potential risks associated with the compromised dependency. No specific bounty payout amount was mentioned in the content. → scworld.com |
| 2026-04-24 2026 | Bitwarden CLI Compromised in Shai-Hulud Supply Chain Attack; 334 Developers Exposed news | Library compromising the Bitwarden CLI with malware in version `@bitwarden/cli@2026.4.0` exploited a supply chain attack via compromised GitHub Actions. The malicious package, discovered by JFrog and Socket, scanned for and exfiltrated developer secrets including GitHub/npm tokens, SSH keys, and AI assistant configurations to Checkmarx-impersonating domains or public GitHub commits, impacting 334 developers and linked to the "Shai-Hulud" campaign. |
| 2026-04-24 2026 | Bitwarden CLI tool compromised: hundreds of developers pull credential-stealing malware news | The Bitwarden command-line interface (CLI) tool was compromised, leading to hundreds of developers unknowingly downloading malware that steals credentials. This incident highlights a significant security breach within the open-source ecosystem. The compromised version of the CLI tool was distributed, potentially exposing sensitive information from affected users. → cybernews.com |
| 2026-04-24 2026 | GitHub Actions Abuse Fuels Bitwarden Supply Chain Attack - Open Source For You news | Library abuse within GitHub Actions facilitated a supply chain attack targeting the Bitwarden CLI, specifically version 2026.4.0. Attackers injected malicious JavaScript into an npm package, aiming to steal developer credentials, cloud secrets, and GitHub Actions secrets. This campaign, linked to Shai-Hulud activity, also compromised AI coding tools like Claude Code and Cursor, highlighting risks in CI/CD pipelines and open-source software trust. → opensourceforu.com |
| 2026-04-24 2026 | Bitwarden NPM Package Hit in Supply Chain Attack news | Writeup detailing the compromise of the Bitwarden CLI NPM package, version 2026.4.0, in a supply chain attack. The malicious package contained code to exfiltrate secrets and tokens from Azure, AWS, GitHub, GCP, and NPM, and weaponized GitHub tokens to abuse GitHub Actions. This incident shares similarities with previous attacks on Checkmarx, including payload structure and credential harvesting methods, and shows potential links to the Shai-Hulud worm campaigns. → securityweek.com |
| 2026-04-24 2026 | Bitwarden CLI Hit by Supply Chain Attack Through GitHub Actions news | Writeup detailing a supply chain attack on the Bitwarden CLI, where malicious code was injected into the `@bitwarden/cli` npm package via a compromised GitHub Actions workflow. The payload harvested GitHub tokens, cloud credentials (AWS, Azure, GCP), npm tokens, and SSH keys, communicating with C2 infrastructure linked to prior Checkmarx attacks. The malware exhibited a Russian locale kill switch and exfiltrated data to specially named GitHub repositories, referencing the "Dune" franchise. → cyberpress.org |
| 2026-04-24 2026 | Bitwarden CLI Compromised in Supply Chain Attack Exposes Developer Secrets news | Writeup of the Bitwarden CLI supply chain attack, where a malicious npm package (@bitwarden/cli@2026.4.0) was distributed via a compromised GitHub Actions workflow. This incident, part of a broader campaign linked to Checkmarx attacks, targeted developer secrets including GitHub and npm tokens, SSH keys, and cloud credentials, with potential for escalating into wider breaches by injecting malicious workflows. → cxodigitalpulse.com |
| 2026-04-24 2026 | Password manager Bitwarden suffers supply chain attack; users of the npm package should check their device. news | Writeup of Bitwarden CLI supply chain attack, where malicious code infiltrated the CI/CD pipeline via GitHub Actions into package '@bitwarden/cli2026.4.0'. Users should audit npm, check CI logs, change secrets, and scan GitHub for unauthorized activity. Similarities to the Checkmarx attack are noted, including a Russian-language environment exclusion, though different actors are suspected. → gigazine.net |
| 2026-04-24 2026 | Cloudsmith Raises $72M for Software Supply-Chain Security news | Library providing software supply-chain security through artifact management. Cloudsmith, a platform from Twilio's former chief customer officer, raised $72 million to enforce policies, audit usage, and reduce exposure to malicious or compromised packages by acting as an intermediary between developers and public repositories. This approach transforms artifact management into a security layer, offering insights into package popularity, maturity, and known risks to both human developers and AI agents, while also integrating data from external security tools for more nuanced policy decisions. → bankinfosecurity.com |
| 2026-04-24 2026 | Tenable Research Uncovers Remote Code Execution Vulnerability in Microsoft GitHub Repository Exposing CI/CD Pipeline to Unauthorized Code Execution news RCE | Writeup detailing a critical CVSSv4 9.3 vulnerability in a Microsoft GitHub repository exposing its CI/CD pipeline to unauthorized code execution. Tenable Research uncovered a Python string injection flaw within GitHub Actions workflows in the Windows-driver-samples repository, allowing attackers to inject malicious code via GitHub issue descriptions. This exploit grants them access to repository secrets like GITHUB_TOKEN, enabling privileged operations and potentially compromising the software supply chain. The findings highlight the critical nature of CI/CD infrastructure as an attack surface and emphasize the need for strict security controls, permission reviews, and pipeline monitoring. → cxodigitalpulse.com |
| 2026-04-23 2026 | Bitwarden CLI password manager trojanized in supply chain attack news | Writeup of Bitwarden CLI supply chain attack, where attackers published a trojanized version 2026.4.0 to npm. This malicious version, containing `bw_setup.js` and `bw1.js`, targeted cloud and development credentials, including GitHub, npm, AWS, and GCP tokens, and weaponized them for further access. The attack leveraged a compromised GitHub Action in Bitwarden's CI/CD pipeline, similar to incidents affecting Checkmarx KICS and Trivy, attributed to the TeamPCP group. Remediation involves revoking compromised tokens and keys, rotating secrets, and inspecting GitHub Actions workflows. → csoonline.com |
| 2026-04-23 2026 | Checkmarx Supply Chain Attack Exploits Docker Images and CI/CD Pipelines news | Library exploiting Docker image poisoning and VS Code extension vulnerabilities, specifically targeting Checkmarx KICS and associated extensions (versions 1.17.0, 1.19.0), as part of a multi-stage supply chain attack by the TeamPCP group. The attack involved redirecting Docker image tags like `v2.1.20` and `alpine`, and a second-stage payload `mcpAddon.js` was executed via the Bun runtime, leading to credential harvesting of GitHub tokens, cloud credentials, and SSH keys. This campaign extended to compromise the Bitwarden CLI, demonstrating a broader trend of CI/CD pipeline abuse. → esecurityplanet.com |
| 2026-04-23 2026 | Shai-Hulud: The Third Coming Bitwarden CLI Backdoored in Latest Supply Chain Campaign news | Analysis of Shai-Hulud worm's attack on the @bitwarden/cli package reveals its self-propagating nature, exfiltrating credentials, NPM tokens, GitHub tokens, AWS, GCP, and Azure information. The worm encrypts exfiltrated data using AES-256-GCM and uploads it to public GitHub repositories, potentially originating from Russia as it avoids Russian-configured systems. Affected users are advised to rotate keys, add 2FA, check for malicious GitHub repositories, and downgrade the @bitwarden/cli package. → ox.security |
| 2026-04-23 2026 | Tenable finds Microsoft GitHub flaw risking supply chains news | Vulnerability in Microsoft's GitHub windows-driver-samples repository, identified by Tenable Research, allowed attackers to exploit a Python string injection flaw within a GitHub Action. This allowed the triggering of automated scripts via a standard GitHub issue, leading to the potential theft of the GITHUB_TOKEN with broad permissions. The flaw highlights risks to the software supply chain and downstream users, with recommendations including restricted token permissions and auditing workflows. |
| 2026-04-23 2026 | New Checkmarx supply-chain breach affects KICS analysis tool news | Library compromise affects Checkmarx KICS, its Docker images, and VS Code extensions, with attackers injecting a hidden 'MCP addon' to steal credentials including GitHub tokens, AWS, Azure, and Google Cloud credentials, npm tokens, SSH keys, Claude configs, and environment variables, exfiltrating them to audit.checkmarx[.]cx. Affected users should block access to malicious domains, use pinned SHAs, revert to safe versions like DockerHub KICS v2.1.20, and rotate secrets. → bleepingcomputer.com |
| 2026-04-23 2026 | Checkmarx Docker Hub repository compromised with malicious images news | Writeup of the Checkmarx KICS Docker Hub repository compromise, where threat actors injected malicious images overwriting existing tags like v2.1.20 and alpine. These compromised images contained a modified KICS binary designed for data exfiltration to external endpoints, impacting users scanning infrastructure-as-code. Malicious code was also found in Checkmarx Visual Studio Code extensions (versions 1.17.0 and 1.19.0), enabling remote addon execution without user confirmation. → scworld.com |
| 2026-04-23 2026 | Namastex npm packages compromised in CanisterWorm supply chain attack news | Writeup on the CanisterWorm npm supply chain attack, which compromised Namastex Labs packages @automagik/genie and pgserve. The malicious postinstall script harvests secrets from environment variables and local system files, exfiltrating them via an HTTPS webhook and an Internet Computer Protocol (ICP) canister. The worm then attempts to self-propagate by injecting and republishing compromised packages, and also targets the Python Package Index (PyPI). This campaign is attributed to the TeamPCP threat actor and shares similarities with the Shai-Hulud worm. → scworld.com |
| 2026-04-23 2026 | No Off Season: Three Supply Chain Campaigns Hit npm PyPI and Docker Hub in 48 Hours news | Analysis of three supply chain attacks—Checkmarx KICS, CanisterSprawl, and xinference—that targeted npm, PyPI, and Docker Hub between April 21-23, 2026. These campaigns focused on stealing secrets like API keys, cloud credentials, and SSH keys from developer environments and CI/CD pipelines, with threat actors including TeamPCP utilizing techniques such as obfuscated payloads, postinstall hooks, and decentralized C2 channels. → securityboulevard.com |
| 2026-04-23 2026 | No Off Season: Three Supply Chain Campaigns Hit npm PyPI and Docker Hub in 48 Hours news | Analysis of three recent supply chain campaigns targeting npm, PyPI, and Docker Hub, including Checkmarx KICS, CanisterSprawl (pgserve, Namastex.ai), and xinference, highlights the consistent objective of stealing developer secrets like API keys and cloud credentials. These attacks, attributed in part to threat actor TeamPCP, demonstrate sophisticated evasion techniques and cross-ecosystem propagation. → blog.gitguardian.com |
| 2026-04-23 2026 | Xinference PyPI Package Compromised With Malicious Code to Steal Cloud Credentials news | Library compromise impacting Xinference versions 2.6.0 through 2.6.2 on PyPI, discovered after a user reported suspicious behavior. Malicious code, obfuscated and executed upon import, acts as an infostealer targeting cloud credentials (AWS, Google Cloud), Kubernetes tokens, SSH keys, API keys, database credentials, cryptocurrency wallets, and more, exfiltrating data to `whereisitat[.]lucyatemysuperbox[.]space`. The attack leveraged a hijacked account named "XprobeBot" and potentially impersonates "TeamPCP." Developers are advised to downgrade to 2.5.0, rotate credentials, enable MFA, and audit access logs. → cyberpress.org |
| 2026-04-23 2026 | Malicious Docker Images and VS Code Extensions Compromise Checkmarx Supply Chain news | Analysis of a supply chain attack where malicious Docker images, specifically a trojanized `checkmarx/kics` image under tags like `v2.1.20` and `alpine`, and compromised Visual Studio Code extensions, were used to exfiltrate sensitive data and compromise developer environments, highlighting risks in trusted repositories and developer ecosystems. → cxodigitalpulse.com |
| 2026-04-23 2026 | Checkmarx KICS Docker Repo Hijacked in Malicious Code Injection Attack news | Library compromise: The official Checkmarx KICS Docker Hub repository and VS Code extensions were targeted in a supply chain attack. Threat actors injected trojanized Docker images (affecting tags v2.1.20, v2.1.20-debian, alpine, debian, and latest) and tampered VS Code extensions (versions 1.17.0 and 1.19.0) to exfiltrate developer credentials and cloud secrets, including GitHub tokens, AWS, Azure, and GCP credentials, and SSH keys. The attack, claimed by TeamPCP, involved malicious Golang binaries and JavaScript payloads, utilizing Git history manipulation and abusing GitHub Actions for secret theft and NPM package republishing. → gbhackers.com |
| 2026-04-23 2026 | Xinference PyPI Breach Exposes Developers to Cloud Credential Theft news | Library compromise via supply chain attack; malicious versions of the Xinference Python package (2.6.0, 2.6.1, 2.6.2) uploaded to PyPI by threat actors via a compromised bot account (XprobeBot) embedded an infostealer. The malware targets cloud credentials (AWS, Google Cloud, Kubernetes), environment variables, SSH keys, API keys, cryptocurrency wallets (Bitcoin, Ethereum, Dogecoin, Monero), and service credentials for platforms like Discord and Slack. Developers are advised to downgrade to version 2.5.0, rotate all sensitive credentials, enable 2FA, and audit their environments. → gbhackers.com |
| 2026-04-23 2026 | axios npm Compromise: The Ultimate Supply Chain Scaries news | Writeup of the axios npm supply chain compromise details how attackers leveraged social engineering to gain access to the maintainer's account, publishing malicious versions of the popular JavaScript library. The compromise, attributed to the North Korean threat actor UNC1069, allowed for cross-platform malware delivery, including RATs capable of system reconnaissance and credential harvesting. The incident highlights risks associated with deep dependency chains and the trust inherent in the open-source ecosystem, drawing parallels to previous npm attacks like Shai-Hulud and the Trivy scanner compromise. |
| 2026-04-23 2026 | Xinference allegedly hacked by TeamPCP Malicious Package In PyPi news | Writeup of the Xinference supply chain attack on PyPI, detailing how malicious versions (2.6.0-2.6.2) were uploaded containing obfuscated infostealer code. This malware targets cloud credentials, API keys, environment variables, SSH keys, cryptocurrency wallets, and database credentials, sending stolen data to a remote server. The attack leveraged a compromised bot to inject the malicious base64 payload into the `__init__.py` file, affecting users who installed these compromised versions. Recommended actions include downgrading to version 2.5.0 and rotating sensitive keys. → ox.security |
| 2026-04-23 2026 | AI Supply-Chain Monitor Identifies Critical Axios Attack news | Tool for AI-driven supply-chain monitoring; this open-source library from Elastic Security Labs uses an LLM to assess package repository updates for malicious changes, successfully detecting a backdoored Axios version. The system monitors top npm and PyPI packages, enabling rapid identification and response to software supply-chain attacks, as demonstrated by its effectiveness shortly after implementation. |
| 2026-04-23 2026 | Aikido Security Launches Endpoint Protection for Developer Devices as Software Supply Chain Attacks Hit Unprecedented Scale news | Library from Aikido Security, Aikido Endpoint, protects developer devices from software supply chain attacks. It inspects and blocks risky packages, IDE extensions, browser plugins, and AI tools before installation. This addresses escalating threats like the TeamPCP and Axios compromises by focusing on developer machines, which hold critical credentials. Aikido Endpoint monitors all installs, enforces policies like blocking packages younger than 48 hours, and covers npm, PyPI, Maven, NuGet, VS Code extensions, browser extensions, and AI agent marketplaces. It builds on the open-source Safe Chain CLI firewall and offers enterprise-grade governance and approval workflows. |
| 2026-04-22 2026 | Another npm supply chain worm is tearing through dev environments news | Library for detecting npm supply chain worms, similar to CanisterWorm attacks attributed to TeamPCP and LiteLLM. This strain compromises packages like `@automagik/genie`, `pgserve`, and `@fairwords/websocket`, stealing secrets, API keys, and cryptocurrency wallet data. It exfiltrates information to both webhooks and ICP canisters, utilizing a "TeamPCP/LiteLLM method" and self-propagation logic to infect additional packages and PyPI repositories. → theregister.com |
| 2026-04-22 2026 | Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens news | Library for detecting and preventing supply chain attacks, such as the self-propagating worm found in npm packages like `@automagik/genie` and `pgserve`. It details how these worms, like CanisterSprawl, steal developer tokens and credentials for AWS, Azure, and Google Cloud, and can propagate to PyPI packages. The library also covers attacks targeting GitHub Actions' `pull_request_target` trigger and credential harvesting via LLM proxies. → thehackernews.com |
| 2026-04-22 2026 | Supply Chain Attacks Are Getting WorseHow to Shrink Your Exposure beginner | Library for mitigating supply chain attacks, focusing on techniques to shrink exposure following incidents like the Trivy and Axios compromises. It details strategies for containing damage through short-lived credentials, least-privilege access, and blast radius separation. Proactive measures include eliminating "latest" tag usage, implementing cool-down periods for package upgrades, requiring immutable release packages, and adopting dependency management tools like Renovate and Fairwinds Nova for automated patching and chart updates. → securityboulevard.com |
| 2026-04-22 2026 | Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain news | Writeup of supply chain attacks targeting Checkmarx, detailing malicious KICS Docker images and VS Code extensions. Threat actors overwrote Docker Hub tags and introduced compromised versions of the `cx-dev-assist` and `ast-results` extensions. The compromised artifacts exfiltrated GitHub tokens, AWS and Azure credentials, and SSH keys to external endpoints. These attacks, potentially by TeamPCP, leveraged stolen credentials to inject malicious GitHub Actions workflows and republish npm packages, creating further propagation paths. → thehackernews.com |
| 2026-04-22 2026 | Hypersonic Supply Chain Attacks: One Solution That Didn't Need to Know the Payload intermediate | Library that stops zero-day supply chain attacks like those targeting LiteLLM, Axios, and CPU-Z by using on-device behavioral AI. It detects malicious execution patterns rather than relying on signatures or reputation, making it effective against previously unseen payloads delivered through trusted channels, even when AI agents automate execution with unrestricted permissions. This approach, part of SentinelOne's Autonomous Security Intelligence, flags anomalous process chains and code execution in real-time, terminating threats before they can escalate. → sentinelone.com |
| 2026-04-22 2026 | Flaw in Microsoft-owned GitHub repository allowed RCE via issue submission news | Writeup detailing RCE via issue submission in Microsoft's Windows-driver-samples GitHub repository. The flaw exploited a GitHub Actions workflow that inserted unsanitized issue body content into a Python here-doc, allowing attackers to inject Python code and execute arbitrary commands. This could have led to exfiltration of the GITHUB_TOKEN secret, potentially enabling actions on behalf of Microsoft. The vulnerability, assessed with a CVSS score of 9.3, highlights the risks of CI/CD pipeline security, particularly with GitHub Actions and token permissions. → scworld.com |
| 2026-04-22 2026 | New npm supply-chain attack self-spreads to steal auth tokens news | Library for detecting and defending against npm supply-chain attacks. This worm-like malware self-propagates by injecting malicious code into packages, stealing developer credentials, API keys, cloud service secrets, cryptocurrency wallets (MetaMask, Exodus), and targeting AI agent tooling and database operations. It can also exfiltrate data from CI/CD systems, registries, and LLM platforms, and has been observed targeting PyPI packages with .pth-based payloads. Socket and StepSecurity offer indicators of compromise and remediation guidance, advising immediate removal of affected packages and rotation of all exposed secrets. → bleepingcomputer.com |
| 2026-04-22 2026 | Axios npm Supply Chain Attack: 83M Downloads Hit news | Library that details the March 31, 2026, Axios npm supply chain attack, where backdoored versions axios@1.14.1 and axios@0.30.4 were published, affecting 83 million weekly downloads. The attack injected a malicious dependency, plain-crypto-js, which delivered a cross-platform Remote Access Trojan (RAT) targeting macOS, Windows, and Linux. The analysis covers payload mechanics, obfuscation techniques, anti-forensics, and detection guidance, highlighting the exploit of trust in the JavaScript ecosystem. |
| 2026-04-22 2026 | Axios npm Hijack 2026: Everything You Need to Know news | Analysis of the Axios npm Hijack 2026 details a sophisticated supply chain attack where threat actors compromised the lead maintainer's npm account, publishing malicious versions of the popular JavaScript library. These versions, [email protected] and [email protected], silently installed a cross-platform RAT (SILKBELL and WAVESHAPER.V2) via a hidden dependency upon `npm install`. The attack, attributed to UNC1069, bypassed standard CI/CD security by directly publishing to the npm registry using a stolen access token, highlighting the importance of OIDC provenance and SLSA checks. → socradar.io |
| 2026-04-22 2026 | TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files news | Library compromising the `telnyx` Python package with versions 4.87.1 and 4.87.2 on PyPI. The malware uses audio steganography within `.WAV` files to deliver a multi-stage attack chain, harvesting credentials and exfiltrating data to `83.142.209[.]203:8080` on Linux/macOS, while establishing persistence via `msbuild.exe` on Windows. This supply chain attack by TeamPCP follows similar compromises of Trivy, KICS, and litellm. → thehackernews.com |
| 2026-04-22 2026 | litellm: Credential Stealer Hidden in PyPI Wheel news | Library detailing a supply chain compromise within the litellm Python package. Versions 1.82.7 and 1.82.8 were found to contain a malicious payload that harvests credentials, encrypts them using AES-256 and RSA-4096, and exfiltrates them to an attacker-controlled domain. The compromise leveraged two distinct injection techniques: a `.pth` file in version 1.82.8, and an embedded base64 blob in `proxy_server.py` for version 1.82.7. This attack potentially gained initial access through a pivot from a compromise of the Trivy tool used in litellm's CI/CD pipeline. → stepsecurity.io |
| 2026-04-22 2026 | What's Coming to Our GitHub Actions 2026 Security Roadmap news | Library for securing GitHub Actions, this roadmap details upcoming features to enhance supply chain security. Key developments include workflow dependency locking with commit SHAs for reproducibility, policy-driven execution protections through rulesets to control triggers and permissions, and scoped secrets to bind credentials to specific contexts, preventing over-permissioning and blurring trust boundaries. Additionally, enterprise-grade endpoint protections are introduced with the Actions Data Stream for visibility and a native egress firewall for control, addressing challenges seen in recent attacks like those on tj-actions/changed-files and Nx. → github.blog |
| 2026-04-22 2026 | Shai-Hulud npm Supply Chain Attack: New Compromised Packages Detected news | Writeup on the Shai-Hulud npm supply chain attack details a significant wave of compromised packages, including new variations and obfuscation techniques. Threat actors are targeting popular npm packages to steal credentials from GitHub, NPM, AWS, GCP, and Azure, then exfiltrating this data by creating encoded repositories. The attack utilizes a data-stealer payload bundled within Webpack applications, often disguised as system optimization tools, and employs utilities like TruffleHog to gather secrets. |
| 2026-04-22 2026 | LiteLLM and Telnyx Compromised on PyPI: Tracing the TeamPCP Supply Chain Campaign news | Library detailing the TeamPCP supply chain campaign that compromised LiteLLM and Telnyx packages on PyPI. This extensive campaign began with a Trivy compromise, spread through npm and GitHub Actions, and included Kubernetes exploitation. Defenders should treat installations of LiteLLM versions 1.82.7/1.82.8 or Telnyx versions 4.87.1/4.87.2 as credential exposure events. → securitylabs.datadoghq.com |
| 2026-04-22 2026 | Keeping Your GitHub Actions Secure Part 1: Preventing Pwn Requests intermediate | Library detailing secure GitHub Actions workflows, specifically addressing the risks of the `pull_request_target` trigger when processing untrusted pull requests. It highlights how attackers can exploit this to gain repository write permissions or steal secrets by injecting malicious code into build scripts, package.json, or npm pre/postinstall scripts. The library advocates for a `pull_request` trigger for unprivileged handling of untrusted code and a subsequent `workflow_run` trigger for privileged operations, using artifacts to safely transfer data. → securitylab.github.com |
| 2026-04-22 2026 | GitHub Actions Security Pt 1: Attacks & Defenses (Wiz) intermediate | Library detailing GitHub Actions security, addressing common misconfigurations and outlining defensive strategies. It explains the threat model, covering risks like Pull Request pwnage and script injection, exemplified by attacks such as the Trivy supply chain compromise exploiting `pull_request_target` and `workflow_run` triggers. The entry emphasizes understanding the trust boundary between repository owners and external actors to prevent code execution with elevated permissions. → wiz.io |
| 2026-04-22 2026 | Are SBOMs Failing? Supply Chain Attacks Rise as Security Teams Struggle With SBOM Data beginner | Analysis of SBOM failures reveals that while Software Bills of Materials and Vulnerability Exploitability eXchange statements offer data, security teams lack decision clarity. Supply chain attacks, including those leveraging Trivy and Axios, persist due to inconsistent interpretation of SBOM/VEX data, lack of updated SBOM delivery, and hesitations in exploitability assertions. Researcher Devashri Datta advocates for a unified, governance-driven intelligence layer to interpret SBOMs as lifecycle signals and VEX as contextual input, enabling explainable and defensible decisions amidst increasing regulatory pressure and rapid exploitation times. → securityweek.com |
| 2026-04-22 2026 | Axios supply chain attack deploys multi-OS malware news | Analysis of the Axios supply chain attack details how malicious versions, axios@1.14.1 and axios@0.30.4, infected npm users with a cross-platform RAT. The attack, attributed to North Korean state actor Sapphire Sleet, exploited compromised npm credentials and bypassed CI/CD pipelines to deliver malware via the plain-crypto-js dependency. The RAT features obfuscated Node.js droppers, C2 communication, and self-deletion to evade detection, posing significant risks for credential and data exfiltration. Remediation involves updating or downgrading Axios and rotating secrets, with IoCs provided for affected systems. |
| 2026-04-22 2026 | AI-Driven Endpoints Highlight Expanding Software Supply Chain Risk beginner | AI-Driven Endpoints Highlight Expanding Software Supply Chain Risk https://ift.tt/Op8eSmM → tipranks.com |
| 2026-04-22 2026 | Aikido Unveils Endpoint Security as Supply Chain Attacks Hit Developers news | Library that acts as a security agent on developer machines, inspecting and blocking threats before installation. It monitors package manager installations, VS Code extensions, and AI agent skills, cross-referencing with Aikido Intel to identify malicious packages. A key feature is blocking packages published within 48 hours, addressing the critical window for new malicious distributions, and it builds on Aikido's open-source Safe Chain CLI firewall. |
| 2026-04-21 2026 | Critical Microsoft GitHub Flaw Highlights Dangers to CI/CD Pipelines: Tenable news | Critical Microsoft GitHub Flaw Highlights Dangers to CI/CD Pipelines: Tenable https://ift.tt/nvuCc9x |
| 2026-04-21 2026 | CISA urges security teams to view environments following axios compromise news | CISA urges security teams to view environments following axios compromise https://ift.tt/JYRaA0z → cybersecuritydive.com |
| 2026-04-21 2026 | CISA Warns Axios npm Package Was Compromised in Major Supply Chain Attack news | Alert regarding a supply chain attack targeting the Axios npm package, specifically versions 1.14.1 and 0.30.4, which were compromised by injecting a malicious dependency, plain-crypto-js@4.2.1. The attack deploys a remote access trojan (RAT) on developer machines. Recommendations include reverting to safe Axios versions (axios@1.14.0 or axios@0.30.3), deleting the malicious dependency, rotating credentials, blocking C2 domains, and implementing long-term prevention strategies like `.npmrc` configurations (`ignore-scripts=true`, `min-release-age=7`) and requiring phishing-resistant MFA. → cybersecuritynews.com |
| 2026-04-21 2026 | Aikido Security launches Endpoint to secure AI development and mitigate supply chain attacks news | Library for securing AI development and mitigating supply chain attacks. Aikido Security's Endpoint agent monitors developer workstations, providing visibility and control over software packages, development environments, and AI tools. It inspects imported tools and packages, holding new releases for 48 hours to reduce risk. Security teams can audit actions and enforce policies based on team, role, and device. → scworld.com |
| 2026-04-21 2026 | Introducing Endpoint Protection: Security for Developer Devices news | Library for protecting developer devices against software supply chain attacks. It prevents malicious package installs, IDE extensions, browser plug-ins, and AI skills by offering visibility into installed software, blocking threats before installation, enforcing package age policies, and enabling approval workflows. Built upon the open-source Safe Chain project and powered by the LLM-based Aikido Intel threat intelligence engine, it aims to secure developer workstations without hindering productivity, addressing vulnerabilities exemplified by the Shai-Hulud and Axios attacks. → aikido.dev |
| 2026-04-21 2026 | Aikido Security Launches Endpoint Protection for Developer Devices as Software Supply Chain Attacks Hit Unprecedented Scale news | Library Aikido Endpoint protects developer devices against software supply chain attacks by inspecting and blocking risky packages, IDE extensions, browser plugins, and AI tools before installation. It covers npm, PyPI, Maven, NuGet, VS Code extensions, and more, building on the Safe Chain CLI firewall's protection against threats like Shai-Hulud and the Axios compromise. Endpoint enforces protective defaults, such as blocking packages published less than 48 hours ago, and offers governance controls and approval workflows for enterprise deployment. |
| 2026-04-21 2026 | CISA Warns Axios npm Package Was Compromised in Major Supply Chain Attack news | Warning from CISA detailing a major supply chain attack on the Axios npm package, versions 1.14.1 and 0.30.4, which contained a malicious dependency, plain-crypto-js v4.2.1. This injected malware, a remote access trojan (RAT), allowing attackers to steal sensitive data and gain persistent access to compromised systems. Recommendations include downgrading Axios, removing the malicious `node_modules/plain-crypto-js/` directory, revoking and rotating exposed credentials, and implementing security controls like `ignore-scripts=true` and `min-release-age=7` in `.npmrc`. → cyberpress.org |
| 2026-04-21 2026 | CISA Warns Compromised Axios npm Package Fueled Major Supply Chain Attack news | Alert from CISA details a significant supply chain attack involving the compromised Axios npm package, versions 1.14.1 and 0.30.4, which installed a malicious dependency, plain-crypto-js v4.2.1. This backdoor payload deployed a Remote Access Trojan (RAT) capable of stealing source code, environment variables, and pivoting into CI/CD pipelines. Recommended mitigations include downgrading Axios to safe versions (1.14.0 or 0.30.3), removing the malicious dependency, rotating credentials, monitoring for connections to Sfrclak[.]com, and implementing npm configuration changes like `ignore-scripts=true` and `min-release-age=7`. → gbhackers.com |
| 2026-04-21 2026 | The Vercel Breach: OAuth Supply Chain Attack Exposes the Hidden Risk in Platform Environment Variables news | Analysis of the Vercel breach, an OAuth supply chain attack beginning around February 2026, details how a compromised third-party application and platform environment variables bypassed traditional defenses. The incident, initiated by Lumma Stealer malware infecting a Context.ai employee, exploited Vercel's environment variable model where non-sensitive credentials were exposed to attackers with internal access. This breach highlights risks inherent in OAuth trust relationships, amplified by AI-accelerated tradecraft and significant detection-to-disclosure latency, urging architectural changes like treating OAuth apps as third-party vendors and eliminating long-lived platform secrets. → trendmicro.com |
| 2026-04-21 2026 | The Vercel Breach: OAuth Supply Chain Attack Exposes the Hidden Risk in Platform Environment Variables news | Analysis of the Vercel breach details an OAuth supply chain attack where a compromised third-party application granted long-lived, password-independent access, bypassing traditional defenses. This incident highlights the risk of platform environment variables being readable with internal access, especially when not explicitly marked as sensitive. The attack chain, initiated by Lumma Stealer malware affecting Context.ai, demonstrates AI-accelerated tradecraft and raises concerns about detection-to-disclosure latency in platform breaches, fitting a broader pattern of attacks targeting developer-stored credentials across various platforms. → trendmicro.com |
| 2026-04-21 2026 | The Vercel Breach: OAuth Supply Chain Attack Exposes the Hidden Risk in Platform Environment Variables news | Analysis of the Vercel Breach details an OAuth supply chain attack where a compromised third-party application granted unauthorized access to Vercel's internal systems. This exploit, enabled by Lumma Stealer malware infecting a Context.ai employee, allowed attackers to exfiltrate environment variables for a subset of customer projects, bypassing perimeter defenses. The incident highlights risks associated with platform environment variable models, detection-to-disclosure latency, and the broader trend of credential compromises across developer tools, emphasizing the need for architectural changes like treating OAuth apps as vendors and assuming provider-side compromise. → trendmicro.com |
| 2026-04-21 2026 | Astrix Security Highlights Rising Risk in OAuth-Driven Supply Chain Attacks news | Astrix Security Highlights Rising Risk in OAuth-Driven Supply Chain Attacks https://ift.tt/pdx7G9Z → tipranks.com |
| 2026-04-20 2026 | The Vercel Breach: OAuth Supply Chain Attack Exposes the Hidden Risk in Platform Environment Variables news | Analysis of the Vercel breach details an OAuth supply chain attack where a compromised third-party application granted attackers long-lived access to Vercel's internal systems. This allowed them to read environment variables, amplified by Vercel's model where non-sensitive credentials were exposed without additional controls for compromised teams. The incident highlights risks in platform environment variables, detection-to-disclosure latency, and a convergence pattern of targeting developer-stored credentials across various platforms. → trendmicro.com |
| 2026-04-20 2026 | Vercel incident falls short of a supply chain attack news | Analysis of the Vercel incident highlights how a third-party AI tool compromise, Context.ai, led to a Google Workspace account takeover, granting access to internal Vercel systems. While not a full supply chain attack like SolarWinds, experts like Guillaume Valadone (GitGuardian) and Morey Haber (BeyondTrust) emphasize its supply chain characteristics, cautioning that such incidents can escalate if attackers access publishing pipelines. Recommendations include aggressive credential rotation, redeployment of builds, and hunting for persistence artifacts, as compromised platforms like Vercel pose risks to downstream applications and services. → scworld.com |
| 2026-04-20 2026 | Supply Chain Attack Hits Vercel: User Data is Being Sold on BreachForums For $2M news | Analysis of the Vercel and Context AI supply chain attack, detailing how compromised OAuth tokens and a malicious Chrome extension led to Vercel's internal database being offered for sale on BreachForums. The incident highlights risks associated with AI systems and third-party integrations, emphasizing the need for immediate key rotation, 2FA enablement, and auditing of third-party app access, particularly for Google Workspace and Vercel-maintained packages like Next.js. → ox.security |
| 2026-04-20 2026 | Why the Axios attack proves AI is mandatory for supply chain security news | Library for AI-powered security operations, necessitated by attacks like the recent Axios supply chain compromise by North Korean threat actors. This resource highlights how AI-driven monitoring can detect malicious code changes in real-time, a crucial capability against adversaries leveraging AI for automated reconnaissance and evasive malware. It argues that AI is essential for matching the speed and complexity of modern threats, transforming Security Operations Centers (SOCs) into agentic workflows that amplify human analysts and significantly reduce mean time to detect and respond. → cyberscoop.com |
| 2026-04-20 2026 | Aikido Security Launches Endpoint Protection for Developer Devices as Software Supply Chain Attacks Hit Unprecedented Scale news | Library for protecting developer devices from software supply chain attacks. Aikido Endpoint inspects and blocks risky packages, IDE extensions, browser plugins, and AI tools before installation, addressing threats like those seen in the TeamPCP and Axios compromises. It monitors all installs across a machine, enforces protective defaults like blocking packages published less than 48 hours ago, and covers npm, PyPI, Maven, NuGet, VS Code extensions, and AI agent marketplaces. |
| 2026-04-20 2026 | Aikido Endpoint offers developers additional protection against supply chain attacks news | Library for blocking supply chain attacks, Aikido Endpoint protects developer endpoints by monitoring and blocking high-risk packages, IDE extensions, browser plugins, and AI tools before installation. Built on the open-source Safe Chain CLI firewall, it prevents threats like those seen in Shai-Hulud, TeamPCP, and the Axios attack by employing default settings such as blocking packages published less than 48 hours ago. This targets vulnerabilities on developer machines, which contain sensitive information like cloud credentials and SSH keys, often missed by repository-focused security tools. → techzine.eu |
| 2026-04-20 2026 | Aikido Security Launches Endpoint Protection for Developer Devices as Software Supply Chain Attacks Hit Unprecedented Scale news | Library for protecting developer devices against software supply chain attacks, inspecting and blocking risky packages, IDE extensions, browser plugins, and AI tools before installation. It monitors and blocks all installs across the machine, enforcing protective defaults like a 48-hour minimum install age to mitigate threats from compromised accounts and malicious packages, referencing attacks like those from TeamPCP and the Axios compromise. Coverage extends to npm, PyPI, Maven, NuGet, VS Code extensions, browser extensions, and AI agent skills marketplaces. |
| 2026-04-20 2026 | New security agent helps fight software supply chain attacks news | New security agent helps fight software supply chain attacks https://ift.tt/tRoy3LB |
| 2026-04-20 2026 | Aikido launches Endpoint to secure AI-native developer workflows news | Library that secures AI-native developer workflows by blocking malicious packages, IDE extensions, and AI tools in real-time before they impact developer machines. Aikido Endpoint inspects installations against Aikido Intel, a threat intelligence feed, and automatically halts packages published within the last 48 hours. It offers ecosystem-wide malware protection, granular access controls with approval workflows, and visibility into AI tool usage and costs, building upon the open-source Aikido Safe Chain. |
| 2026-04-19 2026 | Shai-Hulud: A Persistent Secret Leaking Campaign — GitGuardian news | Analysis of the Shai-Hulud campaign details a persistent supply chain attack targeting NPM packages like @ctrl/tinycolor, using malicious GitHub Actions to exfiltrate secrets from local environments and repositories. Similar to the s1ngularity and GhostActions campaigns, this attack injects compromised workflows to steal credentials, including GitHub tokens, NPM tokens, and AWS Keys. GitGuardian's HasMySecretLeaked service allows developers to check for compromised secrets without exposing their values. → blog.gitguardian.com |
| 2026-04-19 2026 | Defending Against npm Supply Chain Attacks — Splunk intermediate | Library for detecting and analyzing npm supply chain attacks. It offers tools like `npm-threat-emulation` for safe adversary simulation and `Package-Inferno` for deep package analysis. The library addresses the challenges of understanding npm's attack surface, the detection gap in traditional security tools, and the need for realistic testing against evolving threats, including self-propagating worms and sophisticated phishing campaigns targeting cryptocurrency wallets and CI/CD environments. |
| 2026-04-19 2026 | Multiple Supply Chain Attacks against npm Packages — Red Hat news | Analysis of multiple npm supply chain attacks, including "s1ngularity" targeting Nx, a broad "popular packages" campaign hitting developers of frequently downloaded packages like `debug` and `chalk`, and the "shai-hulud" worm and its subsequent waves. These campaigns impacted hundreds of Node.js components, though Red Hat products remained unaffected due to version pinning practices. |
| 2026-04-19 2026 | Shai-Hulud Malware: Second-Wave npm Supply Chain Attack news | Analysis of the Shai-Hulud malware campaign details a second wave of supply-chain attacks targeting npm packages, exploiting preinstall scripts like setup_bun.js to exfiltrate developer secrets including GitHub, AWS, GCP, and Azure credentials. This malware self-propagates using stolen npm tokens and can delete home directories if exfiltration fails. Recommendations include reviewing GitHub for malicious repositories, identifying and removing affected npm packages, and rotating compromised secrets such as AWS access keys and GitHub personal access tokens. → arcticwolf.com |
| 2026-04-19 2026 | CISA: Widespread Supply Chain Compromise Impacting npm Ecosystem news | Alert regarding a widespread supply chain compromise impacting the npm ecosystem. A self-replicating worm, "Shai-Hulud," has compromised over 500 packages, exfiltrating sensitive credentials like GitHub PATs and API keys for AWS, GCP, and Azure. CISA urges dependency reviews, checking lock files, pinning versions, rotating credentials, mandating MFA, and hardening GitHub security to detect and remediate this threat. |
| 2026-04-18 2026 | Supply Chain Cyber Attacks Surge as EU Breach Exposes Weaknesses news | Analysis of a supply chain cyberattack targeting the Trivy security scanner, which led to a significant European Commission cloud breach. Attackers exploited misconfigured GitHub Actions workflows to compromise Trivy, subsequently harvesting data from CI/CD environments and exfiltrating sensitive information after gaining AWS credentials. This incident highlights the widespread impact of compromised dependencies, affecting thousands of repositories and multiple EU entities, and underscores the increasing reliance on and vulnerability of open-source tools within modern software supply chains. |
| 2026-04-18 2026 | Trivy Supply-Chain Attack: Trusted Scanner Compromised Rotate CI/CD Secrets Now news | Library for securing CI/CD pipelines against supply-chain attacks, particularly concerning the Trivy scanner compromise (CVE-2026-33634, GHSA-69fq-xp46-6×23). The library details techniques for mitigating risks associated with compromised scanning tools, including mandatory secret rotation, auditing pipeline runs, pinning GitHub Actions tags to immutable SHAs, enforcing least-privilege for runners, and increasing monitoring. It highlights how attackers exploit tag mutability and privileged scanner access to steal credentials and access cloud environments. |
| 2026-04-17 2026 | Q1 2026 Open Source Malware Index: Adaptive Attacks Exploit Trust news | Index of Q1 2026 open source malware details 21,764 malicious packages, with npm accounting for 75% and trojans dominating credential theft and host reconnaissance. Defining the quarter was trust abuse, as seen in the SANDWORM_MODE campaign's adaptive behavior, the LiteLLM compromise via trusted tooling, and the axios compromise exploiting transitive dependencies, highlighting attackers' success by hiding behind legitimate workflows and package names. → sonatype.com |
| 2026-04-17 2026 | Critical Supply Chain Attack on EssentialPlugin WordPress Suite Exposes Over 400000 Websites to Malware news | Writeup of a critical supply chain attack on the EssentialPlugin WordPress suite, impacting over 400,000 websites. The attack involved a dormant backdoor, introduced after the plugin's acquisition, which activated to enable arbitrary file writes and malware injection. The technique utilized unauthenticated REST API endpoints and PHP object injection to create a backdoor file (wp-comments-posts.php) and modify wp-config.php, leading to spam pages and redirects. Mitigation involves immediate removal of affected plugins and manual inspection for malicious files. → rescana.com |
| 2026-04-17 2026 | Closing the Chain: How to reduce SolarWinds/Log4j/XZ risk (arXiv) intermediate | Analysis of SolarWinds, Log4j, and XZ Utils attacks systematically maps attacker techniques to 73 mitigation tasks across 10 software supply chain frameworks. Prioritized mitigation tasks include role-based access control, system monitoring, and boundary protection. The analysis also identified critical missing tasks, such as sustainable open-source software support and environmental scanning tools, highlighting continued vulnerabilities in existing frameworks. → arxiv.org |
| 2026-04-17 2026 | SolarWinds Supply Chain Attack (Fortinet) news | SolarWinds Supply Chain Attack (Fortinet) |
| 2026-04-17 2026 | ossf/malicious-packages: Reports of malicious open source packages news | Database of malicious open source packages, consumable via the OSV format, documenting attacks like typosquatting, dependency confusion, and account takeovers. This resource aims to protect the community by providing a comprehensive collection of identified malicious packages from various ecosystems, including npm and PyPI, serving as a data source for improved detection and analysis of emerging open source malware. |
| 2026-04-17 2026 | 5 Examples of Dependency Confusion Attacks (Spectral) intermediate | Examples of dependency confusion attacks are detailed, showcasing how attackers exploit trust in public package repositories to inject malicious code into software supply chains. The article illustrates this through scenarios like mimicking internal library names, typosquatting, and exploiting versioning ambiguities, referencing specific instances with npm and PyPI. It highlights the risks, including remote code execution and data theft, and proposes countermeasures such as prioritizing internal repositories, specifying exact versions, and employing monitoring tools to detect suspicious package releases. |
| 2026-04-17 2026 | What Is a Dependency Confusion Attack? (Aqua Security) beginner | Library detailing dependency confusion attacks, a software supply chain technique where malicious code replaces legitimate application dependencies. The article explains how attackers exploit dependency configurations by planting malicious versions in repositories, using typosquatting, or even leveraging "hallucinated" dependencies from AI-generated code. It references real-world incidents involving PyTorch, npm, and ethical hacking demonstrations against companies like Apple. |
| 2026-04-17 2026 | Defender's Perspective: Dep Confusion and Typosquatting (SLSA) intermediate | Reference on dependency confusion and typosquatting attacks, detailing how these exploit package manager vulnerabilities for arbitrary code execution. It highlights the attacker's methods, including package name reconnaissance and malicious payload injection. The entry also discusses mitigations such as namespacing and pinning, and emphasizes how SLSA build provenance can create secure bindings between package names, versions, source repositories, and build systems to defend against these supply chain risks. |
| 2026-04-17 2026 | SBOMs in 2026: Some Love, Some Hate, Much Ambivalence news | SBOMs in 2026: Some Love, Some Hate, Much Ambivalence → darkreading.com |
| 2026-04-17 2026 | Software Bill of Materials (SBOM) (CISA) beginner | Guide from CISA detailing Software Bill of Materials (SBOM) as a critical component for software security and supply chain risk management. It outlines SBOM's role as a nested inventory of software ingredients, discusses advancements since 2018 through multistakeholder efforts, and promotes adoption through community work and operationalization. The guide also touches upon Vulnerability Exploitability eXchange (VEX) documents as attestations for vulnerability impact. |
| 2026-04-17 2026 | About SLSA (spec v1.2) beginner | Framework for Supply-chain Levels for Software Artifacts (SLSA) v1.2 offers incrementally adoptable guidelines for supply chain security, aiding both software producers and consumers. It establishes a common vocabulary, provides methods to secure incoming supply chains by evaluating artifact trustworthiness, and includes checklists for improving software security, aligning with the Secure Software Development Framework (SSDF). SLSA addresses risks exposed by attacks like SolarWinds and Codecov, protecting against code modification and ensuring artifacts originate from expected build platforms, thereby increasing confidence in the integrity of software from source to binary. |
| 2026-04-17 2026 | What is a Software Bill of Materials (SBOM)? (Snyk) beginner | Library for generating and managing Software Bills of Materials (SBOMs), providing formal records of software components and their supply chain relationships. SBOMs enhance transparency, aid in vulnerability management, and support regulatory compliance, especially for software sold to the federal government as mandated by Executive Order 14028. Standards like SPDX, SWID, and OWASP CycloneDX are supported, enabling detailed analysis of dependencies, licenses, and potential exploits, complementing efforts like SLSA for supply chain integrity. → snyk.io |
| 2026-04-17 2026 | SBOM Literature Review (arXiv) news | Survey of Software Bill of Materials (SBOM) literature systematically reviews 40 studies on SBOMs for software supply chain security, identifying five key application areas: vulnerability management, transparency, component assessment, risk assessment, and integrity. Adoption barriers include generation tooling, data privacy, standardization issues with formats like SPDX and CycloneDX, and challenges with analysis and maintenance. The review maps these barriers to the ISO/IEC 25019:2023 Quality-in-Use model, highlighting deficiencies in trustworthiness and usability, and notes gaps in machine learning and software quality assurance applications. → arxiv.org |
| 2026-04-17 2026 | SBOM + SLSA: Accelerating SBOM success with SLSA intermediate | Library that uses Supply-chain Levels for Software Artifacts (SLSA) principles to enhance Software Bill of Materials (SBOM) accuracy and trustworthiness. By integrating SLSA's tamper-evident provenance data, generated during the build process, with SBOMs, this approach addresses limitations in traditional SBOM generation. This results in more complete and verifiable SBOMs, helping users identify affected components, trust the software's origin, and respond effectively to supply chain attacks, drawing parallels with food safety standards and leveraging tools like Sigstore and in-toto. |
| 2026-04-17 2026 | SLSA - Comprehensive Approach to Supply Chain Security (SBOM Observer) beginner | Framework SLSA offers a structured hierarchy of security practices for software supply chain fortification, building from fundamental component identification to hermetic sealing against tampering. When integrated with Software Bills of Materials (SBOMs), SLSA elevates transparency and mitigates risks by ensuring components are sourced, developed, and deployed securely, utilizing cryptographic signatures and trusted build environments like CI/CD. This comprehensive approach empowers organizations to dramatically reduce susceptibilities to cyberattacks and threats. |
| 2026-04-17 2026 | Understanding SBOM: Transparency & Security in Supply Chains (Cycode) beginner | Library for generating and managing Software Bills of Materials (SBOMs), serving as a detailed inventory of all software components, libraries, and dependencies. This resource aids in enhancing application security, mitigating supply chain risks, ensuring license compliance, and meeting regulatory mandates like Executive Order 14028. It supports automation for DevSecOps pipelines and facilitates faster incident response by providing transparency into software composition. |
| 2026-04-17 2026 | What We Know About the NPM Supply Chain Attack (Trend Micro) news | Library detailing the Shai-hulud worm's attack chain, which exploits compromised NPM maintainer accounts to inject malicious code into popular JavaScript packages. This worm self-propagates by hijacking web APIs, diverting cryptocurrency, stealing cloud service tokens, and deploying secret-scanning tools, impacting organizations across North America and Europe. → trendmicro.com |
| 2026-04-17 2026 | New Supply Chain Malware Operation Hits npm and PyPI news | Library of malware operations targeting npm and PyPI packages, including GlueStack for remote command execution and screenshotting, express-api-sync and system-health-sync-api for file deletion, and imad213 on PyPI for harvesting Instagram credentials. These attacks leverage compromised accounts and malicious code injection to steal information, sabotage systems, and exfiltrate data via covert channels like SMTP. → thehackernews.com |
| 2026-04-17 2026 | npm Supply Chain Attack: Debug, Chalk + 16 Packages Compromise (Upwind) news | Library compromised in an npm supply chain attack involving malicious versions of `debug`, `chalk`, and 16 other packages. The attacker used a phishing campaign, obtaining account credentials and a TOTP code via a fake 2FA reset email from `npmjs.help`. The malware, a browser-only script, targeted cryptocurrency wallets by intercepting `window.ethereum` calls and manipulating network responses using a Levenshtein algorithm, affecting Ethereum, Bitcoin, Litecoin, Tron, BCH, and Solana. |
| 2026-04-17 2026 | Malicious PyPI, npm, Ruby Packages Exposed (The Hacker News) news | Library updates on npm, PyPI, and Ruby pose significant supply chain risks, with malicious packages identified for draining cryptocurrency, erasing codebases, and exfiltrating Telegram API tokens. These threats include typosquatting attacks like "xlsx-to-json-lh" on npm and impersonating "colorama" on PyPI, alongside novel techniques such as "monkey patching" Solana key generation and injecting infostealers into PyTorch models. Vendors like Checkmarx, ReversingLabs, Safety, and Socket reported these findings, highlighting the exploitation of geopolitical events and the growing threat of AI-themed package abuse. → thehackernews.com |
| 2026-04-17 2026 | A Closer Look at Software Supply Chain Attacks 2025 (Xygeni) beginner | Tool for detecting software supply chain attacks; Xygeni's Malware Early Warning (MEW) identified malicious PyPI package `graphalgo` and npm package `express-cookie-parser`, both employing typosquatting, obfuscation via ZLib compression and Base64 encoding, a shared seed file URL, dynamic C2 resolution with a DGA, and persistence through startup scripts in Chrome user data directories. |
| 2026-04-17 2026 | The PyPI Supply Chain Attacks of 2025: What Python Engineers Should Learn beginner Python | The PyPI Supply Chain Attacks of 2025: What Python Engineers Should Learn |
| 2026-04-17 2026 | Securing software supply chain without slowing development beginner | Securing software supply chain without slowing development https://ift.tt/5YdRFCM → msn.com |
| 2026-04-17 2026 | Cyber threats for PV: What are supply chain attacks and how do they work beginner | Analysis of supply chain attacks targeting PV systems, which exploit trusted third-party vendors and components like inverter firmware and monitoring software. These attacks introduce malicious code through compromised updates or hardware, enabling unauthorized access, data exfiltration, and system manipulation. Defense strategies include strict vendor risk management, code signing, network segmentation, continuous monitoring, and asset management to mitigate the risks of compromised components and their widespread impact. |
| 2026-04-17 2026 | Second Open Source Plugin Hijack Raises Alarm Across WordPress Ecosystem - Open Source For You news | Library of techniques for securing open-source plugins, prompted by a recent supply-chain attack on WordPress, where a hijacked plugin was used to inject malicious code. This incident highlights vulnerabilities in ownership transfer processes and the need for rigorous code audits post-acquisition. Thousands of sites were exposed due to this attack, emphasizing the critical importance of robust security measures in open-source development and distribution. → opensourceforu.com |
| 2026-04-17 2026 | Securing software supply chain without slowing development beginner | Library for securing software supply chains, focusing on automation, visibility, and policy enforcement. It addresses risks from third-party code and open-source libraries, citing examples like the SolarWinds and British Airways attacks. Best practices include end-to-end dependency insight, custom policy definition, automated updates, continuous monitoring, and developer education. The library aims to enable secure innovation without slowing development, aligning with mandates like the EU's Digital Operational Resilience Act. |
| 2026-04-17 2026 | Securing the Software Supply Chain: How SentinelOne's AI EDR Autonomously Blocked the CPU-Z Watering Hole Cyber Attack beginner | Library detailing SentinelOne's AI EDR autonomous blocking of the CPU-Z watering hole attack. The attack involved trojanized download infrastructure and a reflective payload, CRYPTBASE.dll, employing XXTEA encryption and DEFLATE decompression, with STX RAT as the final payload delivering hidden VNC, credential theft, and a reverse proxy. The entry highlights behavioral detection's efficacy against supply chain compromises, anomalous API resolution, reflective code loading, suspicious memory allocation, process injection patterns, and heuristic shellcode signatures, noting attacker reuse of C2 infrastructure and STX RAT YARA rules from a previous FileZilla campaign. → sentinelone.com |
| 2026-04-17 2026 | Your Supply Chain Breach Is Someone Else's Payday news | Analysis of the TeamPCP supply chain attack reveals how a single stolen credential can lead to cascading compromises across multiple software ecosystems. The group injected credential-harvesting malware into LiteLLM and poisoned Checkmarx GitHub Actions, demonstrating how identity is the primary attack surface. This breach highlights risks beyond ransomware, including payroll redirection, freight rerouting, and extortion, underscoring the need for continuous, AI-augmented integrity verification and third-party due diligence. |
| 2026-04-16 2026 | Learnings from Recent npm Supply Chain Compromises - Datadog intermediate | Analysis of recent npm supply chain compromises, including the s1ngularity, Qix, and Shai-Hulud attacks, highlights critical vulnerabilities. Attackers exploited GitHub Actions pull_request_target triggers, phishing campaigns mimicking npm 2FA resets, and unrotated credentials to inject malicious code, steal secrets, and hijack cryptocurrency transactions. Specific malware like telemetry.js and crypto-stealing scripts were deployed across hundreds of compromised npm packages. The analysis emphasizes the need for hardened CI/CD workflows, immediate credential rotation, MFA, and fine-grained access tokens to mitigate these widespread risks. → securitylabs.datadoghq.com |
| 2026-04-16 2026 | Inside the Axios Supply Chain Compromise - Elastic Security Labs intermediate | Analysis of the Axios supply chain compromise details how a maintainer account compromise led to malicious versions of the popular Axios npm package (versions 1.14.1 and 0.30.4) being published. These versions delivered cross-platform Remote Access Trojans (RATs) for macOS, Windows, and Linux via a backdoor in the `plain-crypto-js` dependency's `postinstall` hook. The RATs shared an identical C2 protocol, command set, and beacon cadence, employing an anachronistic IE8 user-agent for network communication. The dropper also performed anti-forensic cleanup by deleting itself and swapping its `package.json`. |
| 2026-04-16 2026 | Lockfile Poisoning: Introducing Malware in Supply Chain - SafeDep intermediate | Tool for detecting Lockfile Poisoning attacks targeting the npm ecosystem. This technique exploits the cognitive load of reviewing auto-generated `package-lock.json` files to introduce malware by tampering with artifact URLs or adding malicious entries. The `vet` tool verifies package source URLs against trusted registries and checks for inconsistencies to prevent such supply chain compromises. |
| 2026-04-16 2026 | Shai-Hulud 2.0: Most Aggressive NPM Supply Chain Attack of 2025 - Check Point news | Writeup of Shai-Hulud 2.0, an aggressive npm supply chain attack targeting developers. The campaign, active in November 2025, compromised hundreds of npm packages and thousands of GitHub repositories, exfiltrating multi-cloud and developer credentials like GitHub access tokens, AWS, GCP, and Azure credentials. Attackers utilized npm's preinstall lifecycle script and the Bun runtime for evasion, exfiltrating data to GitHub repositories. The attack demonstrated a significant escalation from dependency compromise to multi-cloud access and CI/CD infiltration. |
| 2026-04-16 2026 | Supply Chain Security: Sigstore and Cosign - GitGuardian beginner | Library for signing and verifying container images using Sigstore's Cosign. This resource details Sigstore, a suite of tools designed to secure software supply chains by ensuring software integrity. It focuses on Cosign, a tool for signing artifacts within OCI registries, utilizing features like hardware and KMS signing, and integration with Kubernetes Secrets. The library allows users to generate key pairs, sign images by digest, and verify signatures against a provided public key, addressing the challenges of managing and integrating cryptographic signing into CI/CD workflows. → blog.gitguardian.com |
| 2026-04-16 2026 | GuardDog: CLI Tool to Identify Malicious PyPI and npm Packages beginner | Tool for identifying malicious PyPI and npm packages, Go modules, RubyGems, GitHub actions, and VSCode extensions. GuardDog leverages Semgrep rules and metadata heuristics to scan package source code and metadata. It supports scanning local or remote packages and custom rule creation using Semgrep or Yara formats. Integration with GitHub Actions is facilitated through SARIF output for code scanning. |
| 2026-04-16 2026 | tj-actions Supply Chain Attack (CVE-2025-30066) - Sysdig news | Writeup detailing the tj-actions/changed-files supply chain attack (CVE-2025-30066), where a malicious Node.js function was injected to steal GitHub Runner credentials via memory scanning and exfiltration. The writeup covers the attack mechanics, affected repositories, and detection strategies using Falco rules and Sysdig Secure runtime monitoring, emphasizing the need to rotate secrets in affected public and private repositories. |
| 2026-04-16 2026 | tj-actions/changed-files Compromised - Semgrep news | Semgrep rule for detecting compromised GitHub Actions, specifically targeting `tj-actions/changed-files` and `reviewdog/action-setup@v1`. This action, `tj-actions/changed-files`, was previously compromised and may have leaked secrets. The rule helps identify usages of these actions within CI pipelines, enabling prompt remediation and security audits. Users can run this rule locally or within the Semgrep AppSec Platform in blocking mode to prevent further compromise. |
| 2026-04-16 2026 | Most Notable Supply Chain Attacks of 2025 - Kaspersky news | Survey of notable supply chain attacks in 2025, detailing incidents including a RAT in DogWifTools, the US$1.5 billion Bybit heist via Safe{Wallet}, a GitHub Actions compromise targeting Coinbase, backdoors in 21 Magento extensions, ransomware distributed through an MSP exploiting SimpleHelp, injected malicious code in Gluestack npm packages, phishing attacks on npm package maintainers, and the s1ngularity attack on the Nx build system. |
| 2026-04-16 2026 | GitHub Actions Supply Chain Attacks: tj-actions and reviewdog - Hunters news | Analysis of CVE-2025-30066 and CVE-2025-30154 details a CI/CD supply-chain attack targeting GitHub Actions, specifically impacting tj-actions/changed-files and reviewdog/action-setup. Threat actors injected malicious code to exfiltrate secrets by logging them, leveraging unauthorized modifications to repository tags to redirect users to compromised commits. This attack, potentially originating against Coinbase, evolved into a broader campaign, highlighting risks in CI/CD security and necessitating actions like ceasing usage of affected actions and rotating secrets. |
| 2026-04-16 2026 | Supply Chain Cyber Attacks Surge as EU Breach Exposes Weaknesses news | Analysis of supply chain cyber attacks highlights increasing threats via compromised open-source tools like Trivy. Attacks leverage misconfigured GitHub Actions and exploit trust in legitimate update channels to infiltrate cloud systems, harvest credentials, and exfiltrate data. The European Commission breach, affecting multiple EU websites and Union entities, exemplifies how vulnerabilities in components like Trivy can cascade, impacting tens of thousands of repositories and exposing sensitive customer information. |
| 2026-04-16 2026 | Axios Supply Chain Attack Hits OpenAI: Users Urged to Update macOS Certificates news | Axios Supply Chain Attack Hits OpenAI: Users Urged to Update macOS Certificates https://ift.tt/3IP51Bc |
| 2026-04-16 2026 | Defending Supply Chains Software Pipelines Against Nation-State Compromise intermediate | Defending Supply Chains, Software Pipelines Against Nation-State Compromise https://ift.tt/erOhXZ7 |
| 2026-04-16 2026 | Supply chain dependencies: Have you checked your blind spot? beginner | Survey of supply chain cyber risks, highlighting blind spots such as indirect vendor vulnerabilities, compromised software components, and reliance on single vendors. The analysis cites incidents like the 2023 3CX compromise, the 2024 CDK and Change Healthcare ransomware attacks, the 2025 Jaguar Land Rover ransomware attack, and the July 2024 faulty CrowdStrike update to illustrate how disruptions can cascade, impacting businesses, economies, and national security. |
| 2026-04-16 2026 | Over 25K systems exposed by adware app to supply chain compromise news | Library for identifying supply chain risks, exemplified by the Dragon Boss Solutions adware compromise. This adware exposed over 25,000 systems through an unsecured update channel, allowing attackers to push malicious payloads with SYSTEM privileges. The vulnerability was exploitable for approximately $10, and impacted numerous entities including educational institutions, operational technology networks, government organizations, and healthcare institutions globally, with a significant concentration in the U.S. → scworld.com |
| 2026-04-16 2026 | Why Software Supply Chain Security Requires a New Playbook beginner | Library providing techniques for securing software supply chains, addressing risks from malicious dependencies like typosquatting packages, compromised trusted components, and insecure CI/CD pipelines. It advocates for an integrity-driven development approach, shifting from reactive defense to proactive prevention by controlling entry into development environments, verifying code integrity, minimizing access, and real-time monitoring, effectively treating software delivery as a security process. → sonatype.com |
| 2026-04-16 2026 | OpenAI Revokes macOS Signing Certificate After Axios Supply-Chain Attack news | OpenAI Revokes macOS Signing Certificate After Axios Supply-Chain Attack https://ift.tt/E3RXm9G → letsdatascience.com |
| 2026-04-15 2026 | Supply-chain attacks against open source projects could have incredible impact beginner | Analysis of supply-chain attacks targeting open-source security scanners like Trivy, LiteLLM, and Telnyx, where attackers inject credential-stealing malware through GitHub Actions and container images. This compromises development pipelines, impacting thousands of organizations and potentially millions of users. Recommended mitigation includes waiting a week before adopting new open-source packages and implementing review processes to scan for backdoors. |
| 2026-04-15 2026 | GitHub Actions Supply Chain Attack: Trivy Breach & Workflow news | Library detailing the GitHub Actions supply chain attack targeting the Trivy security scanner, where attackers leveraged misconfigured workflows and compromised credentials. This campaign, initially led by Hackerbot-claw and later by the TeamPCP group, resulted in code execution, token exfiltration, malicious artifact injection into Trivy's VSCode extension, and force-pushing of version tags. The attacks later expanded to compromise NPM packages and the Checkmarx AST GitHub Action, highlighting the pervasive risks of insecure CI/CD pipelines. → securityboulevard.com |
| 2026-04-15 2026 | The Future Of GitHub Actions Security And What You Can Do Right Now intermediate | Library for securing GitHub Actions, focusing on proactive measures and current realities. It addresses GitHub's evolving roadmap toward deterministic workflow dependencies, centralized execution policy, and tighter secret scoping. The library helps organizations manage the immediate risks of scattered secrets and compromised automation layers, providing visibility, detection, and remediation for existing environments before platform-level controls are fully implemented. → blog.gitguardian.com |
| 2026-04-15 2026 | Someone bought 30 WordPress plugins and planted backdoors in all of them news | Library detailing the compromise of 30+ WordPress plugins (Essential Plugin portfolio) and Smart Slider 3 Pro via supply chain attacks. The Essential Plugin attack involved purchasing plugins on Flippa, injecting a PHP deserialization backdoor, and activating it to serve SEO spam exclusively to Googlebot. Smart Slider 3 Pro was compromised through its update infrastructure. Both incidents highlight WordPress's lack of mechanisms for reviewing plugin ownership transfers and requiring code signing for updates. |
| 2026-04-15 2026 | 25000 Endpoints Exposed by Dragon Boss Solutions Update Domain Supply Chain Attack news | Analysis of a Dragon Boss Solutions LLC domain supply chain attack exposing 25,000 endpoints, detailing how signed software used Advanced Installer and MSI/PowerShell payloads, including the `ClockRemoval.ps1` script to disable antivirus and prevent reinstallation by modifying hosts files and Windows Defender exclusions. The attack's scale was revealed when the unregistered update domain, `chromsterabrowser[.]com`, allowed attackers to control infected systems, impacting universities, critical infrastructure, and Fortune 500 companies. → cybersecuritynews.com |
| 2026-04-15 2026 | NetRise Highlights Software Supply Chain Risk and Showcases Provenance at VulnCon news | NetRise Highlights Software Supply Chain Risk and Showcases Provenance at VulnCon https://ift.tt/oecaP7C → tipranks.com |
| 2026-04-15 2026 | OpenAI Rotates macOS Certificates After Axios Supply Chain Attack news | Analysis of OpenAI's response to a supply chain attack targeting the Axios npm package, attributed to a North Korea-linked actor. This incident led to OpenAI rotating its macOS code signing certificates to mitigate risks after a GitHub Actions workflow was compromised. Users of ChatGPT Desktop, Codex, and Atlas applications must update by May 8, 2026, as older versions will cease functioning due to certificate revocation. The attack highlights the vulnerability of dependency management, specifically referencing misconfigurations in pinning package versions. |
| 2026-04-14 2026 | WordPress Supply Chain Attack Hits Thousands of Sites news | Library of WordPress plugins compromised in a supply chain attack, impacting thousands of sites. Attackers leveraged ownership changes of popular extensions to inject backdoors, creating vulnerabilities for data theft and full site control. The incident highlights systemic risks in the open-source ecosystem, emphasizing the need for better plugin governance and transparency in acquisition practices, similar to the SolarWinds breach's impact on enterprise networks. |
| 2026-04-14 2026 | CPUID Supply Chain Attack: STX RAT Malware Distributed via Trojanized CPU-Z and HWMonitor Downloads news | Writeup of the CPUID supply chain attack, detailing how attackers compromised the official website for HWMonitor and CPU-Z, distributing trojanized installers via Cloudflare R2. This attack leveraged DLL sideloading with a malicious cryptbase.dll to execute a five-stage in-memory attack chain, ultimately deploying STX RAT, a remote access trojan capable of stealing credentials, session cookies, and crypto wallet keys. The incident highlights the risks of compromised download channels, affecting global users across various sectors. → rescana.com |
| 2026-04-14 2026 | You Don't Have to Be Hacked to Be Compromised beginner | Analysis of the widespread impact of the Axios JavaScript library compromise by North Korean threat actor UNC1069, highlighting how compromised developer accounts and backdoored packages like WAVESHAPER.V2 demonstrate significant software supply chain risk. This incident underscores the business imperative for robust third-party risk management, including Software Composition Analysis, dependency integrity validation, and comprehensive incident response planning for supply chain scenarios. |
| 2026-04-14 2026 | Trojan Malware Dominates as Supply Chain Attacks Escalate news | Library for detecting trojan malware and supply chain attacks, detailing incidents like SANDWORM_MODE's data harvesting and spreading, the Trivy/LiteLLM campaign abusing trusted tools, and the axios compromise exploiting transitive dependencies. It highlights the escalating trend of attackers injecting malicious code through seemingly legitimate open-source packages and trusted release channels, emphasizing the need for vigilance beyond package names to protect developer and CI environments from credential theft and further compromise. |
| 2026-04-14 2026 | OpenAI Impacted by North Korea-Linked Axios Supply Chain Hack Rotates Security Certificates news | Library compromise impacting OpenAI, where North Korea-linked actors poisoned the Axios JavaScript library on NPM. Malicious versions deployed a RAT, affecting OpenAI's macOS application signing workflow and exposing code-signing certificates. OpenAI rotated certificates and stated no user data or intellectual property was compromised, though older macOS applications will lose support. → cxodigitalpulse.com |
| 2026-04-13 2026 | OpenAIs Mac apps needs an update thanks to the Axios hack news | Library update requiring macOS users to install the latest versions due to a supply-chain attack on the Axios JavaScript library. A North Korean hacking group (UNC1069) injected malware into Axios after compromising its lead maintainer's accounts, impacting downstream software through millions of weekly downloads. OpenAI treated its signing certificate as compromised due to a misconfiguration in its GitHub workflow, even though no evidence suggests user data access or code alteration. → cyberscoop.com |
| 2026-04-13 2026 | OpenAIs macOS app-signing process hit by axios supply chain attack news | Analysis of the axios supply chain attack impacting OpenAI's macOS app-signing process, where malicious versions [email protected] and [email protected] were published to npm, leading to a remote access trojan installation. OpenAI's GitHub Actions workflow for signing apps like ChatGPT Desktop, Codex, and Atlas automatically downloaded the compromised axios 1.14.1, prompting certificate revocation and rotation. The incident highlights risks from misconfigured workflows and a widespread dependency like axios, affecting numerous cloud and code environments. → scworld.com |
| 2026-04-13 2026 | OpenAI rotates macOS certs after Axios attack hit code-signing workflow news | Library for securing applications against supply chain attacks, exemplified by OpenAI's response to a malicious Axios package compromising its GitHub Actions workflow. This incident, linked to UNC1069, led to the rotation of macOS code-signing certificates used for ChatGPT Desktop, Codex, and Atlas to prevent potential misuse of the signing key for distributing malware. OpenAI's investigation found no evidence of compromised certificates or user data, but users must update macOS applications to versions signed with new certificates before May 8, 2026, to avoid functionality loss. → bleepingcomputer.com |
| 2026-04-13 2026 | Distributed Risk: Open-Source Software as Strategic Infrastructure beginner | Analysis of distributed risk highlights how open-source software is strategic infrastructure, vulnerable to upstream compromise attacks like the XZ Utils incident and the Axios package compromise. This "capture, poison, exploit" (CPE) framework details how malicious actors can manipulate project governance, poison distribution channels like npm and PyPI, or exploit known weaknesses such as Log4Shell in unpatched systems, leading to widespread downstream exposure and geopolitical leverage. |
| 2026-04-13 2026 | Axios Breach Fallout: OpenAI's MacOS App Updates Explained news | Library updates address a supply chain attack that compromised the Axios JavaScript library, leading to a potential remote access trojan threat and exploited GitHub Actions workflows targeting OpenAI's macOS applications. OpenAI has rotated its macOS code signing certificate, released new versions of ChatGPT Desktop, Codex App, Codex CLI, and Atlas, and is revoking support for older, vulnerable versions to prevent credential misuse and the distribution of counterfeit software signed with compromised certificates. |
| 2026-04-13 2026 | OpenAI Impacted by North Korea-Linked Axios Supply Chain Hack news | Writeup detailing the Axios supply chain attack, where malicious NPM packages of the popular JavaScript HTTP client were distributed by North Korea-linked hackers. OpenAI was impacted, with a GitHub Actions workflow for macOS app-signing inadvertently downloading and executing a compromised Axios version. While OpenAI believes its macOS signing certificate was not compromised, they are revoking and rotating it as a precaution against potential code signing abuses. Evidence suggests widespread impact, with malicious versions seen in multiple environments. → securityweek.com |
| 2026-04-13 2026 | OpenAI Flags Supply Chain Attack Risk Urges macOS Users news | Library compromise highlights software supply chain risks, as North Korean threat actors are believed to have tampered with the Axios developer tool. This impacted OpenAI's GitHub Actions workflow, which accessed code-signing materials for macOS applications. OpenAI urges users to update ChatGPT Desktop and related tools to the latest versions by May 8 to mitigate potential threats, though investigations found no evidence of user data access or system breaches. |
| 2026-04-13 2026 | OpenAI Revokes macOS App Certificate After Malicious Axios Supply Chain Incident news | Writeup detailing the OpenAI macOS app certificate revocation following a supply chain incident involving the malicious Axios library, which was poisoned by UNC104 and delivered a WAVESHAPER.V2 backdoor. The incident, alongside another targeting Trivy and leading to the deployment of the SANDCLOCK credential stealer and CanisterWorm, highlights widespread risks to open-source ecosystems and cloud environments, with vendors like CrowdStrike, Microsoft, and Trend Micro analyzing related campaigns such as CVE-2026-33634. → thehackernews.com |
| 2026-04-13 2026 | Axios npm Supply Chain Attack Triggers Security Fixes news | Analysis of the Axios npm supply chain attack, linked to North Korea's Lazarus Group (UNC1069), details OpenAI's exposure through a GitHub Actions workflow misconfiguration. The incident involved a malicious version of Axios (v1.14.1) used in OpenAI's macOS app-signing process. OpenAI responded by rotating code-signing certificates, requiring users to update macOS applications, and coordinating with Apple to block notarization attempts with the old certificate. → thecyberexpress.com |
| 2026-04-12 2026 | OpenAI Rotates macOS App Certificates After Axios Supply-Chain Attack Says No User Data Was Breached news | Library for detecting and mitigating supply-chain attacks, exemplified by the Axios vulnerability (version 1.14.1) impacting OpenAI's macOS applications. This resource addresses how compromised third-party developer tools can lead to certificate rotation and requires users to update applications like ChatGPT Desktop, Codex, and Atlas. The incident highlights risks to CI/CD pipelines and code-signing systems, a growing trend where attackers target developer infrastructure rather than end-users directly. |
| 2026-04-12 2026 | Hackers Exploit GitHub Copilot Flaw to Exfiltrate Sensitive Data news | Writeup of CVE-2025-59145, the "CamoLeak" vulnerability impacting GitHub Copilot Chat, which allowed attackers to exfiltrate sensitive data like API keys and source code. The exploit weaponized hidden markdown comments within pull requests, manipulating Copilot into searching the codebase and encoding findings in base16. This encoded data was then embedded into pre-signed image addresses, bypassing Content Security Policy and network egress controls by routing outbound traffic through GitHub's trusted infrastructure. The attack chain highlights the risks of AI assistants with deep system access. → cybersecuritynews.com |
| 2026-04-12 2026 | OpenAI identifies security issue involving third-party tool says user data was not accessed news | Writeup of a software supply chain attack affecting OpenAI, where a compromised third-party tool, Axios, was downloaded via a misconfigured GitHub Actions workflow. The attack attempted to exfiltrate a signing certificate for macOS applications like ChatGPT Desktop, Codex, and Atlas, but OpenAI's analysis indicates the certificate was likely not compromised. User data, API keys, and passwords remained unaffected. OpenAI is updating security certifications and requiring users to update macOS apps. |
| 2026-04-11 2026 | OpenAI Issues Urgent Warning: macOS Users Must Update ChatGPT & Codex Immediately news | OpenAI Issues Urgent Warning: macOS Users Must Update ChatGPT & Codex Immediately https://ift.tt/ekBf2XK |
| 2026-04-11 2026 | OpenAI Flags ChatGPT Desktop Security Issue After Attack news | Library update highlights supply chain risks in Axios compromise, impacting OpenAI's ChatGPT Desktop and other tools by leveraging malicious code injection via GitHub workflows. This incident forced OpenAI to revoke and replace security certificates, underscoring the need for robust app verification to prevent fake applications. Separately, Google's Pentagon deal for AI integration into classified networks, unlike Anthropic's refusal due to concerns over autonomous weapons and domestic surveillance, raises questions about safeguards and employee dissent within AI firms. |
| 2026-04-11 2026 | DPRK Threat Actor Compromises Axios NPM Package news | Library that analyzes a North Korea-nexus threat actor's compromise of the popular "axios" NPM package. The attacker introduced a malicious dependency, "plain-crypto-js," which acted as an obfuscated dropper for the WAVESHAPER.V2 backdoor across Windows, macOS, and Linux. The dropper uses `postinstall` hooks and OS-specific techniques involving PowerShell, curl, and bash to download and execute platform payloads, aiming for reconnaissance and command execution. GTIG attributes this to financially motivated UNC1069, noting infrastructure overlaps and the evolution of the WAVESHAPER backdoor. → cloud.google.com |
| 2026-04-11 2026 | 16 Minutes to Impact: npm crypto-draining malware news | Library for detecting and mitigating npm supply chain compromises, detailing a September 2025 incident where attackers leveraged phishing to inject cryptocurrency-draining malware into popular JavaScript packages like 'chalk'. The malware intercepted browser traffic and manipulated wallet transactions, highlighting risks to crypto businesses and applications. It also details malware capabilities such as multi-chain targeting, real-time address manipulation, and stealth features designed to evade detection. |
| 2026-04-11 2026 | Widespread npm Supply Chain Attack: Billions at Risk news | Analysis of a widespread npm supply chain attack targeting 18 popular packages, including debug, chalk, and ansi-styles, which are downloaded billions of times weekly. The attack, initiated via phishing and account compromise, injected crypto-stealing malware designed to hijack cryptocurrency transactions by imperceptibly altering destination addresses before user signing. This incident highlights the critical risks inherent in the open-source software supply chain, emphasizing the need for robust security measures to prevent malicious code propagation within development pipelines and cloud environments. → paloaltonetworks.com |
| 2026-04-11 2026 | npm Supply Chain Attack: debug, chalk, and Beyond news | Library for detecting and mitigating widespread npm supply chain attacks, specifically detailing the debug/chalk incident. This resource unpacks how malicious versions of popular packages, including debug and chalk, were distributed and bundled into frontend applications. The attack hijacks browser network and wallet APIs to silently rewrite cryptocurrency recipients and approvals, diverting transactions to attacker-controlled wallets. It highlights the rapid propagation through CI/CD pipelines and the scope beyond initial reports, emphasizing the need for ongoing vigilance and registry updates. → wiz.io |
| 2026-04-11 2026 | The Nx s1ngularity Attack: Inside the Credential Leak news | Tool for scanning local environments for compromise from the Nx s1ngularity supply chain attack. It detects leaked credentials, including GitHub tokens, npm keys, SSH private keys, API keys, and cryptocurrency wallet files, and checks for exploitation of LLM client configuration files for tools like Claude and Gemini. The tool also provides a privacy-preserving service to check if specific secrets were exfiltrated. → blog.gitguardian.com |
| 2026-04-11 2026 | s1ngularity: Nx supply chain attack leaks secrets news | Writeup of the s1ngularity Nx supply chain attack, detailing how malicious Nx build system npm packages led to the exfiltration of sensitive developer assets like cryptocurrency wallets, GitHub tokens, and SSH keys. The attack leveraged AI CLI tools for reconnaissance and initially exfiltrated data to attacker-controlled GitHub repositories, which were later disabled by GitHub. A subsequent phase involved using leaked GitHub tokens to publicly expose over 5500 private repositories. The compromise was attributed to a flawed GitHub Actions workflow using `pull_request_target` with unsanitized pull request titles, granting arbitrary command execution and elevated permissions. → wiz.io |
| 2026-04-11 2026 | CISA 2025 Minimum Elements for SBOM beginner | Guidance on CISA's 2025 Minimum Elements for Software Bill of Materials (SBOM) seeks public comment to update the 2021 NTIA SBOM Minimum Elements. This revised guidance enhances software transparency and supply chain security by providing a detailed inventory of software components, enabling better risk management and vulnerability identification. It emphasizes machine-processable formats for scalable implementation and integration into cybersecurity practices, with comments due by October 3, 2025, via the Federal Register. |
| 2026-04-11 2026 | SLSA 3 Compliance with GitHub Actions and Sigstore intermediate | Library for achieving SLSA 3 compliance, integrating GitHub Actions with Sigstore's Cosign, Fulcio, and Rekor. This solution automates the generation of non-forgeable build provenance for Go projects, enabling verification of software authenticity and build origins. It addresses supply chain security concerns highlighted by incidents like Log4j and Solarwinds, allowing users to audit and replicate builds without managing their own signing keys. → github.blog |
| 2026-04-11 2026 | cosign Verification of npm Provenance and GitHub Attestations intermediate | Library for verifying npm provenance, GitHub Artifact Attestations, and Homebrew provenance using the cosign v2.4.0 release. It demonstrates how to verify artifacts by retrieving bundles containing signed attestations and applying verification policies via command-line flags. The library supports verifying public and private GitHub repositories, and also integrates with Homebrew's provenance. |
| 2026-04-11 2026 | Securing CI/CD After tj-actions and reviewdog Attacks beginner | Guide detailing security hardening for GitHub Actions workflows following the tj-actions/changed-files and reviewdog/action-setup supply chain attacks. It explains the chained exploitation, tag redirection, and log-based exfiltration techniques used by attackers, emphasizing the dangers of mutable tags, unprotected secrets, and overly broad access controls. The guide offers a defense-in-depth blueprint including pinning to commit SHAs, enforcing MFA, enabling tag protection, avoiding persistent credentials, and implementing runtime monitoring to secure CI/CD pipelines. |
| 2026-04-11 2026 | GitHub Actions Supply Chain Attack: Coinbase to tj-actions news | Writeup of a GitHub Actions supply chain attack, detailing how attackers compromised tj-actions/changed-files and reviewdog/action-setup. This multi-layered attack initially targeted Coinbase's open-source project agentkit before escalating to impact thousands of repositories by injecting malicious payloads that leaked CI/CD runner secrets and credentials. The analysis highlights abuse of third-party actions and dependencies, emphasizing the need for detection and prevention steps for consumers and maintainers. → unit42.paloaltonetworks.com |
| 2026-04-11 2026 | tj-actions/changed-files supply chain attack news | Library update detailing a supply chain attack on the tj-actions/changed-files GitHub Action, leading to CVE-2025-30066. The compromise involved a malicious payload that leaked secrets from affected repositories into workflow logs, including AWS access keys, GitHub PATs, and private RSA keys. Mitigation steps include stopping usage of the affected action, rotating leaked secrets, pinning actions to commit hashes, and utilizing GitHub's allow-listing features. The attack vector likely involved compromising a GitHub personal access token. → wiz.io |
| 2026-04-11 2026 | tj-actions/changed-files compromise (CVE-2025-30066) news | Alert detailing a supply chain compromise affecting the tj-actions/changed-files GitHub Action (CVE-2025-30066). This vulnerability, potentially linked to a reviewdog/action-setup@v1 compromise (CVE-2025-30154), allowed for the disclosure of secrets such as access keys, PATs, npm tokens, and private RSA keys. CISA urges users to audit repositories, rotate compromised secrets, and update to patched versions to mitigate this risk. |
| 2026-04-11 2026 | XZ Backdoor CVE-2024-3094 - JFrog news | Analysis of CVE-2024-3094 details a sophisticated supply chain attack on XZ Utils, versions 5.6.0 and 5.6.1, which allowed unauthorized remote SSH access. The malicious payload, injected into the OpenSSH server (SSHD), modified decryption routines using ChaCha20 and Ed448 signatures to enable attackers with a specific private key to execute arbitrary commands or bypass authentication. The article outlines detection methods, remediation steps including downgrading and system restarts, and a kill switch, along with JFrog OSS tools for vulnerability scanning. |
| 2026-04-11 2026 | xz Backdoor CVE-2024-3094 - OpenSSF news | Writeup on CVE-2024-3094, detailing a sophisticated backdoor inserted into xz/liblzma versions 5.6.0 and 5.6.1. The backdoor was obfuscated within distribution tarballs, targeting RPM or DEB packages for x86-64 architecture built with gcc and the gnu linker, with the potential to break sshd authentication. The OpenSSF highlights how community vigilance and the paced release process of Linux distributions helped contain the impact, while emphasizing ongoing efforts to secure the open source supply chain. |
| 2026-04-11 2026 | XZ Utils backdoor (CVE-2024-3094) overview beginner | Reference to CVE-2024-3094 details a significant backdoor discovered in xz-utils versions 5.6.0 and 5.6.1, impacting the sshd binary and enabling remote code execution. The article curates high-quality external analyses, OSINT reports, and technical breakdowns, including information on its distribution across Fedora, Debian, Kali, and Arch Linux. It also provides historical context, referencing past supply chain attack attempts on open-source software dating back to Ken Thompson's work. → securitylabs.datadoghq.com |
| 2026-04-11 2026 | Ultralytics PyPI package delivers coinminer news | Library compromise of Ultralytics PyPI package: Malicious versions 8.3.41, 8.3.42, 8.3.45, and 8.3.46 distributed an XMRig coinminer by exploiting a GitHub Actions script injection. This allowed attackers to execute arbitrary code, leading to multiple releases containing downloader code in __init__.py. The initial compromise involved crafted pull requests to inject malicious payloads, with subsequent malicious versions published due to maintainers not fully locating the breach. This supply chain attack had a significant potential impact due to Ultralytics' widespread adoption. → reversinglabs.com |
| 2026-04-11 2026 | Supply-chain attack analysis: Ultralytics beginner | Analysis of the Ultralytics supply-chain attack details how compromised GitHub Actions and PyPI API tokens led to malicious code injection in versions 8.3.41, 8.3.42, 8.3.45, and 8.3.46. The incident highlights the importance of securing build workflows, the use of Sigstore transparency logs, and PyPI provenance attestations for detecting and preventing future attacks. Recommendations include revoking unused API tokens, configuring GitHub Environments, and publishers auditing workflows for insecure patterns like `pull_request_target`, pinning dependencies, utilizing Trusted Publishers, and avoiding committing binary files. |
| 2026-04-11 2026 | GitLab discovers widespread npm supply chain attack news | Library for detecting and analyzing the "Shai-Hulud" npm supply chain attack, which uses a destructive malware variant. The malware harvests credentials from GitHub, npm, AWS, GCP, and Azure, exfiltrates data, and propagates by infecting other packages. It features a "dead man's switch" that triggers data destruction if its propagation and exfiltration channels are severed, employing techniques like multi-stage loading, credential harvesting, and automated package republishing. |
| 2026-04-11 2026 | Shai-Hulud: Self-Replicating Worm Compromises 500+ NPM Packages news | Library for detecting and analyzing the Shai-Hulud worm, which compromised over 500 NPM packages including @ctrl/tinycolor. This attack featured self-propagation via `NpmModule.updatePackage`, credential harvesting using TruffleHog and cloud SDKs for AWS, GCP, and Azure, and persistence mechanisms involving GitHub Actions workflows. The malware specifically targeted Linux and macOS environments, exfiltrating secrets like GitHub tokens and AWS access keys. → stepsecurity.io |
| 2026-04-11 2026 | Shai-Hulud npm supply chain attack overview news | Writeup on the Shai-hulud npm supply chain attack, a self-replicating worm that compromises npm accounts to infect legitimate packages. This malware inserts malicious code into packages, spreading via `postinstall` scripts, and exfiltrates cloud service tokens (npm, GitHub, AWS, GCP) by installing TruffleHog and targeting specific secrets. The worm also attempts to exfiltrate GitHub tokens via malicious workflows and convert private repositories to public, impacting popular packages like ngx-bootstrap and ng2-file-upload. → reversinglabs.com |
| 2026-04-11 2026 | Shai-Hulud Worm Compromises npm Ecosystem news | Analysis of the Shai-Hulud 2.0 npm worm details its aggressive propagation through pre-install execution, bypassing static analysis. This campaign targets GitHub repositories, stealing credentials for AWS, GCP, and Azure, exfiltrating them to public GitHub repositories, and even attempting to destroy home directories as a fallback. The worm also automates its spread by injecting malicious code into other packages maintained by compromised developers, potentially crippling CI/CD pipelines and leading to significant cloud service compromises. LLMs may have assisted in generating its obfuscated payload. → unit42.paloaltonetworks.com |
| 2026-04-11 2026 | Shai-Hulud 2.0: 25K+ Repos Exposed news | Shai-Hulud 2.0: 25K+ Repos Exposed → wiz.io |
| 2026-04-11 2026 | Shai-Hulud 2.0: Detection and Defense Guidance intermediate | Library providing detection and defense guidance for the Shai-Hulud 2.0 supply chain attack, which compromised numerous npm packages via preinstall scripts and stole credentials using tools like TruffleHog. It details attack propagation paths, the use of fake personas like "Linus Torvalds," and offers mitigation strategies including credential rotation, CI/CD isolation, and leveraging Microsoft Defender for its code scanning, posture management, and runtime anomaly detection capabilities. → microsoft.com |
| 2026-04-11 2026 | Shai-Hulud 2.0 npm worm: analysis intermediate | Analysis of Shai-Hulud 2.0, a self-replicating npm worm that backdoored 796 packages, reveals its sophisticated credential-stealing payload. This worm utilizes the Bun JavaScript runtime to evade detection, harvests credentials from local filesystems and cloud environments (AWS, Google Cloud, Azure) using techniques like `trufflehog` and accessing instance metadata services, and exfiltrates them to public GitHub repositories. It self-propagates by injecting malicious files like `setup_bun.js` and `bun_environment.js` into other npm packages, and can also establish GitHub self-hosted runners for remote code execution via vulnerable GitHub Actions. → securitylabs.datadoghq.com |
| 2026-04-11 2026 | Two different attackers poisoned popular open source tools - and showed us the future of supply chain compromise news | Analysis of supply chain compromise via attacks on Trivy and Axios, demonstrating the future of malware delivery. Attackers leveraged vulnerabilities in open source tools, including a vulnerability scanner and a JavaScript library, to steal secrets and plant backdoors. These incidents highlight the growing threat of sophisticated social engineering and the potential for AI-driven attacks to target developer environments and compromise tens of thousands of organizations. → theregister.com |
| 2026-04-11 2026 | Mac ChatGPT App Gets Urgent Security Update After Supply Chain Threat news | Mac ChatGPT App Gets Urgent Security Update After Supply Chain Threat https://ift.tt/mp4TwQ6 |
| 2026-04-11 2026 | CrowdStrike: Stolen credentials used in Axios npm supply chain attack news | Analysis of the Axios npm supply chain attack, where stolen maintainer credentials were used to inject ZshBucket malware variants across Linux, macOS, and Windows. The attack, attributed by CrowdStrike to Stardust Chollima, demonstrates enhanced malware capabilities including data exfiltration, remote command execution, and a unified JSON-based communication protocol. This incident highlights the significant risk posed by compromised open-source libraries to software supply chains. |
| 2026-04-11 2026 | The Scanner Was the Weapon: 36 Months of Precision Supply Chain Attacks Against DevSecOps Infrastructure advanced | Library detailing 36 months of precision supply chain attacks, highlighting compromises of DevSecOps tools like vulnerability scanners and CI/CD pipelines. It examines the XZ Utils backdoor (CVE-2024-3094), the reviewdog GitHub Actions compromise (CVE-2025-30066 / CVE-2025-30154), and the multi-stage infostealer targeting Aqua Security's Trivy. The analysis reveals attacker sophistication in targeting trusted software, leveraging build-time injection and automated trust exploitation. |
| 2026-04-10 2026 | Crushing the Axios supply chain threat with Tenable Hexa AI: Use cases for agentic AI intermediate | Tool for detecting and mitigating the Axios npm supply chain attack. Tenable Hexa AI, an agentic engine, automates scan configuration, identifies impacted assets, and prioritizes remediation, mirroring workflows applicable to emerging threats like CVEs or zero-days. Specific remediation steps for Axios include downgrading to safe versions, removing phantom dependencies, and rotating secrets. → securityboulevard.com |
| 2026-04-10 2026 | Supply chain attack at CPUID pushes malware with CPU-Z/HWMonitor news | Library for analyzing supply chain attacks, specifically detailing a compromise at CPUID that distributed malware via trojanized versions of CPU-Z and HWMonitor. The attack involved DLL sideloading using a malicious CRYPTBASE.dll and delivered the STX RAT infostealer. This incident highlights a pattern targeting widely used utilities, similar to a prior FileZilla compromise. → bleepingcomputer.com |
| 2026-04-10 2026 | Renovate & Dependabot: The New Malware Delivery System news | Library for detecting supply chain attacks that exploit automated dependency updates. It analyzes how tools like Renovate and Dependabot, designed to streamline updates, can inadvertently accelerate malware distribution. The library highlights real-world incidents, including the compromise of tj-actions/changed-files, Salesloft Drift, Shai-Hulud, trivy-action, and the Axios package, demonstrating how malicious code can be integrated into CI/CD pipelines and production code through compromised dependencies and automated merges. → securityboulevard.com |
| 2026-04-10 2026 | Renovate & Dependabot: The new Malware Delivery System news | Library analyzing how automated dependency updaters like Renovate and Dependabot can inadvertently accelerate malware distribution in supply chain attacks. It details how these tools, designed for efficiency, can bypass security scrutiny by automatically merging malicious package updates, as seen with the Axios and trivy-action compromises. The entry highlights the implicit trust afforded to bot-generated pull requests and their potential to introduce malware rapidly, even into CI/CD pipelines through workflow modifications. → blog.gitguardian.com |
| 2026-04-10 2026 | Supply Chain Attacks Are Exploiting Our Assumptions beginner | Library of techniques for defending against software supply chain attacks, addressing implicit trust assumptions exploited by attackers. It analyzes recent incidents such as the XZ Utils backdoor, npm and PyPI package compromises like `rustdecimal` and `torchtriton`, and attacks leveraging compromised accounts (e.g., `ctrl/tinycolor`, `Nx`, `rspack`). The library highlights methods to move beyond dependency scanning and SBOMs, focusing on verifying code provenance and build integrity to mitigate risks from deceptive doubles, stolen secrets, and poisoned pipelines. → blog.trailofbits.com |
| 2026-04-10 2026 | Protecting Your Software Supply Chain: Typosquatting and Dependency Confusion intermediate | Library detailing typosquatting and dependency confusion attacks on software supply chains. These attacks exploit developers' typographical errors when downloading packages from registries like npm and PyPI, or through compromised dependencies. Real-world examples such as the Codecov and Event Stream breaches highlight how attackers infiltrate systems by mimicking legitimate packages, leading to data breaches, system compromises, and reputational damage. The library provides insights for engineering managers and security practitioners to protect their infrastructure from these evolving threats. → blog.gitguardian.com |
| 2026-04-10 2026 | LiteLLM PyPI Packages Compromised in TeamPCP Supply Chain Attacks news | Library versions 1.82.7 and 1.82.8 of the LiteLLM Python package, a unified interface for AI model switching, were compromised on PyPI by the TeamPCP group. The malicious versions contained a credential stealer and malware dropper, posing significant risks due to LiteLLM's access to API keys and configuration data. This incident is part of a broader campaign by TeamPCP, which also targeted Aqua's Trivy scanner and CheckMarx's VS Code extensions. Sonatype advises affected organizations to remove the malicious package, rotate credentials, and investigate for persistence mechanisms. → helpnetsecurity.com |
| 2026-04-10 2026 | Supply-Chain Attack Defense: Developer Host Machine Hardening intermediate | Library for hardening developer host machines against supply-chain attacks, detailing configurations for Python (pip, uv) and JavaScript/TypeScript (npm, pnpm, yarn, bun). It implements defenses such as release age gates and disabling install scripts, referencing techniques like `uv`'s `exclude-newer` and `npm`'s `min-release-age` and `ignore-scripts`. The guide also provides guidance on verifying AI-suggested packages and detecting suspicious package behavior through tools like Socket.dev. |
| 2026-04-10 2026 | TeamPCP Credential Infostealer Chain Attack Reaches Python's LiteLLM news | Library for detecting credential infostealer supply chain attacks, specifically detailing the TeamPCP campaign targeting Python's LiteLLM. This multi-stage attack chain exploits vulnerabilities in Trivy, GitHub Actions, Docker images, and npm packages, ultimately compromising LiteLLM through a malicious `.pth` file executed upon interpreter startup. The malware harvests a wide array of credentials including SSH keys, cloud provider secrets, Kubernetes tokens, and Git credentials, exfiltrating them to a compromised domain, and can deploy privileged DaemonSets in Kubernetes environments. |
| 2026-04-10 2026 | Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers news | Library for interacting with the dYdX v4 protocol, compromised versions of the JavaScript (`@dydxprotocol/v4-client-js`) and Python (`dydx-v4-client`) packages have been found to steal cryptocurrency wallet credentials and, in the Python version, execute remote access trojans. Threat actors inserted malicious code into core registry files, exploiting developer account compromise to distribute these poisoned updates across ecosystems. The attack also highlights risks associated with un-published packages on npm, where typosquatting can lead to malware distribution. → thehackernews.com |
| 2026-04-10 2026 | N. Korean Hackers Spread 1,700 Malicious Packages Across npm, PyPI, Go, Rust news | Library detailing the Contagious Interview campaign, which has released over 1,700 malicious packages across npm, PyPI, Go, Rust, and Packagist. These packages, including `dev-log-core`, `logutilkit`, and `github[.]com/golangorg/formstash`, function as malware loaders, distributing infostealers and RATs capable of post-compromise activity. The malicious code is concealed within legitimate functions, making detection challenging. → thehackernews.com |
| 2026-04-10 2026 | The Next Wave of Supply Chain Attacks: NPM, PyPI, and Docker Hub news | Survey connecting supply chain attacks across npm, PyPI, and Docker Hub, highlighting root causes like maintainer phishing and weak authentication, as seen in incidents involving npm packages like chalk and debug, PyPI packages like num2words, and official Debian base images on Docker Hub. It emphasizes the danger of malicious content persistence and reactive detection, pointing out how stolen credentials and exploitable registry gaps allow attackers to poison ecosystems. |
| 2026-04-10 2026 | PyPI, npm, and the New Frontline of Software Supply Chain Attacks news | Library for analyzing software supply chain attacks, detailing incidents involving Trivy (CVE-2026-33634), LiteLLM, Telnyx, and Axios. These attacks targeted popular open-source packages and developer tooling, with attackers gaining unauthorized access to trusted projects and injecting malicious code. The primary objective was credential theft, including cloud keys and SSH keys, with some incidents also exfiltrating cryptocurrency wallet files. The library highlights the need for dependency hygiene and strong CI/CD security controls, such as pinning package versions, atomic credential rotation, and restricting egress from CI/CD runners. |
| 2026-04-10 2026 | Malicious PyPI and npm Packages Exploiting Dependencies in Supply Chain Attacks news | Library detailing malicious PyPI and npm packages exploiting supply chain vulnerabilities. The `termncolor` PyPI package, leveraging the `colorinal` dependency, employed DLL side-loading via `vcpktsvr.exe` and `libcef.dll` for persistence and command-and-control communication. Similarly, compromised npm packages like `redux-ace` and `rtk-logger` targeted developers via job assessments, harvesting credentials and system data. These incidents highlight risks from automated dependency upgrades, exemplified by the `eslint-config-prettier` compromise. → thehackernews.com |
| 2026-04-10 2026 | Supply Chain Attack: How Attackers Weaponize Software beginner | Library detailing software supply chain attacks, explaining how attackers weaponize trust in open source packages from registries like npm and PyPI, CI/CD platforms such as GitHub Actions, and cloud SDKs from vendors like AWS. It covers how compromised developer accounts, malicious updates, or abused CI/CD credentials can lead to vulnerabilities, citing the CCleaner incident as an example of malicious code injected into a digitally signed release. |
| 2026-04-10 2026 | 2026 Supply Chain Security Report: Attack Analysis news | Report analyzing the 2025-2026 supply chain attack landscape, including the multi-wave Shai-Hulud campaigns, the s1ngularity attack on Nx, GhostActions on PyPI, and the September npm hijacking. It details common attack patterns like credential compromise, install-time execution, cross-ecosystem propagation, and CI/CD pipeline exploitation, noting incidents at Jaguar Land Rover and Marks & Spencer, alongside F5 BIG-IP source code theft. The report also maps supply chain security requirements to SOC 2 and ISO 27001 compliance frameworks. |
| 2026-04-10 2026 | Securing Software Supply Chains: 2026 Priorities beginner | Survey of 2026 software supply chain security priorities, this event discussed critical infrastructure needs driven by AI-generated code and open-source components. Key themes included visibility gaps in AI and open-source, challenges aligning compliance with operations, and the necessity for better coordination across security, policy, and procurement teams. It also highlighted the importance of organizational resilience through role clarity, consistent third-party oversight, context-guided modernization, stronger compliance execution, improved metrics, and enhanced collaboration across sectors to address evolving threats. |
| 2026-04-10 2026 | 2026 Software Supply Chain Report news | Report detailing the 2025 evolution of open source malware, with over 454,600 new malicious packages identified across major registries like npm and PyPI. The report highlights industrialized campaigns by state-linked entities such as the Lazarus Group, who deployed sophisticated multi-stage payload chains and introduced self-replicating malware like Shai-Hulud. Attacks increasingly leverage typosquatting, namespace confusion, and toolchain masquerading to target developer and build environments, with observed behaviors including TEA token harvesting, secrets exfiltration, and backdoor deployment. → sonatype.com |
| 2026-04-10 2026 | Supply Chain Attacks 2025-2026: Axios, Shai-Hulud, and More news | Analysis of supply chain attacks from 2025-2026 details incidents like the Axios npm RAT, Shai-Hulud worm, Chalk/Debug compromise, Nx/s1ngularity attack, and the TeamPCP campaign. These attacks exploited compromised npm accounts, typosquatting, build pipeline infiltration, and dependency confusion across npm, PyPI, GitHub Actions, and container registries. The analysis explains common attack vectors, impact including credential exfiltration and crypto wallet draining, and outlines detection and automated remediation strategies for security teams. |
| 2026-04-09 2026 | Inside the TeamPCP cascading supply chain attack news | Library for detecting and mitigating supply chain attacks, detailing the TeamPCP campaign that compromised the telnyx and LiteLLM PyPI packages, as well as Checkmarx extensions on Open VSX. The attacks leveraged stolen credentials to inject malicious code, exfiltrating cloud secrets and tokens, impacting security tools like Trivy and KICS GitHub Actions, and demonstrating the risks of unverified dependencies. → reversinglabs.com |
| 2026-04-09 2026 | Hackers Expose Vulnerabilities in Software Supply Chains news | Library for detecting and mitigating software supply chain risks, exemplified by the Axios NPM package compromise attributed to North Korea-nexus threat actor UNC1069. This incident highlights how attackers exploit trust relationships in development workflows, injecting malicious code like WAVESHAPER.V2 via compromised maintainer accounts. The attack vector, involving a JavaScript dropper with obfuscation, demonstrates the cascading impact of transitive dependencies across development ecosystems, leading to potential credential theft, system compromises, and extortion. |
| 2026-04-09 2026 | LiteLLM PyPI Supply Chain Attack Reaches Mercor: Two Poisoned Releases AI Gateway Credential Risk and the Fallout That Froze Work news | Library detailing a LiteLLM PyPI supply chain attack, specifically versions 1.82.7 and 1.82.8, which compromised AI gateway credentials. The incident highlights the risks of poisoned releases and the propagation of credential exposure through automated build systems and startup mechanism abuse. Remediation involves dependency verification, secret rotation, and auditing egress traffic, emphasizing the critical need for secure pipelines and hash validation protocols for third-party code. |
| 2026-04-09 2026 | Compromised litellm PyPI Package Delivers Multi-Stage Credential Stealer news Python | Library for Python that, when compromised in versions 1.82.7 and 1.82.8, acted as a multi-stage credential stealer. The malicious code within the popular litellm package could exfiltrate sensitive data including API keys, environment variables, cloud credentials (AWS, GCP, Azure), and Kubernetes secrets. It deployed a three-layer payload for reconnaissance, data harvesting, and establishing persistence, potentially linked to TeamPCP and LAPSUS$. → sonatype.com |
| 2026-04-08 2026 | Axios Compromised: The Supply Chain Attack Shows How Thin the Line Between Everyday Packages and Malicious Code Has Become news | Analysis of the Axios supply chain attack, where malicious dependency plain-crypto-js was injected into Axios versions 1.14.1 and 0.30.4 on March 31, 2026. Google Threat Intelligence and Microsoft confirmed the incident, linking it to UNC1069 and WAVESHAPER.V2 malware, with affected platforms including Windows, macOS, and Linux. The attack leveraged trust in everyday packages, potentially leading to RAT payload downloads and credential exfiltration in CI systems and build pipelines, highlighting the vulnerability of software supply chains. |
| 2026-04-08 2026 | Why the Next Supply Chain Shock Will Come From Cyber Not Shortages news | Analysis of third-party cyber risk highlights how compromised suppliers like Collins Aerospace and the retailer Mango cause widespread disruption. Current reliance on static assessments is insufficient; a shift to continuous assurance is necessary. This involves embedding security into partnership agreements, ongoing verification through audits and monitoring, and aligning with frameworks like NIST 800-53 and ISO 27001 to manage the digital supply chain proactively. |
| 2026-04-08 2026 | Your developers work for cyber gangs news | Library for securing open-source dependencies, addressing risks highlighted by March 2026 supply chain attacks. These incidents included credential theft via compromised scanners like Aqua Security's Trivy, invisible malware injection using Unicode payloads by GlassWorm, and a North Korean state actor hijacking the popular axios npm package. The library also covers the challenges posed by blockchain-based command-and-control infrastructure, making traditional takedown methods ineffective. |
| 2026-04-07 2026 | Malware distributed via ILSpy WordPress domain breach news | Library of techniques for mitigating supply chain attacks, specifically addressing the recent ILSpy WordPress domain breach. This incident involved malware distribution through a compromised official WordPress site, luring developers to install malicious browser extensions. The attack highlights the increasing threat of actors targeting software supply chains, urging developers to strengthen URL verification, utilize official repositories, and exercise caution with unsolicited browser extensions. → scworld.com |
| 2026-04-07 2026 | Guardarian Users Targeted With Malicious Strapi NPM Packages news | Library of 36 malicious NPM packages targeting Strapi users, discovered by SafeDep, delivered payloads for Redis code execution, Docker container escape, credential harvesting, and reverse shell deployment. Payloads exploited Redis instances for webshells and reverse shells, escaped Docker containers, and targeted PostgreSQL databases. The campaign specifically aimed at Guardarian users, exfiltrating configurations and API modules, with attackers pivoting to reconnaissance and data collection after initial aggressive approaches failed. → securityweek.com |
| 2026-04-07 2026 | Behind the Scenes: How StepSecurity Detected and Helped Remediate the Largest npm Supply Chain Attack news | Analysis of the largest npm supply chain attack detailing StepSecurity's real-time detection of a compromised axios package. The incident involved a state-sponsored actor hijacking the popular HTTP client, inserting a malicious dependency, and actively deleting GitHub issues to conceal the compromise. StepSecurity utilized its AI Package Analyst and Harden-Runner to identify suspicious indicators and anomalous network activity, enabling rapid notification and remediation efforts for customers. → stepsecurity.io |
| 2026-04-07 2026 | Malicious Axios npm Packages Trigger Supply Chain Attack: How Attackers Could Access Crypto Wallets and API Keys news | Malicious Axios npm Packages Trigger Supply Chain Attack: How Attackers Could Access Crypto Wallets and API Keys https://ift.tt/y4GF6z0 |
| 2026-04-07 2026 | Poisoned Axios Package Linked To Cross-Platform Malware Delivery Campaign news | Library for identifying software supply chain attacks, detailing the malicious Axios versions (1.14.1, 0.30.4) that delivered a cross-platform Remote Access Trojan via a phantom dependency technique (plain-crypto-js) and an obfuscated setup.js script. The attack leveraged compromised package manager accounts and bypassed GitHub Actions, highlighting the risks of dynamic version ranges and the importance of strict version pinning and ignoring automated installation scripts. → cyberpress.org |
| 2026-04-07 2026 | Guardarian Users Targeted in Supply Chain Attack via Malicious Strapi NPM Packages news | Writeup of a supply chain attack targeting Guardarian users via malicious Strapi NPM packages. Threat actors published 36 fake packages, disguised as Strapi plugins, designed to deliver payloads including remote shells, Docker escape, and credential harvesting. Techniques involved exploiting Redis, targeting PostgreSQL, scanning for wallet files, exfiltrating Strapi configurations, and establishing persistent access. The attack evolved from aggressive payloads to reconnaissance and targeted credential theft, specifically for the Strapi ecosystem. → cxodigitalpulse.com |
| 2026-04-07 2026 | Chainguard Emphasizes Short-Lived Tokens to Address Software Supply Chain Risks news | Chainguard Emphasizes Short-Lived Tokens to Address Software Supply Chain Risks https://ift.tt/pUAHQc3 → tipranks.com |
| 2026-04-07 2026 | North Korean Hackers Target High-Profile Node.js Maintainers news | Analysis of UNC1069's social engineering campaign targeting Node.js maintainers, including those involved with Socket, Platformatic, Dotenv, and the Node.js Security Working Group. These attackers employ detailed, multi-week lures, mirroring tactics seen in Operation Dream Job and Contagious Interview, to trick high-profile maintainers into executing malware, as evidenced by the Axios supply chain attack. → securityweek.com |
| 2026-04-07 2026 | Avocado warns on code repository supply chain attacks news | Avocado warns on code repository supply chain attacks https://ift.tt/I76zWlE |
| 2026-04-07 2026 | Avocado warns on code repository supply chain attacks news | Avocado warns on code repository supply chain attacks https://ift.tt/SyPbT1q |
| 2026-04-06 2026 | AI-Assisted Supply Chain Attack Targets GitHub news | AI-Assisted Supply Chain Attack Targets GitHub https://ift.tt/W3OMdbX → darkreading.com |
| 2026-04-06 2026 | Researchers Uncover 36 Rogue npm Packages Delivering Redis RCE and Persistent Malware news | Library of 36 malicious npm packages targeting Strapi content management systems, employing sophisticated supply-chain attacks. These packages, mimicking legitimate plugins, use “postinstall” scripts for automatic execution, enabling remote code execution (RCE) via Redis exploits and Docker container escapes. Variants deployed diverse malware, searched for sensitive data including .env files and wallet information, and established persistent command-and-control infrastructure through cron jobs and background processes. → cyberpress.org |
| 2026-04-06 2026 | How to Prevent OWASP Software Supply Chain Failures intermediate | Reference for preventing OWASP A03:2025 Software Supply Chain Failures, emphasizing continuous third-party monitoring, SBOM management, and device fingerprinting. This category, ranked number one in community surveys, encompasses compromises in building, distributing, or updating software, often through third-party code or tools. Effective strategies involve preventive controls like SBOM and dependency governance, alongside detective controls that monitor for abnormal behavior, addressing risks such as using obsolete functions and unmaintained components, and validating software integrity and provenance. |
| 2026-04-06 2026 | Axios Compromise on npm Introduces Hidden Malicious Package news | Writeup on the axios npm compromise, where attackers hijacked an account to publish malicious versions (axios@1.14.1, axios@0.30.4) that silently introduced a hidden dependency on `plain-crypto-js@4.2.1`. This technique, tracked as sonatype-2026-001623 and sonatype-2026-001622 respectively, leveraged npm's postinstall scripts to execute obfuscated code, download a RAT, and spread to other packages like those in the OpenClaw ecosystem. → sonatype.com |
| 2026-04-06 2026 | NPM Supply Chain Attacks Explained: Dependency Confusion Exploits and Defense intermediate | Library detailing NPM supply chain attacks, focusing on dependency confusion exploits and defense strategies. It analyzes significant incidents like the 2025 NPM Phishing Hack compromising chalk and debug, the Shai-Hulud malware worm targeting credentials and proliferating through postinstall scripts, and the 2026 SANDWORM_MODE exploit poisoning AI toolchains via typosquatting. The library also covers critical NPM vulnerabilities such as install-time arbitrary code execution and extreme dependency depth, and outlines bug bounty methodologies for hunting dependency confusion. |
| 2026-04-06 2026 | Axios npm Package Compromised in Supply Chain Attack news | Library compromised in a supply chain attack affecting axios@1.14.1 and axios@0.30.4 via the malicious plain-crypto-js@4.2.1 package. The attack, originating from a hijacked maintainer account, poisoned both the 1.x and 0.x branches of the popular npm HTTP client. Mitigation strategies include rolling back to unaffected versions, pinning dependencies, or using alternative HTTP clients like the native fetch API, got, or ky. |
| 2026-04-06 2026 | The 2026 Guide to Software Supply Chain Security beginner | The 2026 Guide to Software Supply Chain Security |
| 2026-04-05 2026 | Week in review: Axios npm supply chain compromise critical FortiClient EMS bugs exploited news | Library of security news and analysis detailing recent exploits including the Axios npm supply chain compromise, FortiClient EMS vulnerabilities (CVE-2026-35616, CVE-2026-21643), Cisco IMC auth bypass (CVE-2026-20093), and a Google Chrome zero-day (CVE-2026-5281). It also covers the emergence of EvilTokens for Microsoft 365 phishing, malware distribution via Claude Code leaks, and TrueConf zero-day exploitation targeting government networks. → helpnetsecurity.com |
| 2026-04-05 2026 | 36 Malicious npm Packages Exploited Redis PostgreSQL to Deploy Persistent Implants news | Library of 36 malicious npm packages disguised as Strapi CMS plugins, which exploit Redis and PostgreSQL to deploy persistent implants, harvest credentials, and execute reverse shells. These packages, uploaded under fake developer accounts, utilize the `postinstall.js` script to execute payloads including Docker container escape, system reconnaissance, and PostgreSQL database exploitation with hardcoded credentials. The campaign's evolution shows a pivot from aggressive exploitation to data collection and targeted credential theft, potentially indicating a cryptocurrency platform attack. → thehackernews.com |
| 2026-04-04 2026 | Hackers breached the European Commission by poisoning the security tool it used to protect itself news | Library for securing applications, focusing on supply chain attacks. This library addresses vulnerabilities exploited in tools like Trivy, as demonstrated by the European Commission breach. It highlights the risks of compromised open-source security software and the sophisticated tactics employed by threat actors such as TeamPCP and ShinyHunters, who leveraged techniques like credential harvesting and force-pushing malicious code to gain unauthorized access and exfiltrate sensitive data. |
| 2026-04-04 2026 | Supply Chain Attacks Surge in March 2026 news | Library for detecting and mitigating supply chain attacks impacting open-source software. It details compromises of the Axios NPM package, which distributed a cross-platform RAT via a hidden dependency ([email protected]), and the LiteLLM PyPI package, which aimed to harvest cloud credentials and SSH keys using a malicious `.pth` file and obfuscated payloads. Recommendations include reviewing lockfiles, searching for malicious domains, using SCA tools, implementing MFA, and revoking compromised secrets. → securityboulevard.com |
| 2026-04-04 2026 | Supply chain attack on Axios npm package: Scope impact and remediations intermediate | Analysis of the Axios npm package supply chain attack details how attackers compromised versions 1.14.1 and 0.30.4 by injecting a malicious dependency, `plain-crypto-js`, which executed a remote access trojan dropper. This attack, targeting a popular HTTP client, poses significant risks of data theft, including credentials and API keys. The article stresses the need for immediate incident response, secret rotation, and proactive defense strategies like dependency pinning and environment scanning to mitigate future supply chain compromises. → securityboulevard.com |
| 2026-04-04 2026 | How critical Axios NPM package got hacked: maintainer shared full story intermediate | How critical Axios NPM package got hacked: maintainer shared full story https://ift.tt/cqQuNFB → cybernews.com |
| 2026-04-04 2026 | UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack intermediate | Writeup detailing UNC1069's sophisticated social engineering campaign that compromised the Axios npm package. Threat actors, identified as North Korean, meticulously cloned company founders and branding to build rapport, then used fake Slack workspaces and Microsoft Teams calls to trick maintainers into downloading remote access trojans. This allowed them to steal npm credentials and publish trojanized versions (1.14.1 and 0.30.4) containing the WAVESHAPER.V2 implant, demonstrating a scalable pattern targeting high-impact open-source maintainers to poison the software supply chain. → thehackernews.com |
| 2026-04-04 2026 | European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack news | Writeup detailing the European Commission's data breach, confirming over 300GB of data theft from its AWS environment. Hackers exploited an API key compromised during the TeamPCP-led supply chain attack on Aqua Security's Trivy vulnerability scanner. The attackers leveraged tools like TruffleHog to discover secrets and exfiltrate data related to 71 clients of the Europa web hosting service, with the stolen information later appearing on the ShinyHunters leak site. → securityweek.com |
| 2026-04-04 2026 | Mercor faces class action lawsuit after supply chain attack news | Lawsuit against Mercor alleges failure to implement basic cybersecurity protections, including multifactor authentication and data encryption, leading to a supply chain attack via the LiteLLM open-source software tool. The breach, attributed to the Lapsus$ group, reportedly exposed over 40,000 individuals' sensitive personal data. The suit seeks damages for identity theft, fraud, and invasion of privacy, demanding significant overhauls to Mercor's data security systems and program. |
| 2026-04-03 2026 | The developer credential economy: Why exposure data is the new front line in the supply chain war news | Analysis of the "Developer Credential Economy" highlights how supply chain attacks leverage exposed developer credentials, such as API keys and cloud access tokens, creating a lucrative black market. Endpoint detection and response (EDR) tools are insufficient as they operate reactively and lack visibility into CI/CD environments where credential theft occurs. A Continuous Threat Exposure Management (CTEM) strategy is crucial for proactively identifying and eliminating exposure conditions like long-lived access tokens before they can be exploited, as demonstrated by the Axios and Anthropic Claude Code incidents. → securityboulevard.com |
| 2026-04-03 2026 | North Korean hackers blamed for hijacking popular Axios open source project to spread malware news | Library hijack of the popular JavaScript tool Axios, hosted on npm, is attributed to suspected North Korean hackers (UNC1049). The attackers compromised a developer account to push malicious versions containing a remote access trojan, impacting millions of developers and representing a significant supply chain attack. Security firms like StepSecurity and Aikido investigated, with Aikido advising users who downloaded the compromised code to assume their systems are compromised. The malware was designed to self-delete, complicating detection. → techcrunch.com |
| 2026-04-03 2026 | Do not get high(jacked) off your own supply (chain) news | Analysis of recent supply chain attacks targeting widely used libraries like Axios and projects like Trivy, highlighting the impact of vulnerabilities such as React2Shell and Log4j. The entry emphasizes the ongoing threat posed by compromised open-source components and the necessity of securing CI/CD pipelines, maintaining software inventories, and implementing fundamental security practices like MFA and robust logging. → blog.talosintelligence.com |
| 2026-04-03 2026 | 12 Months That Changed Supply Chain Security - 2025 Month by Month news | Survey of 2025 supply chain threats, month by month, detailing targeted developer compromises, CI/CD manipulation, and open-source module poisoning. Notable incidents include Lazarus Group's Operation 99 and Operation Marstech Mayhem, PlushDaemon's attack on IPany, UAC-0212 exploiting CVE-2024-38213, the compromise of GitHub Action tj-actions/changed-files via CVE-2025-30066, Scattered Spider's DragonForce ransomware attacks, and the theft of Solana keys via PyPI packages. The analysis highlights the escalating scale and sophistication of attacks across ecosystems, cloud platforms, and critical infrastructure. |
| 2026-04-03 2026 | Securing the Software Supply Chain: OpenSSF, SLSA, SBOM, and Sigstore intermediate | Securing the Software Supply Chain: OpenSSF, SLSA, SBOM, and Sigstore |
| 2026-04-03 2026 | OWASP Top 10 2025: A03 Software Supply Chain Failures (Beginner's Guide) beginner | Guide to OWASP Top 10 2025: A03 Software Supply Chain Failures, this entry details common attack vectors such as malicious packages, compromised CI/CD systems, and vulnerable components, citing real-world examples like SolarWinds, Log4j (CVE-2021-44228), and the XZ Utils backdoor (CVE-2024-3094). It offers practical countermeasures including SBOM generation, continuous dependency scanning, artifact signing, and CI/CD hardening, aligning with community concerns over this critical risk. |
| 2026-04-03 2026 | SLSA Framework: The Definitive Guide for Securing Your Software Supply Chain intermediate | Library detailing the SLSA (Supply-chain Levels for Software Artifacts) framework, designed to secure the software supply chain against attacks like SolarWinds and Log4Shell. It defines incremental security levels for build processes, focusing on verifiable provenance metadata and automated enforcement. The library explains SLSA's core concepts, including provenance structure, cryptographic signing with Sigstore (Cosign, Fulcio, Rekor), and its alignment with NIST SSDF and EO 14028. It breaks down SLSA's benefits for AppSec engineers and security professionals looking to prevent tampering, ensure artifact integrity, and secure build infrastructure. |
| 2026-04-03 2026 | Five Key Flaws Exploited in 2025's Software Supply Chain Incidents news | Analysis of five major 2025 software supply chain incidents, detailing exploitation campaigns targeting critical vulnerabilities. These include the React2Shell RCE flaw (CVE-2025-55182) in React.js, exploited by nation-state groups; the Shai Hulud 2.0 worm that poisoned thousands of npm packages; and the Clop group's exploitation of a zero-day RCE vulnerability (CVE-2025-61882) in Oracle E-Business Suite. The analysis highlights the impact of these exploits on numerous organizations and the increasing sophistication of supply chain attacks. → infosecurity-magazine.com |
| 2026-04-03 2026 | Predictions for Open Source Security in 2025 | OpenSSF news | Survey of open source security predictions for 2025, highlighting increased risks from state actors and AI. The xz Utils backdoor incident illustrates vulnerabilities in widely adopted open source projects, often maintained by few volunteers. Generative AI can accelerate vulnerability discovery and sophisticated social engineering attacks, enabling attackers to scale efforts previously requiring nation-state resources. While AI also offers defensive capabilities, the increased attack surface and potential for malicious code injection necessitates greater investment and vigilance in open source supply chains. |
| 2026-04-03 2026 | Supply Chain Attacks in Q4 2025: From Isolated Incidents to Systemic Failure Modes news | Survey of systemic supply chain failure modes observed in Q4 2025, including exploits against developer tooling and distribution channels. Case studies like Shai-Hulud (npm) and GlassWorm (VS Code marketplaces) highlight attackers leveraging implicit trust and identity abuse for widespread compromise, while the F5 BIG-IP breach demonstrates vendor compromise propagating downstream. These incidents illustrate how attacks bypassed traditional defenses by targeting dependencies, identities, and update mechanisms, leading to deep initial access and significant "trust debt" across the software supply chain. |
| 2026-04-03 2026 | Supply Chain Security in CI: SBOMs, SLSA, and Sigstore intermediate | Library for enhancing CI/CD supply chain security, enabling practical implementation of SBOMs, SLSA provenance, and artifact signing using tools like Syft, cosign, and Grype. It details how to generate CycloneDX or SPDX SBOMs, capture build provenance with SLSA generators, and sign container images or blobs with Sigstore's keyless or key-based signing. The library aids in creating auditable builds, ensuring release integrity, and automating vulnerability scanning by integrating SBOMs with scanners. |
| 2026-04-03 2026 | SLSA - Supply-chain Levels for Software Artifacts intermediate | Framework for establishing and improving software supply chain security. SLSA offers a set of standards and controls designed to prevent tampering and enhance the integrity of software packages and infrastructure. It provides four compliance levels, each building on industry-recognized best practices for source code, builds, and dependencies, to create a common language for assessing software supply chain security and protecting against advanced threats. |
| 2026-04-03 2026 | A03 Software Supply Chain Failures - OWASP Top 10:2025 beginner | Reference to OWASP Top 10:2025 A03 Software Supply Chain Failures, this entry details breakdowns in software building, distribution, or updates caused by third-party code, tools, or dependencies. It highlights risks like unpatched components (e.g., CWE-1104, CWE-1395), untracked dependencies, and vulnerable CI/CD pipelines, referencing attacks like SolarWinds, Bybit theft, and the Shai-Hulud npm worm, and vulnerable CVEs such as CVE-2017-5638. Prevention involves robust SBOM management, continuous vulnerability monitoring (CVE, NVD, OSV), securing developer tools, and implementing strict change and hardening processes for repositories and build servers. → owasp.org |
| 2026-04-03 2026 | Mercor Breach Linked to LiteLLM Attack Raises AI Supply Chain Security Concerns news | Library compromise of LiteLLM, a Python Package Index tool, led to the Mercor breach via a supply chain attack. Attackers injected malicious code, exploiting stolen credentials to upload harmful versions of the library, which automated pipelines then downloaded. This incident exposed sensitive data, including user information, credentials, and proprietary assets, impacting numerous companies and raising significant concerns about AI supply chain security, open-source vulnerabilities, and the tactics of groups like TeamPCP and Lapsus$. |
| 2026-04-03 2026 | North Korean hackers implicated in major supply chain attack news | North Korean hackers implicated in major supply chain attack https://ift.tt/qYWBvLI |
| 2026-04-03 2026 | Source Code Leaks Highlight Lack of Supply Chain Oversight news | Analysis of recent supply chain attacks, including compromises of Trivy, Axios, and Anthropic's Claude Code, reveals significant vulnerabilities in development pipelines and credential management. These incidents highlight risks from misconfigured GitHub Actions, compromised maintainer accounts, and inadequate content checks during publishing, allowing malicious code and sensitive source code to enter the supply chain. Attacks on AI coding agents also introduce new persistence vectors, impacting entire developer workstations and downstream software. → darkreading.com |
| 2026-04-03 2026 | Open Source Security Tool Trivy Hit by Supply Chain Attack Prompting Urgent Industry Response news | Tool Trivy was compromised in a supply chain attack, with malicious release v0.69.4 briefly distributed, exfiltrating sensitive data and executing malicious code. Attackers leveraged compromised credentials and manipulated release processes, impacting downstream systems and related tooling like GitHub Actions. This incident highlights the vulnerability of trusted open source scanners and CI/CD pipelines, prompting calls for artifact integrity verification, credential scoping, and zero-trust principles in software supply chains. |
| 2026-04-03 2026 | Supply chain blast: Top npm package backdoored to drop dirty RAT on dev machines news | Library alert detailing a sophisticated npm supply chain attack where a hijacked maintainer account for the popular Axios package (used by 100 million weekly) introduced two backdoored versions: axios@1.14.1 and axios@0.30.4. Attackers bypassed CI/CD pipelines, publishing a malicious dependency, plain-crypto-js@4.2.1, which delivered cross-platform remote-access trojans (RATs) tailored for macOS, Windows, and Linux. This highly organized campaign, attributed to suspected North Korean threat actor UNC1069, highlights the significant risks associated with compromised dependencies and the need for robust application security practices. → theregister.com |
| 2026-04-03 2026 | Axios supply chain attack victim posts postmortem to prevent a repeat news | Writeup detailing the Axios supply chain attack by North Korean group UNC1069, which injected Remote Access Trojans (RATs) via malicious versions `axios@1.14.1` and `axios@0.30.4`. The attack leveraged social engineering, including a fake Microsoft Teams call, and delivered payloads through the `plain-crypto-js@4.2.1` dependency. Remediation involves downgrading Axios, cleaning dependencies, rotating credentials, and monitoring network connections to `sfrclak.com`. Axios is implementing OIDC-based publishing and immutable releases to prevent future incidents. → techzine.eu |
| 2026-04-03 2026 | Axios Compromised With A Malicious Dependency news | Library for detecting and mitigating the Axios supply chain attack where versions 0.30.4 and 1.14.1 were compromised via the malicious dependency `plain-crypto-js` version 4.2.1. This attack installs a Remote Access Trojan (RAT) on Windows, macOS, and Linux systems, enabling attackers to gain complete control. Immediate actions include rotating credentials, pinning dependencies, and treating affected machines as fully compromised. The library can help identify affected versions and provide context on the attack's mechanisms across different operating systems. → ox.security |
| 2026-04-03 2026 | Mitigating the Axios npm supply chain compromise intermediate | Analysis of a recent Axios npm supply chain compromise reveals North Korean state actor Sapphire Sleet injected malicious dependencies into popular Axios versions 1.14.1 and 0.30.4. These compromised packages, utilizing a fake runtime dependency `plain-crypto-js@4.2.1` with silent install-time code execution, connected to a Sapphire Sleet-controlled C2 server at `hxxp://sfrclak[.]com:8000/6202033` to download platform-specific remote access trojan (RAT) payloads for Windows, macOS, and Linux. The attack highlights the risks of poisoned open-source frameworks, enabling actors to achieve broad downstream impact by compromising widely adopted libraries. → microsoft.com |
| 2026-04-03 2026 | North Korean hackers bug software used by thousands of US companies in potential crypto heist attempt news | Library: Axios, a software package used by thousands of US companies, was compromised in a supply-chain attack attributed to suspected North Korean hackers. This incident allowed unauthorized access to malicious updates, potentially enabling cryptocurrency theft to fund North Korea's nuclear and missile programs. Experts anticipate a lengthy recovery process and downstream impact, noting this as another instance of Pyongyang leveraging software vulnerabilities for financial gain. |
| 2026-04-03 2026 | Axios npm supply chain attack: Malicious updates add remote access trojan news | Library detailing a sophisticated supply chain attack targeting the popular `axios` npm package. Malicious updates (`[email protected]`, `[email protected]`) introduced a remote access trojan via a compromised account and a pre-staged dependency, `plain-crypto-js`. The trojan deployed OS-specific payloads for Windows, macOS, and Linux, establishing backdoors to a command and control server at `sfrclak[.]com`. Cleanup involved obfuscated scripts and self-destructing RATs, with artifacts like `%PROGRAMDATA%/wt.exe` on Windows and `/Library/Caches/com.apple.act.mond` on macOS. → scworld.com |
| 2026-04-03 2026 | Update anxiety: is it safe to run apt update during active supply chain attack intermediate | Update anxiety: is it safe to run “apt update” during active supply chain attack https://ift.tt/xeBRmYn → cybernews.com |
| 2026-04-03 2026 | Axios NPM Distribution Compromised in Supply Chain Attack news | Analysis of the Axios npm supply chain attack details how a compromised maintainer account led to malicious versions (v1.14.1, v0.30.4) being published, introducing a dependency on the trojanized `plain-crypto-js` package. This compromise, tracked as GHSA-fw8c-xr5c-95f9 and MAL-2026-2306, involved a dropper executing platform-specific RATs from `sfrclak.com:8000`. Security teams should audit axios usage, rotate exposed credentials, investigate compromise paths, and monitor for suspicious activity. → wiz.io |
| 2026-04-03 2026 | Axios compromise: How AppSec teams should respond intermediate | Library response checklist for the Axios supply chain compromise, detailing steps to audit dependencies, rotate credentials, review CI/CD logs, and secure code repositories. It advocates for continuous dependency inventory, extended SBOMs (xBOMs) including SaaSBOMs and CBOMs, ongoing OSS package monitoring, short-lived CI/CD credentials, and modeling cascading risk, particularly for crypto and fintech assets, to mitigate threats posed by compromised packages like axios and its transitive dependencies. → reversinglabs.com |
| 2026-04-03 2026 | CyCognito Details Axios Supply Chain Attack After Malicious npm Releases Deliver Remote Access Trojan news | Analysis of a software supply chain attack detailing how malicious versions of the npm package axios ([email protected] and [email protected]) delivered a remote access trojan during installation. The incident, identified by CyCognito, affected developer workstations, CI/CD runners, and other environments resolving dependencies during a limited exposure window, potentially exposing credentials and secrets within trusted engineering workflows. Recommended responses include precise exposure identification via lockfiles and build logs, credential rotation, and hardening dependency handling by limiting install-time script execution. → securityboulevard.com |
| 2026-04-03 2026 | GlassWorm Supply Chain Cyber Attack Threatens Connected Cars news | Analysis of GlassWorm, a sophisticated supply chain attack targeting connected car development, highlights its novel use of invisible Unicode characters to conceal malicious payloads. Compromising popular Visual Studio Code extensions on Open VSX and npm packages, GlassWorm harvests developer credentials, VPN configurations, and authentication tokens. Command-and-control operations leverage the Solana blockchain and Google Calendar to exfiltrate data, posing a significant threat to automotive software pipelines and the security of modern vehicles. |
| 2026-04-03 2026 | North Korean hackers bug software used by thousands of US companies in potential crypto heist attempt news | Library for securing software supply chains, this resource details a suspected North Korean APT attack leveraging the Axios open-source software. The incident highlights the risks of malicious updates, with potential cryptocurrency theft as a motive. Mandiant and Wiz identify the threat actor, emphasizing the broad economic impact across sectors and the ongoing challenges in assessing downstream consequences. The attack underscores vulnerabilities exploited by sophisticated state-sponsored actors, particularly in the context of AI-driven development. |
| 2026-04-03 2026 | North Korean hackers bug software used by thousands of US companies in potential crypto heist attempt news | Writeup of a supply-chain attack targeting the Axios software package, attributed to suspected North Korean hackers. The attackers gained access to a developer's account, pushing malicious updates to thousands of US companies. Experts anticipate a long-term campaign to steal cryptocurrency to fund North Korea's nuclear and missile programs, with downstream impacts potentially taking months to assess. Mandiant and Wiz have commented on the incident, noting the sophistication and boldness of Pyongyang's hacking operations. |
| 2026-04-03 2026 | North Korea-Linked Hackers Hit Axios in Supply Chain Attack news | North Korea-Linked Hackers Hit Axios in Supply Chain Attack https://ift.tt/WXtKrSs |
| 2026-04-02 2026 | Software supply chain hacks trigger wave of intrusions data theft news | Analysis of recent supply chain attacks, including the Axios npm compromise by North Korean hackers (UNC1069) and attacks involving Trivy, KICS, LiteLLM, and Telnyx linked to TeamPCP, reveals widespread intrusions and data theft. These incidents have led to stolen secrets being exploited for cloud environment compromises, ransomware, and cryptocurrency theft, impacting numerous organizations globally across various sectors. TeamPCP's activities include exploiting credentials for cloud intrusions and potential partnerships with Vect ransomware and their planned CipherForce RaaS program. → helpnetsecurity.com |
| 2026-04-02 2026 | Et Tu Agent? Did You Install the Backdoor? news | Library for detecting novel software supply chain attacks, focusing on malicious dependencies like the one in the Axios incident and the TeamPCP campaign. It analyzes package behavior, examining network access, shell processes, obfuscation, and postinstall scripts, to identify threats that traditional CVE databases and vulnerability scanners miss, offering detection speeds orders of magnitude faster than industry averages. |
| 2026-04-02 2026 | The build pipeline is becoming the new frontline: Axios npm compromise highlights growing software supply chain risks experts warn news | Analysis of the Axios npm compromise highlights the escalating risks of software supply chain attacks, where build pipelines become the new frontline. Attackers compromised the Axios npm account, publishing malicious versions that installed a remote access trojan (RAT) targeting macOS, Windows, and Linux. This sophisticated attack involved a staged dependency that self-deleted and cleared its tracks, making detection difficult. Researchers warn that such attacks exploit trust in open-source ecosystems and necessitate closer scrutiny of CI/CD systems, package dependencies, and developer environments to defend against evolving threat actor playbooks, potentially linked to groups like UNC1069. |
| 2026-04-02 2026 | Trivy supply chain intrusion reportedly compromises Cisco source code news | Library for identifying and mitigating supply chain risks, highlighted by the Trivy vulnerability scanner's role in a Cisco source code compromise. This incident involved threat actors leveraging illicit GitHub Action plugins to gain access to Cisco's build environment, steal credentials, and exfiltrate AWS keys. The attack resulted in the cloning of over 300 Cisco GitHub repositories, including sensitive AI-related code and data from government agencies and financial institutions, and points to potential further compromises from related LiteLLM and Checkmarx incidents. → scworld.com |
| 2026-04-02 2026 | Google links axios attack to suspected North Korean actor news | Google links axios attack to suspected North Korean actor https://ift.tt/Qo2k98l |
| 2026-04-02 2026 | Frequently Asked Questions About the Axios npm Supply Chain Attack by North Korea-Nexus Threat Actor UNC1069 news | Library details a supply chain attack on the popular axios npm package, where North Korea-nexus threat actor UNC1069 injected malicious versions (1.14.1 and 0.30.4). This compromise, live for approximately three hours, delivered the WAVESHAPER.V2 cross-platform remote access trojan via a malicious dependency, plain-crypto-js. The attack targeted millions of developer environments, with affected systems needing to be treated as fully compromised. Remediation involves downgrading axios, blocking C2 traffic, and rotating credentials. → securityboulevard.com |
| 2026-04-02 2026 | North Korean hackers linked to Axios npm supply chain compromise news | Writeup detailing the Axios npm supply chain compromise attributed to North Korean attackers (UNC1069), where malicious versions of the library introduced a hidden dependency with a post-install script to deploy WAVESHAPER.V2 backdoor variants targeting macOS, Windows, and Linux. The attack leveraged stealthy code and external infrastructure to evade detection, highlighting the significant downstream risk of compromised transitive dependencies in the JavaScript ecosystem. → helpnetsecurity.com |
| 2026-04-02 2026 | North Korean hackers behind axios critical supply chain attack Google says news | North Korean hackers behind axios critical supply chain attack, Google says https://ift.tt/bSufe84 → cybernews.com |
| 2026-04-02 2026 | Axios open source library targeted in sophisticated supply chain attack news | Axios open source library targeted in sophisticated supply chain attack https://ift.tt/m7Wu1vD → cybersecuritydive.com |
| 2026-04-02 2026 | North Korea-linked hack hits largely invisible software that powers online services news | North Korea-linked hack hits largely invisible software that powers online services https://ift.tt/SzoMu5C |
| 2026-04-02 2026 | Axios supply chain attack chops away at npm trust news | Writeup on the Axios supply chain attack, detailing how compromised credentials led to malicious versions of axios (axios@1.14.1, axios@0.30.4) and a malicious dependency (plain-crypto-js@4.2.1) being published to npm. These versions inject a Remote Access Trojan (RAT) via a post-install script, potentially exposing secrets and leading to full machine compromise. Indicators of compromise include specific domains, IP addresses, and temporary file paths on affected operating systems. |
| 2026-04-02 2026 | LiteLLM Supply Chain Attack Exposes Credentials Across AI Ecosystems news | Library detailing a LiteLLM supply chain attack where malicious PyPI packages, injected by threat actor TeamPCP, silently stole credentials and infrastructure data. The multi-stage malware used stealthy execution, harvested sensitive information including cloud credentials and Kubernetes secrets, and established persistence via system-level backdoors and privileged pod deployment. Mitigation strategies involve removing compromised versions, rebuilding systems, rotating credentials, auditing pipelines, and strengthening supply chain security through dependency pinning and verification. → esecurityplanet.com |
| 2025-12-11 2025 | 📚 tl;dr sec 308 news AI | 😈 MCP Security, ☁️ AWS re:Invent Recaps, 🤖 Detecting Malicious Pull Requests with AI https://t.co/gt4zMQKZpp |
| 2025-12-03 2025 | 30 low-high level honeypots in a single PyPI package news Python | https://t.co/sH0hx43Dcp |
| 2025-11-29 2025 | Story of Cyberattack: Salesforce Supply Chain Breach news | Analysis of the 2025 Salesforce supply chain attacks, involving compromised Salesloft Drift and Gainsight integrations, highlights the abuse of OAuth tokens and third-party app vulnerabilities. Attackers leveraged stolen credentials and API access to exfiltrate sensitive data from over 200 companies, demonstrating a significant risk inherent in SaaS ecosystems where external applications possess broad permissions and often overlook security controls. |
| 2025-10-30 2025 | fr0gger/proximity: Proximity is a MCP security scanner powered with NOVA intermediate AI | Library for security scanning of MCP (Model Context Protocol) servers and Agent Skills. Proximity leverages NOVA security rules to detect issues like prompt injection and jailbreak attempts, offering pattern-specific remediation. It supports MCP Spec 2025-11-25, providing detailed analysis of server capabilities, agent skill structures, permissions, and LLM evaluations. |
| 2025-10-15 2025 | The MCP Security Tool You Probably Need - MCP Snitch intermediate AI | Tool for securing MCP proxy operations, MCP Snitch intercepts tool calls and enforces user-defined whitelists to prevent overprivileged access, inspired by browser security evolution. It addresses current authentication weaknesses, such as broad GitHub PAT scopes, by mediating operations and providing visibility and control, acting as a critical layer until MCP protocols and platforms implement native fine-grained, temporal scoping and sandboxing. |
| 2025-07-29 2025 | GitHub - jeanlucdupont/EXEfromCER: PoC that downloads an executable from a public SSL certificate intermediate RCE | Tool for demonstrating executable delivery via SSL certificates. This proof of concept embeds a full Windows executable within a custom extension of an X.509 certificate, served over HTTPS. A Python client connects to the server, extracts the embedded binary from the certificate, saves it to disk, and then executes it, showcasing a novel attack vector. |
| 2024-10-10 2024 | Security hardening for GitHub Actions - GitHub Docs beginner | Guide for GitHub Actions security hardening detailing best practices for managing secrets, including the principle of least privilege, masking sensitive data using `::add-mask::`, deleting and rotating exposed secrets, avoiding structured data as secrets, registering transformed or generated secrets, auditing secret handling and usage, and reviewing run logs. It also covers mitigating script injection risks by using JavaScript actions or intermediate environment variables, and emphasizes pinning actions to full-length commit SHAs to prevent malicious code injection from third-party repositories. |
| 2024-09-30 2024 | GitHub - praetorian-inc/gato: GitHub Actions Pipeline Enumeration and Attack Tool intermediate | Tool for enumerating and exploiting GitHub Actions pipeline vulnerabilities. Gato, or GitHub Attack Toolkit, identifies poisoned pipeline execution vulnerabilities and scans workflow artifacts for secrets using NoseyParker. It supports various attack modules including GitHub Classic PAT privilege enumeration, GitHub Code Search API enumeration, and self-hosted runner attack detection through workflow file and run-log analysis. This tool has been superseded by Trajan. |
| 2024-07-23 2024 | Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests intermediate | In this article, we’ll discuss some common security malpractices for GitHub Actions and workflows, and how to best avoid them. Our examples are based on real-world GitHub workflow implementation vulne... → securitylab.github.com |
| 2022-01-18 2022 | Making Sense of the Constantly Changing Log4Shell Landscape news RCE | Library for application security, focusing on the evolving Log4Shell vulnerability. It provides a comprehensive overview of the Log4Shell landscape, detailing various techniques and considerations for managing the risks associated with this critical vulnerability. |
| 2022-01-15 2022 | 10 real-world stories of how weve compromised CI/CD pipelines intermediate | Writeups detail 10 real-world compromises of CI/CD pipelines, showcasing vulnerability discovery and exploitation techniques. These NCC Group research articles highlight findings from their Exploit Development Group, emphasizing deep technical investigations and practical guidance for enhancing cyber resilience across various security domains, including software and AI security. |
| 2022-01-10 2022 | Open Source Developer Intentionally Corrupts His Own Widely-Used Libraries news | Writeup of the intentional sabotage of the 'colors' and 'faker' JavaScript libraries by their developer, Marak Squires. Versions v1.4.44-liberty-2 of 'colors' and '6.6.6' of 'faker' contained infinite loops and disruptive code, impacting thousands of downstream projects including Amazon's Cloud Development Kit. This event highlights the complexities and potential repercussions of open-source development, particularly concerning developer compensation and corporate reliance on free software. The issue with 'faker' can be mitigated by downgrading to version 5.5.3. |
| 2021-12-29 2021 | Log4j: The Worst Vulnerability In Nearly A Decade? news | Log4j: The Worst Vulnerability In Nearly A Decade? |
| 2021-12-22 2021 | Why SBOM management is no longer optional beginner | Library for Software Bills of Materials (SBOM) management, crucial for addressing software supply chain vulnerabilities like Log4Shell. It emphasizes generating, storing, and searching SBOMs for rapid incident response, supporting aggregation and various SBOM formats like SPDX. This proactive approach ensures visibility and quick identification of affected applications during zero-day exploits. |
| 2021-12-22 2021 | Why the Log4j vulnerability is such a big deal according to a former NSA hacker news | Library analysis by a former NSA hacker details the severe remote code execution (RCE) vulnerability, Log4Shell, found in Apache's Log4j logging tool. This critical flaw, rated 10 on the CVSS scale, is present in numerous widely-used applications and services, including those from Apple, Twitter, and Amazon, as well as Minecraft and Tesla vehicles. Its ubiquitous nature and the difficulty in locating and patching all instances make it a significant threat, enabling attacks like data theft, malware deployment, and system compromise by various actors, including nation-states and ransomware gangs. |
| 2021-12-16 2021 | Mitigate Log4j2 / Log4Shell in Elasticsearch intermediate RCE | Reference detailing Log4Shell (CVE-2021-44228) and its impact on Elasticsearch versions 5.0 to 7.16.0. It explains mitigation strategies, including updating Log4j to 2.17.1, setting `log4j2.formatMsgNoLookups=true`, removing the `JndiLookup` class, and leveraging the Java Security Manager. The document also addresses subsequent vulnerabilities like CVE-2021-45046, CVE-2021-45105, and CVE-2021-44832, clarifying their applicability to Elasticsearch. |
| 2021-12-13 2021 | Semgrep beginner RCE | Semgrep |
| 2021-12-12 2021 | Digging deeper into Log4Shell - 0Day RCE exploit found in Log4j advanced RCE | Writeup on CVE-2021-44228, a critical Remote Code Execution vulnerability in the Apache Log4j library that leverages JNDI lookups. Attackers can exploit this by controlling log messages, triggering LDAP calls to execute arbitrary Java code loaded from attacker-controlled servers, leading to widespread exploitation due to Log4j's common usage. |
| 2021-12-12 2021 | PSA: Log4Shell and the current state of JNDI injection intermediate RCE | Writeup on JNDI Injection exploits, including the Log4Shell vulnerability (CVE-2021-44228). This entry details how Java runtimes, even newer versions, are susceptible. It explains that JNDI lookups via RMI and LDAP can lead to remote code execution, referencing earlier patches like CVE-2009-1094 and CVE-2018-3149. The writeup also covers exploitation vectors involving Apache XBean BeanFactory and Java deserialization, highlighting the importance of patching Log4J and disabling JNDI lookups. |
| 2021-11-01 2021 | Common Threat Matrix for CI/CD Pipeline intermediate | Matrix detailing CI/CD pipeline threats, modeled after MITRE ATT&CK®. It classifies adversary tactics and techniques specific to CI/CD environments, extending beyond just supply-chain attacks. This resource aims to share knowledge on securing CI/CD environments with the cybersecurity community, addressing the full attack surface. |
| 2021-10-27 2021 | Protect your open source project from supply chain attacks beginner | Library for securing open source projects from supply chain attacks, this resource details best practices aligned with the SLSA framework and OpenSSF Scorecards rubric. It covers techniques such as enforcing multi-factor authentication, requiring commit reviews, using secret manager tools like HashiCorp Vault, implementing least privilege access controls, defining build configurations as code, assessing dependency risks with tools like deps.dev and Scorecards, generating authenticated build provenance, and verifying cryptographically signed artifacts using services like Sigstore. The Allstar project can automate many of these recommendations. |
| 2021-09-15 2021 | Native Container Image Scanning in Amazon ECR beginner | Library for native container image scanning within Amazon ECR, leveraging the CoreOS Clair open-source project for static analysis of OS packages against CVEs. This solution offers scheduled re-scans via Lambda functions and an HTTP API, or immediate scans with "scan-on-push" or "scan-on-demand" modes. It integrates with AWS CLI and SDKs, providing actionable insights and enabling drill-down into specific findings, without requiring third-party licenses or infrastructure setup. → aws.amazon.com |
| 2021-06-24 2021 | Google Releases New Framework to Prevent Software Supply Chain Attacks news | Framework outlining Supply chain Levels for Software Artifacts (SLSA) to secure the software development pipeline and prevent tampering. SLSA, inspired by Google's Binary Authorization for Borg, offers four progressive security levels for software packages and build platforms, culminating in SLSA 4's two-person review and hermetic build process, aiming to provide auditable metadata for policy engines. → thehackernews.com |
| 2021-05-25 2021 | Supply Chain Security Begins with Secure Software Development beginner | Library of open-source tools and practical guidance for secure software development and supply chain security, stemming from NCC Group's vulnerability research across cryptography, hardware, AI, and exploitation. The Exploit Development Group (EDG) delivers high-impact research and bespoke exploit development, with academic partnerships further advancing cyber resilience and nurturing future talent. |
| 2021-05-19 2021 | Creating the Perfect Python Dockerfile intermediate | This content focuses on best practices for building efficient and secure Docker images for Python applications. Key considerations include choosing appropriate base images, minimizing image size through multi-stage builds and `.dockerignore` files, optimizing dependency installation, and implementing security measures like running as a non-root user. The goal is to create Dockerfiles that are faster to build, smaller in size, and more secure for deployment. |
| 2021-05-18 2021 | Colonial Pipeline Darkside and Models news | Analysis comparing incident response models from Sophos and Mandiant for the Darkside ransomware attack. It highlights differences in kill chain stages, such as Sophos categorizing at least two steps Mandiant omits, and discrepancies in specific techniques listed for "move laterally," with Mandiant citing Beacon and plink while Sophos lists PSExec and SSH. The entry emphasizes the need for defenders to critically evaluate and unionize such data due to variations in observed post-exploitation actions, referencing CVE-2021-20016. |
Frequently Asked Questions
- What is a software supply chain attack?
- A supply chain attack targets the components, tools, or processes used to build software rather than the application itself. This includes compromising open-source packages, injecting malicious code into build pipelines, hijacking maintainer accounts, or distributing trojanized development tools — allowing attackers to affect thousands of downstream users simultaneously.
- What is dependency confusion?
- Dependency confusion (also called namespace confusion) exploits how package managers resolve dependencies. An attacker publishes a malicious package to a public registry with the same name as a private internal package. If the build system checks the public registry first or prefers higher version numbers, it installs the attacker's package instead of the legitimate internal one.
- How do you defend against supply chain attacks?
- Key defenses include maintaining a Software Bill of Materials (SBOM), using lock files and dependency pinning, enabling automated dependency scanning (Dependabot, Snyk, Socket), verifying package signatures and provenance, adopting the SLSA framework for build integrity, using private registries with allow-lists, and regularly auditing your dependency tree for known vulnerabilities.
Weekly AppSec Digest
Get new resources delivered every Monday.