Supply Chain Security
Software supply chain security addresses threats that target the dependencies, build systems, and distribution channels that modern applications rely on. High-profile incidents like SolarWinds, Log4Shell, and the xz backdoor demonstrated that attackers increasingly target upstream components rather than applications directly. Supply chain attacks include dependency confusion (substituting malicious packages with names matching internal packages), typosquatting in package registries, compromised maintainer accounts, malicious code injected into build pipelines, and trojanized development tools. Defenses include software bills of materials (SBOMs), dependency pinning and lock files, signature verification, provenance attestation (SLSA framework), regular dependency auditing with tools like Dependabot, Snyk, or Socket, and careful evaluation of new dependencies before adoption.
| Date Added | Link | Excerpt |
|---|---|---|
| 2026-05-12 NEW 2026 | RubyGems Suspends New Signups After Hundreds of Malicious Packages Are Uploaded news | RubyGems Suspends New Signups After Hundreds of Malicious Packages Are Uploaded https://ift.tt/7j63dDB → thehackernews.com |
| 2026-05-12 NEW 2026 | SailPoint Discloses GitHub Repository Hack news | SailPoint has disclosed a breach of its GitHub repositories. The incident involved unauthorized access to a limited number of SailPoint GitHub repositories. The company has stated that the unauthorized access did not impact its customer data or production environments. SailPoint has implemented enhanced security measures and is cooperating with law enforcement. No specific bounty payout amount was mentioned. → securityweek.com |
| 2026-05-12 NEW 2026 | Compromised Mistral AI and TanStack packages may have exposed GitHub cloud and CI/CD credentials in 'mini Shai Hulud' malware infection supply-chain campaign spreads across npm and AI developer ecosystems like wildfire news | A supply-chain attack, dubbed "mini Shai Hulud," has infected popular Mistral AI and TanStack packages distributed via npm. This malware may have exposed sensitive GitHub, cloud, and CI/CD credentials. The campaign is rapidly spreading through AI developer ecosystems, posing a significant security risk to compromised users. |
| 2026-05-12 NEW 2026 | How AICanDetect Lateral Movement in Supply Chain Attacks intermediate | This content likely discusses how Artificial Intelligence (AI) can be employed to identify lateral movement within supply chain attacks. Lateral movement is a critical phase where attackers expand their access within a compromised network. AI's capabilities in analyzing large datasets and detecting anomalous patterns would be key to spotting these advanced persistent threats. The focus is on leveraging AI to enhance security defenses against sophisticated attacks that exploit the interconnectedness of supply chains. → securityboulevard.com |
| 2026-05-12 NEW 2026 | TanStack Mistral AI UiPath Hit in Fresh Supply Chain Attack news | A recent supply chain attack has impacted several prominent technology companies, including TanStack, Mistral AI, and UiPath. The exact details of the attack and the extent of the compromise are still under investigation. This incident highlights ongoing vulnerabilities in software supply chains, where compromised third-party components can inadvertently infect downstream users and their systems. Further information regarding the attack's vector, affected data, and remediation efforts is expected as investigations proceed. No bug bounty payout amounts were mentioned in the provided content. → securityweek.com |
| 2026-05-12 NEW 2026 | Hundreds of open source packages hacked: Im just not gonna run npm install anymore news | Hundreds of open source packages hacked: “I’m just not gonna run npm install anymore” https://ift.tt/rDlQGUa → cybernews.com |
| 2026-05-12 NEW 2026 | Checkmarx Jenkins AST Plugin Compromised in KICS Supply Chain Attack news | Checkmarx Jenkins AST Plugin Compromised in KICS Supply Chain Attack https://ift.tt/5VXPZUo → gbhackers.com |
| 2026-05-12 NEW 2026 | Claude Code MCP Attack Enables Persistent Token Theft intermediate | Claude Code MCP Attack Enables Persistent Token Theft https://ift.tt/sk39bhF → esecurityplanet.com |
| 2026-05-11 NEW 2026 | JDownloader website compromised to distribute malicious installers news | Library for detecting supply chain attacks; this entry details a compromise of the JDownloader website where attackers used an unpatched CMS vulnerability to distribute malicious Windows and Linux installers. The Windows payload deployed a Python RAT, while the Linux installer injected code to establish persistence. JDownloader confirmed the breach, advising users to verify digital signatures for "AppWork GmbH" and recommending OS reinstallation for affected individuals. → scworld.com |
| 2026-05-11 NEW 2026 | AI Is Reshaping Software Supply Chain Risk beginner | Analysis of AI's impact on software supply chain security highlights expanding attack surfaces due to AI-assisted development, with 84% of developers using AI tools. Traditional security controls like EDR and MDM lack visibility into AI integrations, browser extensions, and package managers. This leads to increased risk from malicious open-source packages, with Aikido Intel identifying up to 100,000 daily. Organizations require real-time visibility and install-time controls for developer tooling, as compromised workstations grant attackers trusted access to repositories and credentials. → esecurityplanet.com |
| 2026-05-11 NEW 2026 | TeamPCP Compromises Checkmarx Jenkins AST Plugin Weeks After KICS Supply Chain Attack news | Writeup of TeamPCP's compromise of the Checkmarx Jenkins AST plugin, occurring weeks after their KICS supply chain attack. This incident highlights the exploitation of software supply chain trust and the potential for incomplete remediation, as evidenced by the defaced GitHub repository and malicious updates to the plugin. The ongoing attacks by TeamPCP underscore the persistent threat to developer tools and credentials. → thehackernews.com |
| 2026-05-11 NEW 2026 | Build Application Firewalls Aim to Stop the Next Supply Chain Attack beginner | Library from InvisiRisk, a build application firewall (BAF), enforces policy during the CI/CD build process by inspecting package activity rather than solely scanning code. This approach aims to prevent supply chain attacks, such as those involving the SolarWinds breach or hijacked npm libraries like Axios, by detecting unexpected or malicious actions within the build environment. The BAF, along with InvisiRisk's TruSBOM tool, provides detailed explanations for risky actions and generates accurate SBOMs by directly observing the software build process, offering a robust defense against evolving threats. → securityweek.com |
| 2026-05-11 NEW 2026 | Checkmarx Jenkins AST Plugin Compromised in Supply Chain Attack news | Plugin version 2.0.13-829.vc72453fa_1c16 of the Checkmarx Jenkins AST plugin is the secure version, after a malicious iteration was published to the Jenkins Marketplace. This compromise, attributed to the TeamPCP hacker gang and potentially the Lapsus$ extortion group, stems from a wider supply chain attack impacting Checkmarx's repositories since March, following a Trivy supply chain incident. → securityweek.com |
| 2026-05-11 NEW 2026 | Checkmarx tackles another TeamPCP intrusion as Jenkins plugin sabotaged news | Analysis of a TeamPCP intrusion targeting a Jenkins plugin, highlighting the evolving landscape of supply chain attacks. This incident underscores the risks associated with untrusted agentic development layers and the growing threat of AI agent skills being exploited for malicious purposes, mirroring concerns around identity-based cyber resilience and the black market for compromised identities. → theregister.com |
| 2026-05-11 NEW 2026 | Malicious Hugging Face model masquerading as OpenAI release hits 244K downloads news | Library of techniques for defending against malicious Hugging Face models masquerading as legitimate OpenAI releases. This incident highlights the emerging threat of AI repositories as a software supply chain attack vector, with one model, Open-OSS/privacy-filter, reaching 244,000 downloads before removal. The attack involved a malicious loader.py script that delivered infostealer malware targeting browser credentials, cryptocurrency wallets, and system information, bypassing traditional security controls and suggesting links to npm typosquatting and PyPI campaigns. → csoonline.com |
| 2026-05-11 NEW 2026 | Checkmarx tackles another TeamPCP intrusion as Jenkins plugin sabotaged news | Library that detects and mitigates supply chain attacks targeting CI/CD pipelines, as demonstrated by Checkmarx's response to an intrusion involving a sabotaged Jenkins plugin used by TeamPCP. The article highlights the increasing risks associated with untrusted agentic development layers and the potential for AI agent skills to be exploited for supply chain compromise. → theregister.com |
| 2026-05-11 NEW 2026 | Responsible for Systems You Cant See: A C-Suite Guide to AI Supply Chain Risk beginner | Guide for C-suites on AI supply chain risk, highlighting attacks on LiteLLM and axios, which exploited trusted open-source workflows. It emphasizes that AI expands and obscures the attack surface, making executives accountable for systems and dependencies they cannot fully see, audit, or control, necessitating a shift to ecosystem security and continuous dependency monitoring rather than assuming trust. |
| 2026-05-10 NEW 2026 | Supply Chain Attack: Fake OpenAI Repository on Hugging Face Distributes Infostealer Malware Targeting Developers and AI Tools news | Library of techniques detailing a supply chain attack involving a fake OpenAI repository on Hugging Face that distributed an infostealer malware. The malware targeted developers by exfiltrating credentials, session tokens, and cryptocurrency wallets from Chromium and Gecko browsers, Discord tokens, and local files. The attack leveraged typosquatting, social engineering, and evasion tactics like disabling SSL verification and checking for VMs, mapping to MITRE ATT&CK techniques such as T1566 (Phishing) and T1555 (Credentials from Password Stores). → rescana.com |
| 2026-05-10 NEW 2026 | Official JDownloader site served malware to Windows and Linux users between May 6 and May 7 news | Writeup of a supply chain attack on the JDownloader official website, which occurred between May 6 and May 7, 2026. Attackers compromised the site's content management system, altering download links to serve malware instead of legitimate Windows "Alternative Installer" and Linux shell installers. The deployed malware was a Python-based remote access trojan (RAT). Legitimate installers were digitally signed by "AppWork GmbH," while malicious ones were unsigned or signed by suspicious entities like "Zipline LLC" or "The Water Team." The website was taken offline for investigation and remediation, with correct installer links restored. → securityaffairs.com |
| 2026-05-09 NEW 2026 | Supply-Chain Attacks in an Era of Automation and Implicit Trust intermediate | Analysis of 2026 supply-chain threats, including the Axios compromise and the Trivy campaign, details how attackers exploit trust in automation and developer systems. The Axios incident involved a compromised npm maintainer account leading to RAT distribution via a malicious dependency, impacting numerous production environments. The Trivy attack leveraged credentials to inject malicious artifacts into CI automation, release binaries, and container images, resulting in secret exfiltration. Additionally, the Quest KACE System Management Appliance vulnerability (CVE-2025-32975) demonstrates how unpatched legacy infrastructure becomes a supply-chain risk. |
| 2026-05-08 NEW 2026 | DAEMON Tools devs confirm breach release malware-free version news | Writeup of DAEMON Tools supply chain attack confirming trojanized installers for version 12.5.1 (free). Hackers used digitally signed installers to backdoor systems, deploying an information stealer and a lightweight backdoor, with QUIC RAT malware observed in at least one instance. Disc Soft Limited released a malware-free version, 12.6, addressing the vulnerability. → bleepingcomputer.com |
| 2026-05-08 NEW 2026 | Quasar Linux RAT Steals Developer Credentials for Software Supply Chain Compromise intermediate | Library targeting developers' systems with the Quasar Linux RAT (QLNX) implants, a malware designed for credential harvesting from files like .npmrc, .pypirc, and .aws/credentials. QLNX masquerades as a kernel thread, wipes logs, and uses seven persistence methods including systemd and crontab. It features a PAM inline-hook backdoor and a kernel-level eBPF rootkit component to hide processes, files, and network ports, ultimately facilitating software supply chain attacks by compromising publishing pipelines and cloud infrastructure. → thehackernews.com |
| 2026-05-08 NEW 2026 | Kaspersky uncovers targeted DAEMON Tools supply chain attack affecting manufacturing government sectors news | Writeup of a targeted DAEMON Tools supply chain attack where trojanized installers, signed with legitimate developer certificates, deployed backdoors to select government, manufacturing, and scientific organizations. The attack, active since April 8, 2026, used a typosquatted domain and involved sophisticated techniques comparable to the 3CX supply chain incident, highlighting the risks of widely trusted software for attackers. |
| 2026-05-07 NEW 2026 | Supply chain security on alert as M&A targets agent security beginner | Library for mitigating supply chain security risks, particularly those amplified by AI. It addresses threats exemplified by the Axios NPM package tampering and trojanized Daemon Tools installers. The library offers solutions and insights relevant to the increasing M&A activity in agent security, such as Cisco's acquisition of Astrix Security and Palo Alto Networks' acquisition of Portkey. It also provides context for OpenAI's GPT-5.5 Cyber and Anthropic's Mythos, noting their capabilities in vulnerability discovery and potential for misuse, alongside Cisco's open-source Model Provenance Kit for AI model verification. |
| 2026-05-07 NEW 2026 | Vendor Says Daemon Tools Supply Chain Attack Contained news | Analysis of the Daemon Tools supply chain attack details how threat actors injected trojanized versions of Daemon Tools Lite (specifically version 12.5.1) released between April 8 and May 5 with code to collect information and deploy backdoors. Disc Soft has since contained the incident, removed compromised files, and released a clean version (12.6.0.2445), advising users to uninstall the affected software and scan their systems. → securityweek.com |
| 2026-05-07 NEW 2026 | Gemini CLI Vulnerability Could Have Led to Code Execution Supply Chain Attack news | Vulnerability analysis of Gemini CLI identified a critical flaw (CVSS 10/10) that could enable supply chain attacks. Exploiting indirect prompts in GitHub issues, attackers could bypass tool allowlists in –yolo mode, leading to arbitrary command execution. This allows for the extraction of secrets, gaining write access to repositories, and pushing malicious code to downstream users. The issue, affecting multiple Google repositories and also impacting headless mode via lax trust, was patched in Gemini CLI version 0.39.1. → securityweek.com |
| 2026-05-07 NEW 2026 | Disc Soft confirms DAEMON Tools Lite supply chain attack exposed thousands of systems worldwide news | Disc Soft has confirmed a supply chain attack targeting DAEMON Tools Lite, a popular disk imaging software. This attack, which exploited a vulnerability in the software's update mechanism, exposed thousands of systems globally. Attackers were able to distribute malware disguised as legitimate software updates. The exact number of affected users and the potential for further exploitation remain under investigation. No bug bounty payout amount was mentioned. |
| 2026-05-06 NEW 2026 | DAEMON Tools installers compromised in new supply chain attack news | Library for analyzing supply chain attacks, this entry details a compromise of DAEMON Tools installers. Attackers trojanized DTHelper.exe, DiscSoftBusServiceLite.exe, and DTShellHlp.exe, distributing malicious payloads signed with valid certificates. The implant communicates with env-check.daemontools[.]cc to download and execute further payloads like envchk.exe and cdg.exe, enabling a minimalist backdoor for remote command execution. The attack, active since April 8, 2026, targeted organizations in Russia, Belarus, and Thailand, with QUIC RAT observed against a Russian educational institution. → scworld.com |
| 2026-05-06 NEW 2026 | Remember DAEMON Tools? It Was Hacked to Serve Windows Malware news | Writeup on the DAEMON Tools supply chain attack, detailing how a hacker compromised versions 12.5.0.2421 through 12.5.0.2434 distributed from daemon-tools.cc. The attack involved injecting backdoors into installers, impacting thousands of users globally across various sectors, including retail, scientific, and government organizations, with evidence pointing to a Chinese-speaking threat actor. |
| 2026-05-06 NEW 2026 | Invisible Supply Chain Attack Risks and Trusted Access beginner | Invisible supply chain attacks pose significant risks, often exploiting trusted relationships between software components. These attacks can be difficult to detect as they don't necessarily involve direct system compromises but rather subtle manipulations within the development or distribution pipeline. Establishing and maintaining trusted access controls is crucial to mitigate these threats. This involves rigorous verification of software sources, secure coding practices, and robust monitoring throughout the supply chain. The article likely details strategies for identifying and defending against these insidious threats by focusing on the integrity and trustworthiness of every link in the software supply chain. |
| 2026-05-06 NEW 2026 | Malware Brief: Air gaps breached CPUs hijacked and supplychain chaos news | Analysis of APT37's Ruby Jumper, FAUX#ELEVATE cryptominer, and CanisterWorm supply-chain malware reveals attackers targeting air-gapped systems via removable media and cloud services, distributing illicit Monero miners through weaponized résumés, and automating propagation across open-source packages and CI/CD pipelines. These threats exploit assumed trust in isolation models, business workflows, and software supply chains, reducing defender reaction time and increasing blast radius. |
| 2026-05-06 NEW 2026 | Critical DAEMON Tools Supply Chain Attack: Malware-Compromised Windows Installers Threaten Organizations and Home Users (Versions 12.5.0.242112.5.0.2434) news | Writeup detailing a critical supply chain attack on DAEMON Tools Windows installers (versions 12.5.0.2421-12.5.0.2434), which distributed malware via trojanized executables signed with a legitimate AVB Disc Soft certificate. The malware, including an info-gatherer, backdoor, and QUIC RAT, exfiltrates system data and deploys advanced implants to targeted organizations and home users, leveraging MITRE ATT&CK techniques like T1195.002 (Supply Chain Compromise) and T1553.002 (Code Signing). → rescana.com |
| 2026-05-06 NEW 2026 | Video game supply chain attack Bleeding Llama US gets early LLM access news | The provided content is a title and a link, with no descriptive text. Therefore, it's impossible to summarize it beyond stating its title: "Video game supply chain attack Bleeding Llama US gets early LLM access". No bug bounty payout amounts are mentioned. |
| 2026-05-06 NEW 2026 | Attackers compromised Daemon Tools software to deliver backdoors news | Analysis of a supply chain attack where attackers compromised Daemon Tools, a popular Windows utility, to deliver backdoors. Signed, trojanized installers served from the official website (versions 12.5.0.2421-12.5.0.2434) downloaded a .NET information collector. This collector gathered system details for targeted deployment of payloads like a minimalistic backdoor and QUIC RAT, capable of injecting into legitimate processes. The attack leveraged legitimate digital certificates, making malicious binaries appear trustworthy. → helpnetsecurity.com |
| 2026-05-06 NEW 2026 | Hackers compromise Daemon Tools in global supply-chain attack researchers say news | Library installers for Daemon Tools were compromised in a global supply-chain attack, impacting users in over 100 countries. Attackers embedded backdoors, including Quic RAT, into versions 12.5.0.2421 through 12.5.0.2434 of the free Daemon Tools Lite, observed since early April. The campaign appears targeted, with initial data collectors deployed broadly and more advanced payloads reserved for specific organizations. Disc Soft has addressed the issue, recommending users update to the latest version. |
| 2026-05-06 NEW 2026 | Daemon Tools Hit by Suspected Chinese Supply Chain Attack Kaspersky Says news | Kaspersky reports that Daemon Tools, a popular file management software, has been targeted in a suspected Chinese supply chain attack. The attackers reportedly injected malicious code into the software's update mechanism, allowing them to gain access to user systems. Further details on the scope of the compromise and any specific payout amounts were not provided in this content. |
| 2026-05-06 NEW 2026 | Sophisticated Quasar Linux RAT Campaign Targets Software Developers in Supply Chain Attacks news | Analysis of the Quasar Linux RAT (QLNX) campaign targeting software developers via supply chain attacks. This sophisticated Linux-based malware aims to steal credentials, maintain remote access, and facilitate large-scale supply chain compromises. The campaign is linked to trojanized software installers, including compromised Daemon Tools, distributing backdoors globally. Attackers use staged deployment, selectively targeting high-value organizations after initial broad infection, with potential cyberespionage motives. Compromising developer environments grants access to source code, signing keys, and CI/CD pipelines, enabling downstream attacks. → cxodigitalpulse.com |
| 2026-05-06 NEW 2026 | QLNX Threat Actors Steal Developer Credentials For Supply Chain Attacks news | QLNX threat actors are targeting software developers to steal their credentials. The objective is to gain access to code repositories and potentially inject malicious code into the software supply chain. This allows them to compromise downstream users and organizations that integrate the affected software. The attackers aim to conduct sophisticated supply chain attacks by leveraging compromised developer accounts. → cyberpress.org |
| 2026-05-06 NEW 2026 | Sophisticated Quasar Linux RAT Targets Software Developers news | Analysis of Quasar Linux (QLNX), a sophisticated backdoor targeting software developers. QLNX employs a modular architecture with rootkit capabilities, detection evasion, and multiple persistence methods including crontab, desktop entries, init scripts, service files, and shell lines. It focuses on stealing developer credentials for AWS, Kubernetes, Docker Hub, Git, NPM, and PyPI, enabling attackers to compromise publishing pipelines and pivot to cloud environments. The RAT uses a PAM backdoor and an eBPF rootkit to conceal its presence at both userspace and kernel levels, while supporting 58 commands for comprehensive system control and information harvesting. → securityweek.com |
| 2026-05-06 NEW 2026 | DAEMON TOOLS supply chain attack ongoing since April thousands affected news | Library containing information on the DAEMON Tools supply chain attack, which began in April 2026. Attackers compromised legitimate installers and signed binaries with valid certificates, embedding backdoors into components like DTHelper.exe and DiscSoftBusServiceLite.exe. The campaign delivered information-stealing payloads, and in some cases, advanced implants like QUIC RAT, targeting government, manufacturing, scientific research, and retail sectors across over 100 countries. Kaspersky detects malicious activity including suspicious PowerShell downloads and code injection. |
| 2026-05-06 NEW 2026 | Android Apps Get Public Verification System to Stop Supply Chain Attacks beginner | Android is launching a new public verification system to combat supply chain attacks targeting apps. This system will allow developers to publicly attest to the integrity of their app's source code, build environment, and signing keys. By making this information publicly verifiable, Android aims to increase transparency and trust in the app development process, making it harder for malicious actors to inject compromised code into legitimate applications. This initiative seeks to bolster the security of the Android app ecosystem. → thehackernews.com |
| 2026-05-06 NEW 2026 | Government Scientific Entities Hit via Daemon Tools Supply Chain Attack news | Library containing injected code in Daemon Tools versions 12.5.0.2421 through 12.5.0.2434 has been identified as part of a supply chain attack affecting government, scientific, and other organizations. The compromised binaries, including DTHelper.exe, DiscSoftBusServiceLite.exe, and DTShellHlp.exe, activate a backdoor that fetches and executes payloads, with targeted deployments of information collectors and the QUIC RAT observed. → securityweek.com |
| 2026-05-06 NEW 2026 | Kaspersky Links Suspected Chinese Hackers to Backdoor Planted in Daemon Tools Supply Chain Attack news | Analysis of a Daemon Tools supply chain attack, attributed to a Chinese-speaking threat actor, where malicious backdoors were implanted in official installers via compromised digital certificates. This sophisticated operation, affecting versions 12.5.0.2421 onward since April 8, 2026, leveraged Daemon Tools' elevated permissions to establish deep system persistence and deploy remote-control malware, resulting in thousands of global infection attempts targeting various sectors including government and industrial operations. → cxodigitalpulse.com |
| 2026-05-06 NEW 2026 | Extremely targeted supply chain attack hits DAEMON Tools news | Library for detecting and analyzing supply chain attacks, exemplified by the compromise of DAEMON Tools installers, which included a backdoor and a second-stage QUIC RAT payload. This incident, similar to past attacks on Notepad++ and CCleaner, highlights the targeting of high-value systems by Chinese-speaking threat actors for espionage. The library helps in identifying system data collection, remote server uploads, and targeted second-stage payload deployment. |
| 2026-05-06 NEW 2026 | North Korean hackers trojanize gaming platform to spy on ethnic Koreans in China news | Analysis of ScarCruft's supply chain attack targeting ethnic Koreans in China. North Korean threat actors trojanized the sqgame gaming platform, distributing backdoored Windows and Android software. The Windows variant utilized a patched mono.dll to deliver the RokRAT backdoor and BirdCall implant, while Android versions repackaged games with malicious code to exfiltrate data, targeting HWP files specifically. C2 communication leveraged Zoho WorkDrive accounts. → helpnetsecurity.com |
| 2026-05-06 NEW 2026 | Supply-Chain Attacks in an Era of Automation and Implicit Trust beginner | Library detailing software supply-chain attacks in 2026, focusing on how attackers abuse trusted automation and identity. It examines incidents like the Axios compromise and Trivy campaign, where compromised package maintainers and CI/CD automation led to widespread malicious dependencies and credential exfiltration. The resource also highlights the exploitation of legacy management systems, such as Quest KACE using CVE-2025-32975, emphasizing how attackers leverage inherent trust in these tools to gain entry. |
| 2026-05-05 NEW 2026 | Bootstrap script exposes PyPI to domain takeover attacks news Python | Library exposing PyPI packages to domain takeover vulnerabilities, discovered in legacy bootstrap scripts for tools like zc.buildout and older Python packaging utilities. These scripts, when executed, attempt to download and install the `distribute` package from `python-distribute[.]org`, a domain now available for sale. This vulnerability affects numerous popular packages, including `tornado` and `slapos.core`, potentially allowing attackers to compromise systems by controlling the abandoned domain and serving malicious code. → reversinglabs.com |
| 2026-05-05 NEW 2026 | Progress Software warns of critical MOVEit Automation vulnerability news | Advisory regarding CVE-2026-4670, a critical authentication bypass vulnerability in Progress Software's MOVEit Automation, enabling unauthenticated remote access. The alert also addresses CVE-2026-5174, a high-severity privilege escalation flaw. Over 1,400 instances are exposed online, with potential impact on government agencies. While no exploitation is reported yet, previous MOVEit vulnerabilities have been widely exploited by groups like Clop. → scworld.com |
| 2026-05-05 NEW 2026 | Supply-chain attacks take aim at your AI coding agents news AI | Library for defending against AI coding agent supply-chain attacks. This library addresses the threat of malicious packages, like those used by North Korea's Famous Chollima APT in the PromptMink campaign, which leverage LLM Optimization and knowledge injection to trick autonomous coding agents into incorporating compromised dependencies. It also targets "slopsquatting," where agents hallucinate package names, making them vulnerable to similarly named malicious replacements. → csoonline.com |
| 2026-05-05 NEW 2026 | DAEMON Tools Breach Used to Spread Malware in Supply Chain Attack news | A supply chain attack exploited a breach in DAEMON Tools, a popular disk imaging software. Threat actors injected malware into legitimate DAEMON Tools updates, distributing it to its user base. This allowed them to gain a foothold on compromised systems, potentially for further malicious activities such as stealing sensitive data or launching additional attacks. The exact payout amount is not specified in the provided content. → cyberpress.org |
| 2026-05-05 NEW 2026 | Widely used Daemon Tools disk app backdoored in monthlong supply-chain attack news | Writeup on the Daemon Tools supply-chain attack, detailing a monthlong compromise where malicious updates signed with official certificates infected versions 12.5.0.2421 through 12.5.0.2434. The malware, discovered by Kaspersky, exfiltrates system information and delivers follow-on payloads to select targets. This incident mirrors previous supply-chain attacks like CCleaner (2017), SolarWinds (2020), and 3CX (2023), highlighting the difficulty in defending against sophisticated, officially distributed compromises. |
| 2026-05-05 NEW 2026 | Kaspersky suspects Chinese hackers planted a backdoor into Daemon Tools in 'widespread' attack news | Writeup on a widespread supply chain attack where Chinese-linked hackers planted a backdoor in Daemon Tools, targeting thousands of Windows computers. This backdoor allowed the attackers to deploy additional malware on systems in the retail, scientific, manufacturing, and government sectors in Russia, Belarus, and Thailand. The attack, detected April 8th, remains active and highlights the growing trend of compromising popular software to distribute malicious code. → techcrunch.com |
| 2026-05-05 NEW 2026 | DAEMON Tools trojanized in supply-chain attack to deploy backdoor news | Writeup detailing a supply-chain attack that trojanized DAEMON Tools installers, versions 12.5.0.2421 through 12.5.0.2434, delivering a backdoor to thousands of systems globally since April 8. The attack compromised DTHelper.exe, DiscSoftBusServiceLite.exe, and DTShellHlp.exe, leading to initial infections and targeted deployments of a lightweight backdoor and, in one instance, the QUIC RAT, to high-value targets in retail, scientific, government, and manufacturing sectors across Russia, Belarus, and Thailand. → bleepingcomputer.com |
| 2026-05-05 NEW 2026 | Quasar Linux (QLNX) A Silent Foothold in the Supply Chain: Inside a Full-Featured Linux RAT With Rootkit PAM Backdoor Credential Harvesting Capabilities intermediate | Library for analyzing Quasar Linux (QLNX), a sophisticated Linux RAT with low detection rates, featuring a rootkit, PAM backdoor, and credential harvesting capabilities. QLNX targets developers and DevOps credentials in the software supply chain, extracting secrets from files like .npmrc, .pypirc, and .aws/credentials. It uses dynamic compilation of PAM modules and LD_PRELOAD rootkits, and employs P2P mesh networking for resilience, making eradication difficult. → trendmicro.com |
| 2026-05-05 NEW 2026 | New ScarCruft Supply Chain Attack Hits Gaming Platform With Windows and Android Backdoors news | ScarCruft, a sophisticated threat group, has launched a new supply chain attack targeting a gaming platform. This attack delivers backdoors for both Windows and Android devices. The attackers exploit vulnerabilities to compromise the platform and subsequently infect its users. The specific gaming platform and the extent of the compromise are not detailed in the provided title and link. This incident highlights the ongoing threat of supply chain attacks and the need for robust security measures in the gaming industry. → cybersecuritynews.com |
| 2026-05-05 NEW 2026 | A rigged game: ScarCruft compromises gaming platform in a supply-chain attack news | Library by ESET researchers detailing a ScarCruft supply-chain attack targeting a gaming platform used by ethnic Koreans in China. The Windows client was compromised via a trojanized update containing the RokRAT backdoor, which deployed the BirdCall backdoor. Android games on the platform were also trojanized with an Android version of BirdCall, a new tool for ScarCruft, capable of espionage including data exfiltration, screenshots, and audio recording. |
| 2026-05-05 NEW 2026 | Supply chain attacks now make the budget case CISOs never could news | Perspective on supply chain attacks illustrating the budget case for application security. The piece highlights TeamPCP's exploitation of tools like Trivy, Checkmarx, and the LiteLLM library, leading to significant breaches impacting over 23,000 repositories and a $1.4 billion hack. It emphasizes the costly consequences of compromised pipelines, where attackers operate with internal permissions, and suggests mitigation strategies such as runtime monitoring, short-lived credential management, and integrity verification. → scworld.com |
| 2026-05-05 NEW 2026 | DAEMON Tools Supply Chain Attack Compromises Official Installers with Malware news | DAEMON Tools, a popular disk imaging software, has been targeted in a supply chain attack. Malicious code was injected into official DAEMON Tools installers distributed via the company's website. This malware infected users' systems upon installation, posing a significant security risk. The extent of the compromise and the specific type of malware used are still under investigation. → thehackernews.com |
| 2026-05-05 NEW 2026 | Kaspersky identifies ongoing supply chain attack on official Daemon Tools website distributing backdoor malware news | Analysis of a supply chain attack targeting Daemon Tools, which distributed backdoor malware via compromised installers disguised with valid digital certificates. The attack, affecting versions 12.5.0.2421 and later, granted threat actors arbitrary command execution and remote control capabilities by leveraging the software's elevated system privileges. Some targeted organizations also saw manual deployment of additional payloads like shellcode injectors and unknown RATs, with Chinese-language artifacts observed. |
| 2026-05-05 NEW 2026 | DAEMON Tools Software Hacked to Deliver Malware in a Supply Chain Attack news | This article reports a supply chain attack where DAEMON Tools software was compromised to distribute malware. Attackers injected malicious code into the software's update mechanism, potentially affecting users who downloaded or updated DAEMON Tools. This highlights the vulnerability of software supply chains and the importance of robust security measures to prevent malicious actors from compromising legitimate software distribution channels and distributing malware to unsuspecting users. → cybersecuritynews.com |
| 2026-05-05 NEW 2026 | Supply chain attack via DAEMON Tools news | Writeup detailing a supply chain attack via DAEMON Tools, where attackers injected malicious code into installers for versions 12.5.0.2421 through 12.5.0.2434, specifically compromising DTHelper.exe, DiscSoftBusServiceLite.exe, and DTShellHlp.exe. This compromise led to the deployment of information gatherers, a backdoor, and the QUIC RAT implant, targeting thousands of users globally since April 8, 2026. |
| 2026-05-05 NEW 2026 | 8.3M Downloads Compromised: Lightning & Intercom-Client Infected in Latest Shai-Hulud Attack news | Library update: The Python package `Lightning` (versions 2.6.2, 2.6.3) and the NPM package `intercom-client` (version 7.0.4) have been compromised by a Shai-Hulud supply chain attack, stealing credentials and API keys. Affected users should rotate keys, enable 2FA, and revert `Lightning` to version 2.6.1 or lower. The malware, a Node/Bun tool, collects secrets from the environment and exfiltrates them to an obfuscated host, while also using compromised npm tokens to download, patch, and republish trojanized packages. Over 1,800 repositories with stolen developer credentials were identified on GitHub. → ox.security |
| 2026-05-05 NEW 2026 | Popular Daemon Tools utility exploited in supply chain attack news | Writeup on the Daemon Tools supply chain attack, where trojanized installers from the official vendor website delivered a backdoor. The attack affected versions 12.5.0.2421 through 12.5.0.2434, tampering with DTHelper.exe, DiscSoftBusServiceLite.exe, and DTShellHlp.exe to establish a persistent foothold. Command-and-control communications utilized a typosquatting domain and sophisticated implants like QUIC RAT, supporting multiple protocols. This incident mirrors the 3CX attack and highlights the growing threat of supply chain compromises. → techzine.eu |
| 2026-05-05 NEW 2026 | Trellix Reveals Unauthorized Access to Source Code news | Writeup of Trellix source code breach, highlighting how unauthorized access to security vendor code provides attackers with a roadmap to controls and detections. This incident, linked to a pattern of targeting security vendors and software supply chains, underscores the risks associated with CI/CD gaps and overtrusted build workflows, echoing recent compromises like the Trivy software supply chain attack. → infosecurity-magazine.com |
| 2026-05-05 NEW 2026 | pnpm 11 Enables Default Release-Age Guard to Curb npm Supply Chain Attacks intermediate | pnpm version 11 introduces a default release-age guard to mitigate npm supply chain attacks. This new feature aims to enhance security by preventing the installation of packages that haven't been released for a minimum period. The update focuses on bolstering defenses against potential vulnerabilities introduced through the npm ecosystem, promoting a safer development environment. → gbhackers.com |
| 2026-05-04 2026 | Local Guardrails for Secrets Security in the Age of AI Coding Assistants intermediate AI Secrets | Library for local secrets security, ggshield, by GitGuardian, helps protect developer workstations from credential theft in the age of AI coding assistants. This tool scans project workspaces, dotfiles, build output, and agent folders for exposed secrets, addressing the shift in attack surface towards developer environments. It aims to provide earlier checkpoints than traditional supply chain controls, catching issues while developers are still editing files rather than after they reach remote repositories. → blog.gitguardian.com |
| 2026-05-04 2026 | Cybercriminals Abuse Tanstack Package To Target Developer Environments news | Cybercriminals are exploiting the Tanstack package, a popular JavaScript library, to target developer environments. Attackers are using malicious code within the package to compromise developers' machines and potentially steal sensitive information or gain unauthorized access. This exploit highlights the risks associated with supply chain attacks, where vulnerabilities in legitimate software components can be leveraged for malicious purposes. Developers are advised to exercise caution and ensure their dependencies are up-to-date and from trusted sources. → cyberpress.org |
| 2026-05-04 2026 | Tenable finds GitHub workflow flaw in Microsoft repo news | Tenable finds GitHub workflow flaw in Microsoft repo https://ift.tt/vVHJKMm |
| 2026-05-04 2026 | Tenable finds GitHub workflow flaw in Microsoft repo news | Tenable researchers discovered a critical vulnerability in a GitHub Actions workflow within a Microsoft repository. This flaw, if exploited, could have allowed for the potential compromise of code and sensitive information. Microsoft has since addressed the vulnerability, and Tenable has published details about the issue. No specific bounty payout amount was mentioned in the provided content. |
| 2026-05-02 2026 | Over 1800 Developers Impacted in Mini Shai-Hulud Supply Chain Attack Targeting SAP Lightning and Intercom news | Writeup of the Mini Shai-Hulud supply chain attack impacting over 1,800 developers through compromised SAP npm packages, the Lightning Python library (versions 2.6.2, 2.6.3), and Intercom integrations (intercom-client versions 7.0.4, 7.0.5; intercom-php). Attributed to TeamPCP, the attack steals credentials and API keys, exfiltrating them to public GitHub repositories and scanning for cloud environments and HashiCorp Vault secrets, evolving from earlier Shai-Hulud campaigns. → cxodigitalpulse.com |
| 2026-05-02 2026 | Shai-Hulud Hits SAP: Stolen Credentials Found in 1200 GitHub Repos news Secrets | Tool: Shai-Hulud worm variant, a Bun-based stealer, targets SAP npm packages, exfiltrating credentials, tokens, and cloud configurations. It uploads stolen data encrypted to over 1,200 public GitHub repositories, identifiable by the string "A Mini Shai-Hulud has Appeared." The malware attempts to steal secrets from developer machines, GitHub Actions environments, and cloud platforms like AWS, Azure, and GCP. Over 2.2 million monthly downloads are affected, with immediate actions including key rotation and upgrading affected packages. → ox.security |
| 2026-05-01 2026 | New software supply chain attack uses sleeper packages for credential theft and CI tampering news Secrets | Library providing insights into a new software supply chain attack campaign that uses sleeper packages, specifically malicious Ruby gems and Go modules, for credential theft and CI tampering. The attack, attributed to "BufferZoneCorp," leverages init functions within these modules to steal environment variables, SSH keys, and configuration secrets, exfiltrate data, tamper with GitHub Actions, and establish SSH persistence by adding attacker-controlled public keys. Developers are advised to remove suspicious packages and review systems for unauthorized changes. → scworld.com |
| 2026-05-01 2026 | 1800 Hit in Mini Shai-Hulud Attack on SAP Lightning Intercom news | Writeup of the Mini Shai-Hulud supply chain attack, impacting over 1,800 developers across PyPi, NPM, and PHP ecosystems. TeamPCP's campaign injected malicious versions of SAP NPM packages, the Lightning PyPi package, and the intercom-client NPM package with information-stealing malware. The payload, disguised with the description "A Mini Shai-Hulud has Appeared," exfiltrates credentials, keys, and tokens, targeting Kubernetes environments and HashiCorp Vault secrets, utilizing GitHub commits for C&C commands. → securityweek.com |
| 2026-05-01 2026 | Supply chain attack against SAP npm packages facilitates credential theft news Secrets | Library of npm packages, including `@cap-js/db-service`, `@cap-js/postgres`, and `@cap-js/sqlite`, were found to contain credential stealers. These malicious packages, deprecated from the npm repository, utilized pre-install scripts to exfiltrate developer credentials, tokens for GitHub and npm, GitHub Actions secrets, and cloud secrets for AWS, Azure, GCP, and Kubernetes. Researchers noted similarities to previous attacks and observed a departure from earlier methods, including AES-256-CGM encryption and self-commits to accessible GitHub repositories. → scworld.com |
| 2026-05-01 2026 | SAP Faces Twin Headwinds: A Supply Chain Attack and a Bruised Share Price news | Analysis of a sophisticated supply chain attack on SAP, where hackers compromised npm packages like the Cloud Application Programming Model and Cloud MTA Build Tool, injecting malicious scripts to steal credentials and security keys. This incident, coupled with a cautious market outlook, has led to a significant drop in SAP's share price, despite strong cloud business performance. The attack highlights the pervasive risk of open-source software infiltration, impacting investor confidence. |
| 2026-05-01 2026 | Open-source registries hit by 'Mini Shai-Hulud' supply chain attacks news | Open-source registries are facing a new threat from "Mini Shai-Hulud" supply chain attacks. These attacks exploit vulnerabilities in the software development lifecycle to compromise trusted packages and distribute malicious code to users. The article highlights the growing danger of such attacks, emphasizing the need for enhanced security measures within open-source ecosystems to protect developers and end-users from compromised software. Specific payout amounts were not mentioned in the provided content. |
| 2026-05-01 2026 | Poisoning the well: AI supply chain attacks on Hugging Face and OpenClaw news AI | Library of malicious AI skills targeting Hugging Face and ClawHub for malware delivery, including trojans, cryptominers, and AMOS stealer, leveraging indirect prompt injection and social engineering to execute encoded commands and hidden dependencies, expanding attack chains beyond initial user compromise. |
| 2026-05-01 2026 | Huntress Highlights Role in Analyzing High-Impact npm Supply Chain Attack news | Huntress played a crucial role in analyzing a significant npm supply chain attack. This attack targeted popular npm packages, demonstrating a sophisticated method of compromising software dependencies. Huntress's analysis provided critical insights into the attack's mechanics and impact, helping the security community understand and respond to this threat. The incident underscores the ongoing risks associated with software supply chains and the importance of robust security measures for package managers like npm. → tipranks.com |
| 2026-05-01 2026 | Poisoned Ruby Gems and Go Modules Exploit CI Pipelines for Credential Theft news | Attackers are exploiting vulnerabilities in Ruby Gems and Go Modules to compromise CI/CD pipelines and steal credentials. Malicious packages are disguised as legitimate dependencies, and once incorporated into a project's build process, they can execute arbitrary code. This allows attackers to access sensitive information like API keys and passwords stored within the CI environment. Organizations using these package managers should diligently audit their dependencies and implement robust security measures to prevent such attacks. → thehackernews.com |
| 2026-05-01 2026 | Supply Chain Attack Targets GitHub Actions via Malicious Ruby Gems and Go Modules news | A supply chain attack has been discovered targeting GitHub Actions. Threat actors are injecting malicious Ruby gems and Go modules into the software development pipeline. These compromised dependencies can potentially execute arbitrary code on developer machines and within CI/CD environments. The attack highlights the vulnerability of open-source ecosystems and the importance of robust security measures for supply chain integrity. Further details are available at the provided link. → cyberpress.org |
| 2026-05-01 2026 | Kaspersky reveals a 37% increase in malicious packages compromising software supply chains news | Survey of a 37% increase in malicious packages compromising software supply chains, detailing incidents involving CPU-Z, HWMonitor, Axios (versions 1.14.1 and 0.30.4), and Notepad++, with Kaspersky GReAT analysis linking some attacks to Bluenoroff's GhostCall and GhostHire campaigns. The report emphasizes the growing threat to businesses and recommends solutions like Kaspersky Open Source Software Threats Data Feed and XDR/MXDR for monitoring and threat detection. |
| 2026-05-01 2026 | Ruby Gems and Go Modules Used in Campaign Targeting GitHub Actions news | Attackers are exploiting Ruby Gems and Go Modules to compromise GitHub Actions. Malicious code, disguised as legitimate dependencies, is being injected into projects. When developers pull these compromised packages, their GitHub Actions workflows can be taken over. This allows attackers to execute arbitrary code, steal secrets, and potentially gain access to sensitive information or further compromise infrastructure. The campaign highlights the risks associated with supply chain attacks on software development pipelines. → gbhackers.com |
| 2026-05-01 2026 | The never-ending supply chain attacks worm into SAP npm packages other dev tools news | Survey of supply chain attacks targeting SAP npm packages, highlighting vulnerabilities within development tools. The article touches upon AI agents as potential attack vectors and the broader challenges in securing development environments and managing hardware lead times. It also mentions incidents like the "Ralph Wiggum" loop impacting Claude and the economic pressures on open-source registries to implement basic security measures. → theregister.com |
| 2026-04-30 2026 | SAP npm Supply Chain Attack Targets Developer Credentials news | Writeup of an SAP npm supply chain attack, TeamPCP group leveraging compromised @cap-js/sqlite, @cap-js/postgres, @cap-js/db-service, and mbt packages to steal developer credentials and secrets including GitHub, npm, AWS, Azure, GCP, and Kubernetes tokens via npm's preinstall script functionality and Bun JavaScript runtime. → esecurityplanet.com |
| 2026-04-30 2026 | TeamPCP Hits SAP Packages With 'Mini Shai-Hulud' Attack news | TeamPCP has developed a new attack targeting SAP applications called "Mini Shai-Hulud." This sophisticated threat leverages multiple vulnerabilities to bypass security controls and achieve remote code execution. The attack appears to be highly effective, capable of compromising SAP NetWeaver Application Server Java components. Further details on the exploit's mechanics and impact are available via the provided link. No specific bounty payout amounts were mentioned. → darkreading.com |
| 2026-04-30 2026 | SAP NPM Packages Targeted in Supply Chain Attack news | Library of compromised SAP NPM packages, including npm mbt 1.2.48, npm @cap-js/db-service 2.10.1, npm @cap-js/postgres 2.2.2, and npm @cap-js/sqlite 2.2.2, were found to contain malicious code as part of the Mini Shai-Hulud supply chain attack. The injected preinstall script acted as a bootstrapper, fetching and executing a Bun binary that stole local credentials, GitHub/NPM tokens, and cloud secrets. The malware exfiltrated data to GitHub repositories with a specific description and included a propagation mechanism, targeting SAP CAP and Business Technology Platform workflows. The incident is attributed to TeamPCP, leveraging a shared RSA public key for encryption. → securityweek.com |
| 2026-04-30 2026 | Google's fix for critical Gemini CLI bug might break your CI/CD pipelines news RCE | Writeup on a critical Gemini CLI bug fix from Google that may negatively impact CI/CD pipelines. The article discusses the implications of securing untrusted agentic development layers and the challenges of AI agents consuming significant API tokens. → theregister.com |
| 2026-04-30 2026 | Mini Shai-Hulud Targets SAP npm Packages With a Bun-Based Secret Stealer news | Library detailing "Mini Shai-Hulud," a Bun-based secret stealer targeting SAP npm packages like `@cap-js/sqlite`, `@cap-js/postgres`, `@cap-js/db-service`, and `mbt`. The malware uses a `preinstall` script to download and execute a credential stealer, harvesting GitHub tokens, npm tokens, cloud secrets from AWS, Azure, GCP, and Kubernetes, and exfiltrating encrypted results via public GitHub repositories. It propagates by injecting malicious code into other packages and commits. → aikido.dev |
| 2026-04-30 2026 | PyTorch Lightning Compromised in PyPI Supply Chain Attack to Steal Credentials news | Library compromised in a PyPI supply chain attack, pushing malicious versions 2.6.2 and 2.6.3 of PyTorch Lightning, leading to credential theft. The attack leveraged a hidden downloader and obfuscated JavaScript payload, executed automatically upon import, to harvest GitHub tokens, cloud credentials, and other secrets, with propagation techniques extending to npm packages. This incident is linked to the broader Mini Shai-Hulud campaign and threat actor TeamPCP. → thehackernews.com |
| 2026-04-30 2026 | Critical Gemini CLI Flaw Enabled Host Code Execution Supply Chain Attacks news RCE | Writeup of the Gemini CLI vulnerability, CVE-XXXX-XXXX, detailing how a flaw in the AI agent's handling of workspace configurations allowed for host code execution. Researchers at Novee Security discovered that Gemini CLI would load agent configurations without sandboxing or review, enabling attackers to inject malicious commands. This could lead to supply chain attacks within CI/CD pipelines, allowing unauthorized access to secrets and credentials, as demonstrated by a similar hijacking vulnerability affecting other AI agents like Claude and GitHub Copilot. → securityweek.com |
| 2026-04-30 2026 | Kaspersky Reports 37% Surge in Malicious Packages Targeting Global Software Supply Chains news | Survey of supply chain attacks, detailing a 37% surge in malicious packages targeting open-source projects by late 2025. Kaspersky GReAT research highlights compromised software like CPU-Z, HWMonitor, Axios (v1.14.1, 0.30.4), and Notepad++, noting shared tactics with Bluenoroff campaigns. The analysis emphasizes the need for monitoring open-source components, continuous infrastructure oversight via solutions like Kaspersky Next, and proactive incident response planning to mitigate these escalating threats. |
| 2026-04-30 2026 | Fake TanStack npm Package Exfiltrates Sensitive Developer Data news | A malicious npm package mimicking the popular TanStack libraries has been discovered. This fake package is designed to steal sensitive developer data, including environment variables, SSH keys, and other confidential information, from users who unknowingly install it. The compromise highlights the ongoing threat of supply chain attacks within the developer ecosystem, urging caution when installing third-party packages. No bounty payout amount is mentioned in the provided content. → cyberpress.org |
| 2026-04-30 2026 | Huntress Highlights Analysis of axios npm Supply-Chain Attack news | Huntress Highlights Analysis of axios npm Supply-Chain Attack https://ift.tt/UZ8qry3 → tipranks.com |
| 2026-04-30 2026 | Shai-Hulud Worm Exposure Underscores Rising Software Supply Chain Risk news | The Shai-Hulud worm's exposure highlights growing software supply chain risks. This worm targeted specific vulnerable applications, showcasing how compromised components can spread malicious code throughout development pipelines. Its success emphasizes the critical need for robust security measures within the software supply chain, from development to deployment. Organizations must prioritize better visibility and control over their dependencies to mitigate such threats and prevent widespread damage. → tipranks.com |
| 2026-04-29 2026 | Supply Chain Campaign Targets SAP npm Packages with Credential-Stealing Malware news Secrets | Library for detecting the "Mini Shai Hulud" supply chain attack, which compromises SAP npm packages like `@cap-js/sqlite` and `@cap-js/postgres` using malicious preinstall scripts. The malware harvests developer and CI/CD secrets from GitHub, npm, and cloud providers (AWS, Azure, GCP) via multi-stage payloads, exfiltrating data through attacker-controlled GitHub repositories using the GraphQL API. It also attempts to poison GitHub repositories and steal browser credentials, with attribution to TeamPCP based on shared RSA keys and code similarities. → wiz.io |
| 2026-04-29 2026 | Malicious npm Dependency Linked to AI Assisted Commit Targets Crypto Wallets news AI | Library from ReversingLabs detailing the PromptMink campaign, involving the malicious npm dependency `@validate-sdk/v2`. This campaign, attributed to North Korean actor Famous Chollima, utilized AI-assisted commits (reportedly with Anthropic's Claude Opus) and a layered package structure to exfiltrate secrets, steal crypto wallet funds, and establish persistent remote access. The malware evolved from JavaScript to compiled binaries and Rust payloads, targeting both Linux and Windows, and demonstrated an increasing sophistication in leveraging AI development tools for supply chain attacks. → infosecurity-magazine.com |
| 2026-04-29 2026 | GitHub fixes RCE flaw that gave access to millions of private repos news RCE | Writeup on CVE-2026-3854, a critical remote code execution vulnerability in GitHub.com and GitHub Enterprise Server, allowing attackers with push access to gain read/write privileges to private repositories. The flaw stems from insufficient sanitization of user-supplied options during git push operations, enabling arbitrary code execution by chaining injected values. While GitHub.com was patched rapidly, many GitHub Enterprise Server instances remain vulnerable and require immediate upgrades. Wiz researchers discovered the vulnerability, which could have exposed millions of private repositories. → bleepingcomputer.com |
| 2026-04-29 2026 | Checkmarx Confirms Data Stolen in Supply Chain Attack news | Analysis of a supply chain attack targeting Checkmarx's KICS open source project, involving the Trivy supply chain compromise and attributed to TeamPCP. Attackers leveraged hijacked GitHub Action version tags, poisoned OpenVSX plugins, and two GitHub Actions workflows. Subsequently, Lapsus$ also joined in, claiming theft of source code, employee databases, API keys, and credentials, further poisoning a DockerHub KICS image, a GitHub action, and VS Code/Developer Assist extensions, impacting the Bitwarden CLI. → securityweek.com |
| 2026-04-29 2026 | Critical GitHub RCE bug exposed millions of repositories news RCE | Writeup of CVE-2026-3854, a critical command injection vulnerability in GitHub's Git push processing. This flaw, discovered by Wiz researchers and potentially aided by IDA MCP AI tooling, allowed authenticated users to execute arbitrary commands and achieve remote code execution by crafting malicious input within Git push requests. The vulnerability affected GitHub.com and GitHub Enterprise Server, granting access to millions of repositories and full server compromise in self-hosted environments. Patches have been released for affected GitHub Enterprise Server versions. → csoonline.com |
| 2026-04-29 2026 | Cursor AI IDE vulnerability allows code execution via hidden Git hooks news RCE | Writeup of CVE-2026-26268, an arbitrary code execution vulnerability in the Cursor AI IDE. This high-severity flaw, with a CVSS score of 8.1, is triggered when the AI agent processes a malicious Git hook hidden within a nested bare repository. The exploit allows attackers to gain control of a programmer's computer simply by cloning a compromised project, bypassing user interaction by leveraging the AI's autonomous command execution capabilities on untrusted code. Researchers from Novee discovered and reported this issue, which was fixed by Cursor developers in February 2026. → hackread.com |
| 2026-04-29 2026 | Critical GitHub Vulnerability Exposed Millions of Repositories news RCE | Writeup detailing CVE-2026-3854, a critical remote code execution vulnerability in GitHub's internal Git infrastructure. Exploitable via a single git push command by any authenticated user, this flaw impacted GitHub Enterprise Server and GitHub.com, potentially allowing arbitrary command execution on backend servers and access to millions of repositories and internal secrets. Wiz researchers discovered the vulnerability, noting easy exploitation and significant impact on both platforms, though GitHub has since deployed patches. → securityweek.com |
| 2026-04-29 2026 | GitHub.com and Enterprise Server Vulnerability Allows Remote Code Execution news RCE | A critical vulnerability has been discovered in GitHub.com and Enterprise Server that allows for remote code execution. This means attackers could potentially gain control of affected systems without needing physical access or prior authorization. The exact nature of the vulnerability and its exploitability are detailed in the linked advisory. Users are strongly advised to update their GitHub Enterprise Server instances to the latest patched versions to mitigate this security risk. No specific bounty payout amount was mentioned. → gbhackers.com |
| 2026-04-29 2026 | More fake extensions linked to GlassWorm found in Open VSX code marketplace news | Writeup on GlassWorm malware campaign, detailing the discovery of 73 new fake extensions impersonating trusted tools on the Open VSX code marketplace. These extensions, designed to evade detection with benign initial code and bundled native binaries, act as loaders to download the GlassWorm malware. Researchers highlight the systemic security gap in IDE extension management compared to software packages, lacking integrity verification and leading to credential theft. Recommendations include treating extensions as high-risk dependencies, disabling auto-updates, using SCA tools that cover extensions, and implementing strict approval processes. → csoonline.com |
| 2026-04-28 2026 | Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push news RCE | Writeup of CVE-2026-3854, a critical command injection vulnerability in GitHub.com and GitHub Enterprise Server, allowing authenticated users to achieve remote code execution via a single "git push" command. The flaw, discovered by Wiz, stems from unsanitized push option values within internal service headers, enabling attackers to override environment settings, bypass sandboxing, and execute arbitrary commands as the git user, potentially leading to cross-tenant repository exposure. Patches have been released for affected GitHub Enterprise Server versions. → thehackernews.com |
| 2026-04-28 2026 | Critical GitHub.com and Enterprise Server RCE Vulnerability Enables Full Server Compromise news RCE | A critical Remote Code Execution (RCE) vulnerability has been discovered in GitHub.com and GitHub Enterprise Server. This flaw allows for full server compromise. Further details on the exploit and its implications are available via the provided link. No specific payout amount for this vulnerability has been disclosed. → cybersecuritynews.com |
| 2026-04-28 2026 | Securing the git push pipeline: Responding to a critical remote code execution vulnerability intermediate RCE | Writeup on CVE-2026-3854, a critical remote code execution vulnerability in GitHub's git push pipeline. The vulnerability allowed arbitrary command execution on the server by leveraging unsanitized user-supplied push options to inject metadata fields and bypass sandboxing. GitHub patched github.com within hours and released patches for GitHub Enterprise Server, recommending immediate upgrades. The writeup details the exploitation technique, response, and defense-in-depth measures, including the removal of an unnecessary code path. → github.blog |
| 2026-04-28 2026 | Bitwarden CLI Compromise Linked to Ongoing Checkmarx Supply Chain Campaign news | Writeup of the Bitwarden CLI compromise, a supply chain attack orchestrated by the Checkmarx campaign targeting developers. Threat actors compromised version 2026.4.0 by hijacking an npm package and injecting malicious code designed to steal credentials for GitHub, npm, AWS, GCP, Azure, AI tools like Claude Code, and even GitHub Actions secrets. The attack leveraged a GitHub Action within Bitwarden’s CI/CD pipeline, redirecting preinstall scripts to a custom loader that executed an obfuscated JavaScript payload. Stolen data was exfiltrated to a domain impersonating Checkmarx, with valid GitHub tokens used to enumerate and inject malicious workflows into repositories, turning compromised machines into pivot points for broader supply chain attacks. → securityboulevard.com |
| 2026-04-28 2026 | Hugging Face LeRobot Vulnerability Enables Unauthenticated Remote Code Execution Attacks news RCE | A critical vulnerability in Hugging Face's LeRobot library allows unauthenticated attackers to execute arbitrary code on vulnerable systems remotely. This means attackers can gain control of a system without needing any prior access or credentials. The exploit leverages a flaw in the library's handling of specific data formats. Users are urged to update LeRobot immediately to patch this severe security risk. → cyberpress.org |
| 2026-04-28 2026 | Hugging Face LeRobot Flaw Opens Door to Remote Code Execution Attacks news RCE | A vulnerability in Hugging Face's LeRobot library has been discovered, opening the door to remote code execution (RCE) attacks. This flaw could allow malicious actors to execute arbitrary code on vulnerable systems. Further details on the specific impact and affected versions are available via the provided link. No payout amount was specified. → gbhackers.com |
| 2026-04-28 2026 | Critical Cursor bug could turn routine Git into RCE news RCE | Writeup on CVE-2026-26268, a critical vulnerability in the Cursor IDE that allows arbitrary code execution through routine Git operations. Researchers at Novee Security discovered that a malicious repository, containing specially crafted Git hooks within a bare repository, can trigger the IDE's AI agent to execute attacker-controlled code upon operations like `git checkout`. This exploit bypasses traditional security by leveraging standard Git features autonomously executed by the AI. The issue is patched in Cursor version 2.5. → csoonline.com |
| 2026-04-28 2026 | Dozens of Open VSX Extension Clones Linked to GlassWorm Malware news | Analysis of 73 cloned extensions on the Open VSX marketplace reveals a sophisticated GlassWorm malware campaign. These extensions, masquerading as legitimate tools, employ social engineering and Unicode obfuscation to evade detection, stealing GitHub, Git, NPM credentials, and cryptocurrency. The malware's delivery mechanism involves bundled native binaries and remote payload retrieval, a tactic designed to bypass static analysis and compromise users through normal extension updates. → securityweek.com |
| 2026-04-28 2026 | Popular PyPI Package With 1 Million Monthly Downloads Hacked to Inject Malicious Scripts news | A popular Python package, downloaded over a million times monthly, was compromised and used to inject malicious scripts. The attacker reportedly injected malicious code into a new version of the package, which was then published to the Python Package Index (PyPI). This incident highlights a significant security risk for developers relying on third-party libraries. Further details on the exact nature of the malicious scripts and any potential impact are still emerging. → cybersecuritynews.com |
| 2026-04-28 2026 | Malicious Python package poses new supply chain threat news Python | Writeup of elementary-data supply chain attack, detailing how attackers exploited a GitHub Actions vulnerability to steal signing keys and publish a malicious version (0.23.3). This compromised package, downloaded over a million times monthly, exfiltrated user credentials, cloud keys, and API tokens. Users are advised to rotate credentials and remove the malicious version, similar to past incidents involving Nx, TeamPCP, and GlassWorm. → techzine.eu |
| 2026-04-28 2026 | An open-source package with over 1 million monthly downloads has a vulnerability that has been exploited to distribute malware-infected versions and steal user credentials. news Secrets | Writeup of a supply chain attack on Elementary Open Source Python CLI v0.23.3, which was exploited to distribute malware and steal user credentials like API tokens and SSH keys. This incident highlights risks in developer account security and GitHub Actions workflows, impacting a package with over one million monthly downloads. Developers are advised to uninstall the compromised version, clear caches, rotate credentials, and check for malware. |
| 2026-04-27 2026 | Ongoing supply-chain attack 'explicitly targeting' security dev tools news | Library of security and developer tools affected by a sophisticated supply-chain attack. Threat actors, including Lapsus$, have targeted tools like Trivy, KICS, and Checkmarx's GitHub repositories, injecting credential-stealing malware and poisoning Docker images. This campaign also compromised Bitwarden's CLI and exposed sensitive data, including source code and API keys, demonstrating a direct assault on the security ecosystem. → theregister.com |
| 2026-04-27 2026 | Open source package with 1 million monthly downloads stole user credentials news | Library **element-data** version 0.23.3 was compromised, stealing user credentials, cloud provider keys, API tokens, and SSH keys. A threat actor exploited a vulnerability in the developers' GitHub actions workflow to gain access to signing keys and sensitive information, allowing them to publish a malicious package to the Python Package Index and Docker image accounts. Users who installed the compromised version or ran the affected Docker image should assume their credentials may have been exposed. |
| 2026-04-27 2026 | Bitwarden CLI Impersonation Attack Steals Cloud Credentials and Spreads Across npm Supply Chains news | Writeup of the `@bitwarden/cli` npm supply chain attack by TeamPCP, detailing its worm-like propagation across AWS, Azure, and GCP credentials by harvesting secrets from local filesystems, environment variables, and cloud secret managers. The malicious package, version 2026.4.0, impersonated the legitimate Bitwarden CLI and spread to thousands of users before detection, impacting developer workstations and CI/CD pipelines. → paloaltonetworks.com |
| 2026-04-27 2026 | Claude Code is leaking API keys into public package registries news Secrets | Writeup on Claude Code's API key leak, where the AI coding assistant caches approved terminal commands, including credentials passed via environment variables, into a hidden `.claude/settings.local.json` file. This file, if not excluded by `.npmignore` or `package.json` configurations, can be inadvertently published to public registries alongside source code, exposing sensitive data to the software supply chain. Existing secret scanning tools often miss these exposures as they reside within AI tool-specific settings, requiring developers to manually update ignore files and package managers to preview artifacts before publishing. |
| 2026-04-27 2026 | Critical Gemini CLI Flaw Raises Supply Chain Security Concerns news RCE | A critical vulnerability has been discovered in the Gemini CLI, a command-line interface tool widely used for deploying applications on Google Cloud. This flaw could potentially allow attackers to inject malicious code into the build process, posing a significant supply chain security risk. The vulnerability was disclosed by Google, who are working on a fix. Further details on the exact nature of the exploit and potential impact are still emerging, but it highlights the importance of securing development pipelines. No bug bounty payout amount was explicitly stated. → gbhackers.com |
| 2026-04-26 2026 | prompt-security/clawsec: A complete security skill suite for OpenClaw's and NanoClaw agents (and variants). Protect your SOUL.md (etc') with drift detection, live security recommendations, automated audits, and skill integrity verification. All from one installable suite. beginner AI | Library for comprehensive AI agent security, protecting against prompt injection and drift. It offers unified monitoring, integrity verification, and threat intelligence for platforms like OpenClaw, NanoClaw, Hermes, and Picoclaw. Key features include skill installer, file integrity protection with drift detection, live security advisories from NVD CVEs, automated audits for vulnerabilities, and SHA256 checksum verification for artifacts. The suite also supports advisory monitoring and hook-based protection flows, with Python utilities for local skill development and validation. |
| 2026-04-24 2026 | The npm Threat Landscape: Attack Surface and Mitigations beginner | Library detailing the evolving npm threat landscape, focusing on the Shai-Hulud worm and subsequent systematic supply chain compromises. It analyzes significant incidents like the Axios and Bitwarden CLI compromises, highlighting adversarial tactics such as wormable propagation via token theft, CI/CD pipeline persistence, and multi-stage payloads. The library also covers remediation playbooks for credential rotation and dependency purging, and details the technical specifics of obfuscation and execution mechanisms used by malware targeting npm users and distribution channels like Docker Hub and GitHub Actions. → unit42.paloaltonetworks.com |
| 2026-04-24 2026 | Flurry of Supply-Chain Software Library Attacks news | Library security overview detailing recent supply-chain attacks targeting open-source repositories like npm and PyPI. Attackers compromise popular packages, such as LiteLLM, Axios, Xinference, Namastex.ai, Checkmarx KICS, and Bitwarden CLI, injecting malware to steal developer credentials, secrets, and tokens. These poisoned packages, distributed via automated CI pipelines, can spread rapidly through software dependencies, highlighting the fragility of current development practices. |
| 2026-04-24 2026 | Flurry of Supply-Chain Software Library Attacks news | Library attacks targeting npm and PyPI repositories have surged, compromising open-source projects like LiteLLM, Axios, Xinference, Namastex.ai, Checkmarx KICS, and Bitwarden CLI. Attackers inject data-stealing malware and worms, such as Shai-Hulud, into popular packages, which are then automatically merged into downstream projects via CI/CD pipelines. These compromises aim to steal developer credentials, cloud secrets, and spread laterally to other repositories, highlighting the fragility of software supply chains. |
| 2026-04-24 2026 | Checkmarx supply chain hack impacts Bitwarden CLI news | A supply chain hack, originating from Checkmarx, has impacted the Bitwarden command-line interface (CLI). This incident involved the compromise of a Bitwarden dependency, leading to the modification of the `pass` library. While the vulnerability was quickly identified and mitigated, users of the Bitwarden CLI are advised to update their software to ensure they are protected from any potential risks associated with the compromised dependency. No specific bounty payout amount was mentioned in the content. → scworld.com |
| 2026-04-24 2026 | Bitwarden CLI Compromised in Shai-Hulud Supply Chain Attack; 334 Developers Exposed news | Library compromising the Bitwarden CLI with malware in version `@bitwarden/cli@2026.4.0` exploited a supply chain attack via compromised GitHub Actions. The malicious package, discovered by JFrog and Socket, scanned for and exfiltrated developer secrets including GitHub/npm tokens, SSH keys, and AI assistant configurations to Checkmarx-impersonating domains or public GitHub commits, impacting 334 developers and linked to the "Shai-Hulud" campaign. |
| 2026-04-24 2026 | Bitwarden CLI tool compromised: hundreds of developers pull credential-stealing malware news | The Bitwarden command-line interface (CLI) tool was compromised, leading to hundreds of developers unknowingly downloading malware that steals credentials. This incident highlights a significant security breach within the open-source ecosystem. The compromised version of the CLI tool was distributed, potentially exposing sensitive information from affected users. → cybernews.com |
| 2026-04-24 2026 | GitHub Actions Abuse Fuels Bitwarden Supply Chain Attack - Open Source For You news | Library abuse within GitHub Actions facilitated a supply chain attack targeting the Bitwarden CLI, specifically version 2026.4.0. Attackers injected malicious JavaScript into an npm package, aiming to steal developer credentials, cloud secrets, and GitHub Actions secrets. This campaign, linked to Shai-Hulud activity, also compromised AI coding tools like Claude Code and Cursor, highlighting risks in CI/CD pipelines and open-source software trust. |
| 2026-04-24 2026 | Bitwarden NPM Package Hit in Supply Chain Attack news | Writeup detailing the compromise of the Bitwarden CLI NPM package, version 2026.4.0, in a supply chain attack. The malicious package contained code to exfiltrate secrets and tokens from Azure, AWS, GitHub, GCP, and NPM, and weaponized GitHub tokens to abuse GitHub Actions. This incident shares similarities with previous attacks on Checkmarx, including payload structure and credential harvesting methods, and shows potential links to the Shai-Hulud worm campaigns. → securityweek.com |
| 2026-04-24 2026 | Bitwarden CLI Hit by Supply Chain Attack Through GitHub Actions news | Bitwarden's command-line interface (CLI) was compromised through a supply chain attack targeting its GitHub Actions. Malicious code was injected into a version of the Bitwarden CLI, which was then distributed to users. While the exact payout amount is not specified, the incident highlights the risks associated with software supply chains. Bitwarden has released a patched version and advised users to update their CLI immediately to mitigate any potential security risks. → cyberpress.org |
| 2026-04-24 2026 | Bitwarden CLI Compromised in Supply Chain Attack Exposes Developer Secrets news | Writeup of the Bitwarden CLI supply chain attack, where a malicious npm package (@bitwarden/cli@2026.4.0) was distributed via a compromised GitHub Actions workflow. This incident, part of a broader campaign linked to Checkmarx attacks, targeted developer secrets including GitHub and npm tokens, SSH keys, and cloud credentials, with potential for escalating into wider breaches by injecting malicious workflows. → cxodigitalpulse.com |
| 2026-04-24 2026 | Password manager Bitwarden suffers supply chain attack; users of the npm package should check their device. news | Writeup of Bitwarden CLI supply chain attack, where malicious code infiltrated the CI/CD pipeline via GitHub Actions into package '@bitwarden/cli2026.4.0'. Users should audit npm, check CI logs, change secrets, and scan GitHub for unauthorized activity. Similarities to the Checkmarx attack are noted, including a Russian-language environment exclusion, though different actors are suspected. |
| 2026-04-24 2026 | Cloudsmith Raises $72M for Software Supply-Chain Security news | Library providing software supply-chain security through artifact management. Cloudsmith, a platform from Twilio's former chief customer officer, raised $72 million to enforce policies, audit usage, and reduce exposure to malicious or compromised packages by acting as an intermediary between developers and public repositories. This approach transforms artifact management into a security layer, offering insights into package popularity, maturity, and known risks to both human developers and AI agents, while also integrating data from external security tools for more nuanced policy decisions. |
| 2026-04-24 2026 | Tenable Research Uncovers Remote Code Execution Vulnerability in Microsoft GitHub Repository Exposing CI/CD Pipeline to Unauthorized Code Execution news RCE | Writeup detailing a critical CVSSv4 9.3 vulnerability in a Microsoft GitHub repository exposing its CI/CD pipeline to unauthorized code execution. Tenable Research uncovered a Python string injection flaw within GitHub Actions workflows in the Windows-driver-samples repository, allowing attackers to inject malicious code via GitHub issue descriptions. This exploit grants them access to repository secrets like GITHUB_TOKEN, enabling privileged operations and potentially compromising the software supply chain. The findings highlight the critical nature of CI/CD infrastructure as an attack surface and emphasize the need for strict security controls, permission reviews, and pipeline monitoring. → cxodigitalpulse.com |
| 2026-04-23 2026 | Bitwarden CLI password manager trojanized in supply chain attack news | Writeup of Bitwarden CLI supply chain attack, where attackers published a trojanized version 2026.4.0 to npm. This malicious version, containing `bw_setup.js` and `bw1.js`, targeted cloud and development credentials, including GitHub, npm, AWS, and GCP tokens, and weaponized them for further access. The attack leveraged a compromised GitHub Action in Bitwarden's CI/CD pipeline, similar to incidents affecting Checkmarx KICS and Trivy, attributed to the TeamPCP group. Remediation involves revoking compromised tokens and keys, rotating secrets, and inspecting GitHub Actions workflows. → csoonline.com |
| 2026-04-23 2026 | Checkmarx Supply Chain Attack Exploits Docker Images and CI/CD Pipelines news | Library exploiting Docker image poisoning and VS Code extension vulnerabilities, specifically targeting Checkmarx KICS and associated extensions (versions 1.17.0, 1.19.0), as part of a multi-stage supply chain attack by the TeamPCP group. The attack involved redirecting Docker image tags like `v2.1.20` and `alpine`, and a second-stage payload `mcpAddon.js` was executed via the Bun runtime, leading to credential harvesting of GitHub tokens, cloud credentials, and SSH keys. This campaign extended to compromise the Bitwarden CLI, demonstrating a broader trend of CI/CD pipeline abuse. → esecurityplanet.com |
| 2026-04-23 2026 | Shai-Hulud: The Third Coming Bitwarden CLI Backdoored in Latest Supply Chain Campaign news | Analysis of Shai-Hulud worm's attack on the @bitwarden/cli package reveals its self-propagating nature, exfiltrating credentials, NPM tokens, GitHub tokens, AWS, GCP, and Azure information. The worm encrypts exfiltrated data using AES-256-GCM and uploads it to public GitHub repositories, potentially originating from Russia as it avoids Russian-configured systems. Affected users are advised to rotate keys, add 2FA, check for malicious GitHub repositories, and downgrade the @bitwarden/cli package. → ox.security |
| 2026-04-23 2026 | Tenable finds Microsoft GitHub flaw risking supply chains news | Vulnerability in Microsoft's GitHub windows-driver-samples repository, identified by Tenable Research, allowed attackers to exploit a Python string injection flaw within a GitHub Action. This allowed the triggering of automated scripts via a standard GitHub issue, leading to the potential theft of the GITHUB_TOKEN with broad permissions. The flaw highlights risks to the software supply chain and downstream users, with recommendations including restricted token permissions and auditing workflows. |
| 2026-04-23 2026 | New Checkmarx supply-chain breach affects KICS analysis tool news | Library compromise affects Checkmarx KICS, its Docker images, and VS Code extensions, with attackers injecting a hidden 'MCP addon' to steal credentials including GitHub tokens, AWS, Azure, and Google Cloud credentials, npm tokens, SSH keys, Claude configs, and environment variables, exfiltrating them to audit.checkmarx[.]cx. Affected users should block access to malicious domains, use pinned SHAs, revert to safe versions like DockerHub KICS v2.1.20, and rotate secrets. → bleepingcomputer.com |
| 2026-04-23 2026 | Checkmarx Docker Hub repository compromised with malicious images news | Writeup of the Checkmarx KICS Docker Hub repository compromise, where threat actors injected malicious images overwriting existing tags like v2.1.20 and alpine. These compromised images contained a modified KICS binary designed for data exfiltration to external endpoints, impacting users scanning infrastructure-as-code. Malicious code was also found in Checkmarx Visual Studio Code extensions (versions 1.17.0 and 1.19.0), enabling remote addon execution without user confirmation. → scworld.com |
| 2026-04-23 2026 | Namastex npm packages compromised in CanisterWorm supply chain attack news | Writeup on the CanisterWorm npm supply chain attack, which compromised Namastex Labs packages @automagik/genie and pgserve. The malicious postinstall script harvests secrets from environment variables and local system files, exfiltrating them via an HTTPS webhook and an Internet Computer Protocol (ICP) canister. The worm then attempts to self-propagate by injecting and republishing compromised packages, and also targets the Python Package Index (PyPI). This campaign is attributed to the TeamPCP threat actor and shares similarities with the Shai-Hulud worm. → scworld.com |
| 2026-04-23 2026 | No Off Season: Three Supply Chain Campaigns Hit npm PyPI and Docker Hub in 48 Hours news | Analysis of three supply chain attacks—Checkmarx KICS, CanisterSprawl, and xinference—that targeted npm, PyPI, and Docker Hub between April 21-23, 2026. These campaigns focused on stealing secrets like API keys, cloud credentials, and SSH keys from developer environments and CI/CD pipelines, with threat actors including TeamPCP utilizing techniques such as obfuscated payloads, postinstall hooks, and decentralized C2 channels. → securityboulevard.com |
| 2026-04-23 2026 | No Off Season: Three Supply Chain Campaigns Hit npm PyPI and Docker Hub in 48 Hours news | Analysis of three recent supply chain campaigns targeting npm, PyPI, and Docker Hub, including Checkmarx KICS, CanisterSprawl (pgserve, Namastex.ai), and xinference, highlights the consistent objective of stealing developer secrets like API keys and cloud credentials. These attacks, attributed in part to threat actor TeamPCP, demonstrate sophisticated evasion techniques and cross-ecosystem propagation. → blog.gitguardian.com |
| 2026-04-23 2026 | Xinference PyPI Package Compromised With Malicious Code to Steal Cloud Credentials news | Xinference PyPI Package Compromised With Malicious Code to Steal Cloud Credentials https://ift.tt/MALwDp9 → cyberpress.org |
| 2026-04-23 2026 | Malicious Docker Images and VS Code Extensions Compromise Checkmarx Supply Chain news | Analysis of a supply chain attack where malicious Docker images, specifically a trojanized `checkmarx/kics` image under tags like `v2.1.20` and `alpine`, and compromised Visual Studio Code extensions, were used to exfiltrate sensitive data and compromise developer environments, highlighting risks in trusted repositories and developer ecosystems. → cxodigitalpulse.com |
| 2026-04-23 2026 | Checkmarx KICS Docker Repo Hijacked in Malicious Code Injection Attack news | Checkmarx KICS Docker Repo Hijacked in Malicious Code Injection Attack https://ift.tt/ocmvb8S → gbhackers.com |
| 2026-04-23 2026 | Xinference PyPI Breach Exposes Developers to Cloud Credential Theft news | Xinference PyPI Breach Exposes Developers to Cloud Credential Theft https://ift.tt/Tqo2NKg → gbhackers.com |
| 2026-04-23 2026 | axios npm Compromise: The Ultimate Supply Chain Scaries news | Writeup of the axios npm supply chain compromise details how attackers leveraged social engineering to gain access to the maintainer's account, publishing malicious versions of the popular JavaScript library. The compromise, attributed to the North Korean threat actor UNC1069, allowed for cross-platform malware delivery, including RATs capable of system reconnaissance and credential harvesting. The incident highlights risks associated with deep dependency chains and the trust inherent in the open-source ecosystem, drawing parallels to previous npm attacks like Shai-Hulud and the Trivy scanner compromise. |
| 2026-04-23 2026 | Xinference allegedly hacked by TeamPCP Malicious Package In PyPi news | Writeup of the Xinference supply chain attack on PyPI, detailing how malicious versions (2.6.0-2.6.2) were uploaded containing obfuscated infostealer code. This malware targets cloud credentials, API keys, environment variables, SSH keys, cryptocurrency wallets, and database credentials, sending stolen data to a remote server. The attack leveraged a compromised bot to inject the malicious base64 payload into the `__init__.py` file, affecting users who installed these compromised versions. Recommended actions include downgrading to version 2.5.0 and rotating sensitive keys. → ox.security |
| 2026-04-23 2026 | AI Supply-Chain Monitor Identifies Critical Axios Attack news | Tool for AI-driven supply-chain monitoring; this open-source library from Elastic Security Labs uses an LLM to assess package repository updates for malicious changes, successfully detecting a backdoored Axios version. The system monitors top npm and PyPI packages, enabling rapid identification and response to software supply-chain attacks, as demonstrated by its effectiveness shortly after implementation. |
| 2026-04-23 2026 | Aikido Security Launches Endpoint Protection for Developer Devices as Software Supply Chain Attacks Hit Unprecedented Scale news | Library from Aikido Security, Aikido Endpoint, protects developer devices from software supply chain attacks. It inspects and blocks risky packages, IDE extensions, browser plugins, and AI tools before installation. This addresses escalating threats like the TeamPCP and Axios compromises by focusing on developer machines, which hold critical credentials. Aikido Endpoint monitors all installs, enforces policies like blocking packages younger than 48 hours, and covers npm, PyPI, Maven, NuGet, VS Code extensions, browser extensions, and AI agent marketplaces. It builds on the open-source Safe Chain CLI firewall and offers enterprise-grade governance and approval workflows. |
| 2026-04-22 2026 | Another npm supply chain worm is tearing through dev environments news | Library for detecting npm supply chain worms, similar to CanisterWorm attacks attributed to TeamPCP and LiteLLM. This strain compromises packages like `@automagik/genie`, `pgserve`, and `@fairwords/websocket`, stealing secrets, API keys, and cryptocurrency wallet data. It exfiltrates information to both webhooks and ICP canisters, utilizing a "TeamPCP/LiteLLM method" and self-propagation logic to infect additional packages and PyPI repositories. → theregister.com |
| 2026-04-22 2026 | Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens news | Library for detecting and preventing supply chain attacks, such as the self-propagating worm found in npm packages like `@automagik/genie` and `pgserve`. It details how these worms, like CanisterSprawl, steal developer tokens and credentials for AWS, Azure, and Google Cloud, and can propagate to PyPI packages. The library also covers attacks targeting GitHub Actions' `pull_request_target` trigger and credential harvesting via LLM proxies. → thehackernews.com |
| 2026-04-22 2026 | Supply Chain Attacks Are Getting WorseHow to Shrink Your Exposure beginner | Library for mitigating supply chain attacks, focusing on techniques to shrink exposure following incidents like the Trivy and Axios compromises. It details strategies for containing damage through short-lived credentials, least-privilege access, and blast radius separation. Proactive measures include eliminating "latest" tag usage, implementing cool-down periods for package upgrades, requiring immutable release packages, and adopting dependency management tools like Renovate and Fairwinds Nova for automated patching and chart updates. → securityboulevard.com |
| 2026-04-22 2026 | Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain news | Writeup of supply chain attacks targeting Checkmarx, detailing malicious KICS Docker images and VS Code extensions. Threat actors overwrote Docker Hub tags and introduced compromised versions of the `cx-dev-assist` and `ast-results` extensions. The compromised artifacts exfiltrated GitHub tokens, AWS and Azure credentials, and SSH keys to external endpoints. These attacks, potentially by TeamPCP, leveraged stolen credentials to inject malicious GitHub Actions workflows and republish npm packages, creating further propagation paths. → thehackernews.com |
| 2026-04-22 2026 | Hypersonic Supply Chain Attacks: One Solution That Didn't Need to Know the Payload intermediate | Library that stops zero-day supply chain attacks like those targeting LiteLLM, Axios, and CPU-Z by using on-device behavioral AI. It detects malicious execution patterns rather than relying on signatures or reputation, making it effective against previously unseen payloads delivered through trusted channels, even when AI agents automate execution with unrestricted permissions. This approach, part of SentinelOne's Autonomous Security Intelligence, flags anomalous process chains and code execution in real-time, terminating threats before they can escalate. → sentinelone.com |
| 2026-04-22 2026 | Flaw in Microsoft-owned GitHub repository allowed RCE via issue submission news | Writeup detailing RCE via issue submission in Microsoft's Windows-driver-samples GitHub repository. The flaw exploited a GitHub Actions workflow that inserted unsanitized issue body content into a Python here-doc, allowing attackers to inject Python code and execute arbitrary commands. This could have led to exfiltration of the GITHUB_TOKEN secret, potentially enabling actions on behalf of Microsoft. The vulnerability, assessed with a CVSS score of 9.3, highlights the risks of CI/CD pipeline security, particularly with GitHub Actions and token permissions. → scworld.com |
| 2026-04-22 2026 | New npm supply-chain attack self-spreads to steal auth tokens news | Library for detecting and defending against npm supply-chain attacks. This worm-like malware self-propagates by injecting malicious code into packages, stealing developer credentials, API keys, cloud service secrets, cryptocurrency wallets (MetaMask, Exodus), and targeting AI agent tooling and database operations. It can also exfiltrate data from CI/CD systems, registries, and LLM platforms, and has been observed targeting PyPI packages with .pth-based payloads. Socket and StepSecurity offer indicators of compromise and remediation guidance, advising immediate removal of affected packages and rotation of all exposed secrets. → bleepingcomputer.com |
| 2026-04-22 2026 | Axios npm Supply Chain Attack: 83M Downloads Hit news | Library that details the March 31, 2026, Axios npm supply chain attack, where backdoored versions axios@1.14.1 and axios@0.30.4 were published, affecting 83 million weekly downloads. The attack injected a malicious dependency, plain-crypto-js, which delivered a cross-platform Remote Access Trojan (RAT) targeting macOS, Windows, and Linux. The analysis covers payload mechanics, obfuscation techniques, anti-forensics, and detection guidance, highlighting the exploit of trust in the JavaScript ecosystem. |
| 2026-04-22 2026 | Axios npm Hijack 2026: Everything You Need to Know news | Analysis of the Axios npm Hijack 2026 details a sophisticated supply chain attack where threat actors compromised the lead maintainer's npm account, publishing malicious versions of the popular JavaScript library. These versions, [email protected] and [email protected], silently installed a cross-platform RAT (SILKBELL and WAVESHAPER.V2) via a hidden dependency upon `npm install`. The attack, attributed to UNC1069, bypassed standard CI/CD security by directly publishing to the npm registry using a stolen access token, highlighting the importance of OIDC provenance and SLSA checks. |
| 2026-04-22 2026 | TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files news | Library compromising the `telnyx` Python package with versions 4.87.1 and 4.87.2 on PyPI. The malware uses audio steganography within `.WAV` files to deliver a multi-stage attack chain, harvesting credentials and exfiltrating data to `83.142.209[.]203:8080` on Linux/macOS, while establishing persistence via `msbuild.exe` on Windows. This supply chain attack by TeamPCP follows similar compromises of Trivy, KICS, and litellm. → thehackernews.com |
| 2026-04-22 2026 | litellm: Credential Stealer Hidden in PyPI Wheel news | Library detailing a supply chain compromise within the litellm Python package. Versions 1.82.7 and 1.82.8 were found to contain a malicious payload that harvests credentials, encrypts them using AES-256 and RSA-4096, and exfiltrates them to an attacker-controlled domain. The compromise leveraged two distinct injection techniques: a `.pth` file in version 1.82.8, and an embedded base64 blob in `proxy_server.py` for version 1.82.7. This attack potentially gained initial access through a pivot from a compromise of the Trivy tool used in litellm's CI/CD pipeline. |
| 2026-04-22 2026 | What's Coming to Our GitHub Actions 2026 Security Roadmap news | Library for securing GitHub Actions, this roadmap details upcoming features to enhance supply chain security. Key developments include workflow dependency locking with commit SHAs for reproducibility, policy-driven execution protections through rulesets to control triggers and permissions, and scoped secrets to bind credentials to specific contexts, preventing over-permissioning and blurring trust boundaries. Additionally, enterprise-grade endpoint protections are introduced with the Actions Data Stream for visibility and a native egress firewall for control, addressing challenges seen in recent attacks like those on tj-actions/changed-files and Nx. → github.blog |
| 2026-04-22 2026 | Shai-Hulud npm Supply Chain Attack: New Compromised Packages Detected news | Writeup on the Shai-Hulud npm supply chain attack details a significant wave of compromised packages, including new variations and obfuscation techniques. Threat actors are targeting popular npm packages to steal credentials from GitHub, NPM, AWS, GCP, and Azure, then exfiltrating this data by creating encoded repositories. The attack utilizes a data-stealer payload bundled within Webpack applications, often disguised as system optimization tools, and employs utilities like TruffleHog to gather secrets. |
| 2026-04-22 2026 | LiteLLM and Telnyx Compromised on PyPI: Tracing the TeamPCP Supply Chain Campaign news | Library detailing the TeamPCP supply chain campaign that compromised LiteLLM and Telnyx packages on PyPI. This extensive campaign began with a Trivy compromise, spread through npm and GitHub Actions, and included Kubernetes exploitation. Defenders should treat installations of LiteLLM versions 1.82.7/1.82.8 or Telnyx versions 4.87.1/4.87.2 as credential exposure events. → securitylabs.datadoghq.com |
| 2026-04-22 2026 | Keeping Your GitHub Actions Secure Part 1: Preventing Pwn Requests intermediate | Library detailing secure GitHub Actions workflows, specifically addressing the risks of the `pull_request_target` trigger when processing untrusted pull requests. It highlights how attackers can exploit this to gain repository write permissions or steal secrets by injecting malicious code into build scripts, package.json, or npm pre/postinstall scripts. The library advocates for a `pull_request` trigger for unprivileged handling of untrusted code and a subsequent `workflow_run` trigger for privileged operations, using artifacts to safely transfer data. → securitylab.github.com |
| 2026-04-22 2026 | GitHub Actions Security Pt 1: Attacks & Defenses (Wiz) intermediate | Library detailing GitHub Actions security, addressing common misconfigurations and outlining defensive strategies. It explains the threat model, covering risks like Pull Request pwnage and script injection, exemplified by attacks such as the Trivy supply chain compromise exploiting `pull_request_target` and `workflow_run` triggers. The entry emphasizes understanding the trust boundary between repository owners and external actors to prevent code execution with elevated permissions. → wiz.io |
| 2026-04-22 2026 | Are SBOMs Failing? Supply Chain Attacks Rise as Security Teams Struggle With SBOM Data beginner | Analysis of SBOM failures reveals that while Software Bills of Materials and Vulnerability Exploitability eXchange statements offer data, security teams lack decision clarity. Supply chain attacks, including those leveraging Trivy and Axios, persist due to inconsistent interpretation of SBOM/VEX data, lack of updated SBOM delivery, and hesitations in exploitability assertions. Researcher Devashri Datta advocates for a unified, governance-driven intelligence layer to interpret SBOMs as lifecycle signals and VEX as contextual input, enabling explainable and defensible decisions amidst increasing regulatory pressure and rapid exploitation times. → securityweek.com |
| 2026-04-22 2026 | Axios supply chain attack deploys multi-OS malware news | Analysis of the Axios supply chain attack details how malicious versions, axios@1.14.1 and axios@0.30.4, infected npm users with a cross-platform RAT. The attack, attributed to North Korean state actor Sapphire Sleet, exploited compromised npm credentials and bypassed CI/CD pipelines to deliver malware via the plain-crypto-js dependency. The RAT features obfuscated Node.js droppers, C2 communication, and self-deletion to evade detection, posing significant risks for credential and data exfiltration. Remediation involves updating or downgrading Axios and rotating secrets, with IoCs provided for affected systems. |
| 2026-04-22 2026 | AI-Driven Endpoints Highlight Expanding Software Supply Chain Risk beginner | AI-Driven Endpoints Highlight Expanding Software Supply Chain Risk https://ift.tt/Op8eSmM → tipranks.com |
| 2026-04-22 2026 | Aikido Unveils Endpoint Security as Supply Chain Attacks Hit Developers news | Library that acts as a security agent on developer machines, inspecting and blocking threats before installation. It monitors package manager installations, VS Code extensions, and AI agent skills, cross-referencing with Aikido Intel to identify malicious packages. A key feature is blocking packages published within 48 hours, addressing the critical window for new malicious distributions, and it builds on Aikido's open-source Safe Chain CLI firewall. |
| 2026-04-21 2026 | Critical Microsoft GitHub Flaw Highlights Dangers to CI/CD Pipelines: Tenable news | Critical Microsoft GitHub Flaw Highlights Dangers to CI/CD Pipelines: Tenable https://ift.tt/nvuCc9x |
| 2026-04-21 2026 | CISA urges security teams to view environments following axios compromise news | CISA urges security teams to view environments following axios compromise https://ift.tt/JYRaA0z → cybersecuritydive.com |
| 2026-04-21 2026 | CISA Warns Axios npm Package Was Compromised in Major Supply Chain Attack news | CISA Warns Axios npm Package Was Compromised in Major Supply Chain Attack https://ift.tt/bSQfTkG → cybersecuritynews.com |
| 2026-04-21 2026 | Aikido Security launches Endpoint to secure AI development and mitigate supply chain attacks news | Library for securing AI development and mitigating supply chain attacks. Aikido Security's Endpoint agent monitors developer workstations, providing visibility and control over software packages, development environments, and AI tools. It inspects imported tools and packages, holding new releases for 48 hours to reduce risk. Security teams can audit actions and enforce policies based on team, role, and device. → scworld.com |
| 2026-04-21 2026 | Introducing Endpoint Protection: Security for Developer Devices news | Library for protecting developer devices against software supply chain attacks. It prevents malicious package installs, IDE extensions, browser plug-ins, and AI skills by offering visibility into installed software, blocking threats before installation, enforcing package age policies, and enabling approval workflows. Built upon the open-source Safe Chain project and powered by the LLM-based Aikido Intel threat intelligence engine, it aims to secure developer workstations without hindering productivity, addressing vulnerabilities exemplified by the Shai-Hulud and Axios attacks. → aikido.dev |
| 2026-04-21 2026 | Aikido Security Launches Endpoint Protection for Developer Devices as Software Supply Chain Attacks Hit Unprecedented Scale news | Library Aikido Endpoint protects developer devices against software supply chain attacks by inspecting and blocking risky packages, IDE extensions, browser plugins, and AI tools before installation. It covers npm, PyPI, Maven, NuGet, VS Code extensions, and more, building on the Safe Chain CLI firewall's protection against threats like Shai-Hulud and the Axios compromise. Endpoint enforces protective defaults, such as blocking packages published less than 48 hours ago, and offers governance controls and approval workflows for enterprise deployment. |
| 2026-04-21 2026 | CISA Warns Axios npm Package Was Compromised in Major Supply Chain Attack news | CISA Warns Axios npm Package Was Compromised in Major Supply Chain Attack https://ift.tt/eymP7Vs → cyberpress.org |
| 2026-04-21 2026 | CISA Warns Compromised Axios npm Package Fueled Major Supply Chain Attack news | CISA Warns Compromised Axios npm Package Fueled Major Supply Chain Attack https://ift.tt/3Sh8QXg → gbhackers.com |
| 2026-04-21 2026 | The Vercel Breach: OAuth Supply Chain Attack Exposes the Hidden Risk in Platform Environment Variables news | Analysis of the Vercel breach, an OAuth supply chain attack beginning around February 2026, details how a compromised third-party application and platform environment variables bypassed traditional defenses. The incident, initiated by Lumma Stealer malware infecting a Context.ai employee, exploited Vercel's environment variable model where non-sensitive credentials were exposed to attackers with internal access. This breach highlights risks inherent in OAuth trust relationships, amplified by AI-accelerated tradecraft and significant detection-to-disclosure latency, urging architectural changes like treating OAuth apps as third-party vendors and eliminating long-lived platform secrets. → trendmicro.com |
| 2026-04-21 2026 | The Vercel Breach: OAuth Supply Chain Attack Exposes the Hidden Risk in Platform Environment Variables news | Analysis of the Vercel breach details an OAuth supply chain attack where a compromised third-party application granted long-lived, password-independent access, bypassing traditional defenses. This incident highlights the risk of platform environment variables being readable with internal access, especially when not explicitly marked as sensitive. The attack chain, initiated by Lumma Stealer malware affecting Context.ai, demonstrates AI-accelerated tradecraft and raises concerns about detection-to-disclosure latency in platform breaches, fitting a broader pattern of attacks targeting developer-stored credentials across various platforms. → trendmicro.com |
| 2026-04-21 2026 | The Vercel Breach: OAuth Supply Chain Attack Exposes the Hidden Risk in Platform Environment Variables news | Analysis of the Vercel Breach details an OAuth supply chain attack where a compromised third-party application granted unauthorized access to Vercel's internal systems. This exploit, enabled by Lumma Stealer malware infecting a Context.ai employee, allowed attackers to exfiltrate environment variables for a subset of customer projects, bypassing perimeter defenses. The incident highlights risks associated with platform environment variable models, detection-to-disclosure latency, and the broader trend of credential compromises across developer tools, emphasizing the need for architectural changes like treating OAuth apps as vendors and assuming provider-side compromise. → trendmicro.com |
| 2026-04-21 2026 | Astrix Security Highlights Rising Risk in OAuth-Driven Supply Chain Attacks news | Astrix Security Highlights Rising Risk in OAuth-Driven Supply Chain Attacks https://ift.tt/pdx7G9Z → tipranks.com |
| 2026-04-20 2026 | The Vercel Breach: OAuth Supply Chain Attack Exposes the Hidden Risk in Platform Environment Variables news | Analysis of the Vercel breach details an OAuth supply chain attack where a compromised third-party application granted attackers long-lived access to Vercel's internal systems. This allowed them to read environment variables, amplified by Vercel's model where non-sensitive credentials were exposed without additional controls for compromised teams. The incident highlights risks in platform environment variables, detection-to-disclosure latency, and a convergence pattern of targeting developer-stored credentials across various platforms. → trendmicro.com |
| 2026-04-20 2026 | Vercel incident falls short of a supply chain attack news | Analysis of the Vercel incident highlights how a third-party AI tool compromise, Context.ai, led to a Google Workspace account takeover, granting access to internal Vercel systems. While not a full supply chain attack like SolarWinds, experts like Guillaume Valadone (GitGuardian) and Morey Haber (BeyondTrust) emphasize its supply chain characteristics, cautioning that such incidents can escalate if attackers access publishing pipelines. Recommendations include aggressive credential rotation, redeployment of builds, and hunting for persistence artifacts, as compromised platforms like Vercel pose risks to downstream applications and services. → scworld.com |
| 2026-04-20 2026 | Supply Chain Attack Hits Vercel: User Data is Being Sold on BreachForums For $2M news | Analysis of the Vercel and Context AI supply chain attack, detailing how compromised OAuth tokens and a malicious Chrome extension led to Vercel's internal database being offered for sale on BreachForums. The incident highlights risks associated with AI systems and third-party integrations, emphasizing the need for immediate key rotation, 2FA enablement, and auditing of third-party app access, particularly for Google Workspace and Vercel-maintained packages like Next.js. → ox.security |
| 2026-04-20 2026 | Why the Axios attack proves AI is mandatory for supply chain security news | Library for AI-powered security operations, necessitated by attacks like the recent Axios supply chain compromise by North Korean threat actors. This resource highlights how AI-driven monitoring can detect malicious code changes in real-time, a crucial capability against adversaries leveraging AI for automated reconnaissance and evasive malware. It argues that AI is essential for matching the speed and complexity of modern threats, transforming Security Operations Centers (SOCs) into agentic workflows that amplify human analysts and significantly reduce mean time to detect and respond. |
| 2026-04-20 2026 | Aikido Security Launches Endpoint Protection for Developer Devices as Software Supply Chain Attacks Hit Unprecedented Scale news | Library for protecting developer devices from software supply chain attacks. Aikido Endpoint inspects and blocks risky packages, IDE extensions, browser plugins, and AI tools before installation, addressing threats like those seen in the TeamPCP and Axios compromises. It monitors all installs across a machine, enforces protective defaults like blocking packages published less than 48 hours ago, and covers npm, PyPI, Maven, NuGet, VS Code extensions, and AI agent marketplaces. |
| 2026-04-20 2026 | Aikido Endpoint offers developers additional protection against supply chain attacks news | Library for blocking supply chain attacks, Aikido Endpoint protects developer endpoints by monitoring and blocking high-risk packages, IDE extensions, browser plugins, and AI tools before installation. Built on the open-source Safe Chain CLI firewall, it prevents threats like those seen in Shai-Hulud, TeamPCP, and the Axios attack by employing default settings such as blocking packages published less than 48 hours ago. This targets vulnerabilities on developer machines, which contain sensitive information like cloud credentials and SSH keys, often missed by repository-focused security tools. → techzine.eu |
| 2026-04-20 2026 | Aikido Security Launches Endpoint Protection for Developer Devices as Software Supply Chain Attacks Hit Unprecedented Scale news | Library for protecting developer devices against software supply chain attacks, inspecting and blocking risky packages, IDE extensions, browser plugins, and AI tools before installation. It monitors and blocks all installs across the machine, enforcing protective defaults like a 48-hour minimum install age to mitigate threats from compromised accounts and malicious packages, referencing attacks like those from TeamPCP and the Axios compromise. Coverage extends to npm, PyPI, Maven, NuGet, VS Code extensions, browser extensions, and AI agent skills marketplaces. |
| 2026-04-20 2026 | New security agent helps fight software supply chain attacks news | New security agent helps fight software supply chain attacks https://ift.tt/tRoy3LB |
| 2026-04-20 2026 | Aikido launches Endpoint to secure AI-native developer workflows news | Library that secures AI-native developer workflows by blocking malicious packages, IDE extensions, and AI tools in real-time before they impact developer machines. Aikido Endpoint inspects installations against Aikido Intel, a threat intelligence feed, and automatically halts packages published within the last 48 hours. It offers ecosystem-wide malware protection, granular access controls with approval workflows, and visibility into AI tool usage and costs, building upon the open-source Aikido Safe Chain. |
| 2026-04-19 2026 | Shai-Hulud: A Persistent Secret Leaking Campaign — GitGuardian news | Analysis of the Shai-Hulud campaign details a persistent supply chain attack targeting NPM packages like @ctrl/tinycolor, using malicious GitHub Actions to exfiltrate secrets from local environments and repositories. Similar to the s1ngularity and GhostActions campaigns, this attack injects compromised workflows to steal credentials, including GitHub tokens, NPM tokens, and AWS Keys. GitGuardian's HasMySecretLeaked service allows developers to check for compromised secrets without exposing their values. → blog.gitguardian.com |
| 2026-04-19 2026 | Defending Against npm Supply Chain Attacks — Splunk intermediate | Library for detecting and analyzing npm supply chain attacks. It offers tools like `npm-threat-emulation` for safe adversary simulation and `Package-Inferno` for deep package analysis. The library addresses the challenges of understanding npm's attack surface, the detection gap in traditional security tools, and the need for realistic testing against evolving threats, including self-propagating worms and sophisticated phishing campaigns targeting cryptocurrency wallets and CI/CD environments. |
| 2026-04-19 2026 | Multiple Supply Chain Attacks against npm Packages — Red Hat news | Analysis of multiple npm supply chain attacks, including "s1ngularity" targeting Nx, a broad "popular packages" campaign hitting developers of frequently downloaded packages like `debug` and `chalk`, and the "shai-hulud" worm and its subsequent waves. These campaigns impacted hundreds of Node.js components, though Red Hat products remained unaffected due to version pinning practices. |
| 2026-04-19 2026 | Shai-Hulud Malware: Second-Wave npm Supply Chain Attack news | Analysis of the Shai-Hulud malware campaign details a second wave of supply-chain attacks targeting npm packages, exploiting preinstall scripts like setup_bun.js to exfiltrate developer secrets including GitHub, AWS, GCP, and Azure credentials. This malware self-propagates using stolen npm tokens and can delete home directories if exfiltration fails. Recommendations include reviewing GitHub for malicious repositories, identifying and removing affected npm packages, and rotating compromised secrets such as AWS access keys and GitHub personal access tokens. → arcticwolf.com |
| 2026-04-19 2026 | CISA: Widespread Supply Chain Compromise Impacting npm Ecosystem news | Alert regarding a widespread supply chain compromise impacting the npm ecosystem. A self-replicating worm, "Shai-Hulud," has compromised over 500 packages, exfiltrating sensitive credentials like GitHub PATs and API keys for AWS, GCP, and Azure. CISA urges dependency reviews, checking lock files, pinning versions, rotating credentials, mandating MFA, and hardening GitHub security to detect and remediate this threat. |
| 2026-04-18 2026 | Supply Chain Cyber Attacks Surge as EU Breach Exposes Weaknesses news | Analysis of a supply chain cyberattack targeting the Trivy security scanner, which led to a significant European Commission cloud breach. Attackers exploited misconfigured GitHub Actions workflows to compromise Trivy, subsequently harvesting data from CI/CD environments and exfiltrating sensitive information after gaining AWS credentials. This incident highlights the widespread impact of compromised dependencies, affecting thousands of repositories and multiple EU entities, and underscores the increasing reliance on and vulnerability of open-source tools within modern software supply chains. |
| 2026-04-18 2026 | Trivy Supply-Chain Attack: Trusted Scanner Compromised Rotate CI/CD Secrets Now news | Library for securing CI/CD pipelines against supply-chain attacks, particularly concerning the Trivy scanner compromise (CVE-2026-33634, GHSA-69fq-xp46-6×23). The library details techniques for mitigating risks associated with compromised scanning tools, including mandatory secret rotation, auditing pipeline runs, pinning GitHub Actions tags to immutable SHAs, enforcing least-privilege for runners, and increasing monitoring. It highlights how attackers exploit tag mutability and privileged scanner access to steal credentials and access cloud environments. |
| 2026-04-17 2026 | Q1 2026 Open Source Malware Index: Adaptive Attacks Exploit Trust news | Index of Q1 2026 open source malware details 21,764 malicious packages, with npm accounting for 75% and trojans dominating credential theft and host reconnaissance. Defining the quarter was trust abuse, as seen in the SANDWORM_MODE campaign's adaptive behavior, the LiteLLM compromise via trusted tooling, and the axios compromise exploiting transitive dependencies, highlighting attackers' success by hiding behind legitimate workflows and package names. → sonatype.com |
| 2026-04-17 2026 | Critical Supply Chain Attack on EssentialPlugin WordPress Suite Exposes Over 400000 Websites to Malware news | Writeup of a critical supply chain attack on the EssentialPlugin WordPress suite, impacting over 400,000 websites. The attack involved a dormant backdoor, introduced after the plugin's acquisition, which activated to enable arbitrary file writes and malware injection. The technique utilized unauthenticated REST API endpoints and PHP object injection to create a backdoor file (wp-comments-posts.php) and modify wp-config.php, leading to spam pages and redirects. Mitigation involves immediate removal of affected plugins and manual inspection for malicious files. → rescana.com |
| 2026-04-17 2026 | Closing the Chain: How to reduce SolarWinds/Log4j/XZ risk (arXiv) intermediate | Analysis of SolarWinds, Log4j, and XZ Utils attacks systematically maps attacker techniques to 73 mitigation tasks across 10 software supply chain frameworks. Prioritized mitigation tasks include role-based access control, system monitoring, and boundary protection. The analysis also identified critical missing tasks, such as sustainable open-source software support and environmental scanning tools, highlighting continued vulnerabilities in existing frameworks. → arxiv.org |
| 2026-04-17 2026 | SolarWinds Supply Chain Attack (Fortinet) news | SolarWinds Supply Chain Attack (Fortinet) |
| 2026-04-17 2026 | ossf/malicious-packages: Reports of malicious open source packages news | Database of malicious open source packages, consumable via the OSV format, documenting attacks like typosquatting, dependency confusion, and account takeovers. This resource aims to protect the community by providing a comprehensive collection of identified malicious packages from various ecosystems, including npm and PyPI, serving as a data source for improved detection and analysis of emerging open source malware. |
| 2026-04-17 2026 | 5 Examples of Dependency Confusion Attacks (Spectral) intermediate | Examples of dependency confusion attacks are detailed, showcasing how attackers exploit trust in public package repositories to inject malicious code into software supply chains. The article illustrates this through scenarios like mimicking internal library names, typosquatting, and exploiting versioning ambiguities, referencing specific instances with npm and PyPI. It highlights the risks, including remote code execution and data theft, and proposes countermeasures such as prioritizing internal repositories, specifying exact versions, and employing monitoring tools to detect suspicious package releases. |
| 2026-04-17 2026 | What Is a Dependency Confusion Attack? (Aqua Security) beginner | Library detailing dependency confusion attacks, a software supply chain technique where malicious code replaces legitimate application dependencies. The article explains how attackers exploit dependency configurations by planting malicious versions in repositories, using typosquatting, or even leveraging "hallucinated" dependencies from AI-generated code. It references real-world incidents involving PyTorch, npm, and ethical hacking demonstrations against companies like Apple. |
| 2026-04-17 2026 | Defender's Perspective: Dep Confusion and Typosquatting (SLSA) intermediate | Reference on dependency confusion and typosquatting attacks, detailing how these exploit package manager vulnerabilities for arbitrary code execution. It highlights the attacker's methods, including package name reconnaissance and malicious payload injection. The entry also discusses mitigations such as namespacing and pinning, and emphasizes how SLSA build provenance can create secure bindings between package names, versions, source repositories, and build systems to defend against these supply chain risks. |
| 2026-04-17 2026 | SBOMs in 2026: Some Love, Some Hate, Much Ambivalence news | SBOMs in 2026: Some Love, Some Hate, Much Ambivalence → darkreading.com |
| 2026-04-17 2026 | Software Bill of Materials (SBOM) (CISA) beginner | Guide from CISA detailing Software Bill of Materials (SBOM) as a critical component for software security and supply chain risk management. It outlines SBOM's role as a nested inventory of software ingredients, discusses advancements since 2018 through multistakeholder efforts, and promotes adoption through community work and operationalization. The guide also touches upon Vulnerability Exploitability eXchange (VEX) documents as attestations for vulnerability impact. |
| 2026-04-17 2026 | About SLSA (spec v1.2) beginner | Framework for Supply-chain Levels for Software Artifacts (SLSA) v1.2 offers incrementally adoptable guidelines for supply chain security, aiding both software producers and consumers. It establishes a common vocabulary, provides methods to secure incoming supply chains by evaluating artifact trustworthiness, and includes checklists for improving software security, aligning with the Secure Software Development Framework (SSDF). SLSA addresses risks exposed by attacks like SolarWinds and Codecov, protecting against code modification and ensuring artifacts originate from expected build platforms, thereby increasing confidence in the integrity of software from source to binary. |
| 2026-04-17 2026 | What is a Software Bill of Materials (SBOM)? (Snyk) beginner | Library for generating and managing Software Bills of Materials (SBOMs), providing formal records of software components and their supply chain relationships. SBOMs enhance transparency, aid in vulnerability management, and support regulatory compliance, especially for software sold to the federal government as mandated by Executive Order 14028. Standards like SPDX, SWID, and OWASP CycloneDX are supported, enabling detailed analysis of dependencies, licenses, and potential exploits, complementing efforts like SLSA for supply chain integrity. → snyk.io |
| 2026-04-17 2026 | SBOM Literature Review (arXiv) news | Survey of Software Bill of Materials (SBOM) literature systematically reviews 40 studies on SBOMs for software supply chain security, identifying five key application areas: vulnerability management, transparency, component assessment, risk assessment, and integrity. Adoption barriers include generation tooling, data privacy, standardization issues with formats like SPDX and CycloneDX, and challenges with analysis and maintenance. The review maps these barriers to the ISO/IEC 25019:2023 Quality-in-Use model, highlighting deficiencies in trustworthiness and usability, and notes gaps in machine learning and software quality assurance applications. → arxiv.org |
| 2026-04-17 2026 | SBOM + SLSA: Accelerating SBOM success with SLSA intermediate | Library that uses Supply-chain Levels for Software Artifacts (SLSA) principles to enhance Software Bill of Materials (SBOM) accuracy and trustworthiness. By integrating SLSA's tamper-evident provenance data, generated during the build process, with SBOMs, this approach addresses limitations in traditional SBOM generation. This results in more complete and verifiable SBOMs, helping users identify affected components, trust the software's origin, and respond effectively to supply chain attacks, drawing parallels with food safety standards and leveraging tools like Sigstore and in-toto. |
| 2026-04-17 2026 | SLSA - Comprehensive Approach to Supply Chain Security (SBOM Observer) beginner | Framework SLSA offers a structured hierarchy of security practices for software supply chain fortification, building from fundamental component identification to hermetic sealing against tampering. When integrated with Software Bills of Materials (SBOMs), SLSA elevates transparency and mitigates risks by ensuring components are sourced, developed, and deployed securely, utilizing cryptographic signatures and trusted build environments like CI/CD. This comprehensive approach empowers organizations to dramatically reduce susceptibilities to cyberattacks and threats. |
| 2026-04-17 2026 | Understanding SBOM: Transparency & Security in Supply Chains (Cycode) beginner | Library for generating and managing Software Bills of Materials (SBOMs), serving as a detailed inventory of all software components, libraries, and dependencies. This resource aids in enhancing application security, mitigating supply chain risks, ensuring license compliance, and meeting regulatory mandates like Executive Order 14028. It supports automation for DevSecOps pipelines and facilitates faster incident response by providing transparency into software composition. |
| 2026-04-17 2026 | What We Know About the NPM Supply Chain Attack (Trend Micro) news | Library detailing the Shai-hulud worm's attack chain, which exploits compromised NPM maintainer accounts to inject malicious code into popular JavaScript packages. This worm self-propagates by hijacking web APIs, diverting cryptocurrency, stealing cloud service tokens, and deploying secret-scanning tools, impacting organizations across North America and Europe. → trendmicro.com |
| 2026-04-17 2026 | New Supply Chain Malware Operation Hits npm and PyPI news | Library of malware operations targeting npm and PyPI packages, including GlueStack for remote command execution and screenshotting, express-api-sync and system-health-sync-api for file deletion, and imad213 on PyPI for harvesting Instagram credentials. These attacks leverage compromised accounts and malicious code injection to steal information, sabotage systems, and exfiltrate data via covert channels like SMTP. → thehackernews.com |
| 2026-04-17 2026 | npm Supply Chain Attack: Debug, Chalk + 16 Packages Compromise (Upwind) news | Library compromised in an npm supply chain attack involving malicious versions of `debug`, `chalk`, and 16 other packages. The attacker used a phishing campaign, obtaining account credentials and a TOTP code via a fake 2FA reset email from `npmjs.help`. The malware, a browser-only script, targeted cryptocurrency wallets by intercepting `window.ethereum` calls and manipulating network responses using a Levenshtein algorithm, affecting Ethereum, Bitcoin, Litecoin, Tron, BCH, and Solana. |
| 2026-04-17 2026 | Malicious PyPI, npm, Ruby Packages Exposed (The Hacker News) news | Library updates on npm, PyPI, and Ruby pose significant supply chain risks, with malicious packages identified for draining cryptocurrency, erasing codebases, and exfiltrating Telegram API tokens. These threats include typosquatting attacks like "xlsx-to-json-lh" on npm and impersonating "colorama" on PyPI, alongside novel techniques such as "monkey patching" Solana key generation and injecting infostealers into PyTorch models. Vendors like Checkmarx, ReversingLabs, Safety, and Socket reported these findings, highlighting the exploitation of geopolitical events and the growing threat of AI-themed package abuse. → thehackernews.com |
| 2026-04-17 2026 | A Closer Look at Software Supply Chain Attacks 2025 (Xygeni) beginner | Tool for detecting software supply chain attacks; Xygeni's Malware Early Warning (MEW) identified malicious PyPI package `graphalgo` and npm package `express-cookie-parser`, both employing typosquatting, obfuscation via ZLib compression and Base64 encoding, a shared seed file URL, dynamic C2 resolution with a DGA, and persistence through startup scripts in Chrome user data directories. |
| 2026-04-17 2026 | The PyPI Supply Chain Attacks of 2025: What Python Engineers Should Learn beginner Python | The PyPI Supply Chain Attacks of 2025: What Python Engineers Should Learn |
| 2026-04-17 2026 | Securing software supply chain without slowing development beginner | Securing software supply chain without slowing development https://ift.tt/5YdRFCM → msn.com |
| 2026-04-17 2026 | Cyber threats for PV: What are supply chain attacks and how do they work beginner | Analysis of supply chain attacks targeting PV systems, which exploit trusted third-party vendors and components like inverter firmware and monitoring software. These attacks introduce malicious code through compromised updates or hardware, enabling unauthorized access, data exfiltration, and system manipulation. Defense strategies include strict vendor risk management, code signing, network segmentation, continuous monitoring, and asset management to mitigate the risks of compromised components and their widespread impact. |
| 2026-04-17 2026 | Second Open Source Plugin Hijack Raises Alarm Across WordPress Ecosystem - Open Source For You news | Library of techniques for securing open-source plugins, prompted by a recent supply-chain attack on WordPress, where a hijacked plugin was used to inject malicious code. This incident highlights vulnerabilities in ownership transfer processes and the need for rigorous code audits post-acquisition. Thousands of sites were exposed due to this attack, emphasizing the critical importance of robust security measures in open-source development and distribution. |
| 2026-04-17 2026 | Securing software supply chain without slowing development beginner | Library for securing software supply chains, focusing on automation, visibility, and policy enforcement. It addresses risks from third-party code and open-source libraries, citing examples like the SolarWinds and British Airways attacks. Best practices include end-to-end dependency insight, custom policy definition, automated updates, continuous monitoring, and developer education. The library aims to enable secure innovation without slowing development, aligning with mandates like the EU's Digital Operational Resilience Act. |
| 2026-04-17 2026 | Securing the Software Supply Chain: How SentinelOne's AI EDR Autonomously Blocked the CPU-Z Watering Hole Cyber Attack beginner | Library detailing SentinelOne's AI EDR autonomous blocking of the CPU-Z watering hole attack. The attack involved trojanized download infrastructure and a reflective payload, CRYPTBASE.dll, employing XXTEA encryption and DEFLATE decompression, with STX RAT as the final payload delivering hidden VNC, credential theft, and a reverse proxy. The entry highlights behavioral detection's efficacy against supply chain compromises, anomalous API resolution, reflective code loading, suspicious memory allocation, process injection patterns, and heuristic shellcode signatures, noting attacker reuse of C2 infrastructure and STX RAT YARA rules from a previous FileZilla campaign. → sentinelone.com |
| 2026-04-17 2026 | Your Supply Chain Breach Is Someone Else's Payday news | Analysis of the TeamPCP supply chain attack reveals how a single stolen credential can lead to cascading compromises across multiple software ecosystems. The group injected credential-harvesting malware into LiteLLM and poisoned Checkmarx GitHub Actions, demonstrating how identity is the primary attack surface. This breach highlights risks beyond ransomware, including payroll redirection, freight rerouting, and extortion, underscoring the need for continuous, AI-augmented integrity verification and third-party due diligence. |
| 2026-04-16 2026 | Learnings from Recent npm Supply Chain Compromises - Datadog intermediate | Analysis of recent npm supply chain compromises, including the s1ngularity, Qix, and Shai-Hulud attacks, highlights critical vulnerabilities. Attackers exploited GitHub Actions pull_request_target triggers, phishing campaigns mimicking npm 2FA resets, and unrotated credentials to inject malicious code, steal secrets, and hijack cryptocurrency transactions. Specific malware like telemetry.js and crypto-stealing scripts were deployed across hundreds of compromised npm packages. The analysis emphasizes the need for hardened CI/CD workflows, immediate credential rotation, MFA, and fine-grained access tokens to mitigate these widespread risks. → securitylabs.datadoghq.com |
| 2026-04-16 2026 | Inside the Axios Supply Chain Compromise - Elastic Security Labs intermediate | Analysis of the Axios supply chain compromise details how a maintainer account compromise led to malicious versions of the popular Axios npm package (versions 1.14.1 and 0.30.4) being published. These versions delivered cross-platform Remote Access Trojans (RATs) for macOS, Windows, and Linux via a backdoor in the `plain-crypto-js` dependency's `postinstall` hook. The RATs shared an identical C2 protocol, command set, and beacon cadence, employing an anachronistic IE8 user-agent for network communication. The dropper also performed anti-forensic cleanup by deleting itself and swapping its `package.json`. |
| 2026-04-16 2026 | Lockfile Poisoning: Introducing Malware in Supply Chain - SafeDep intermediate | Tool for detecting Lockfile Poisoning attacks targeting the npm ecosystem. This technique exploits the cognitive load of reviewing auto-generated `package-lock.json` files to introduce malware by tampering with artifact URLs or adding malicious entries. The `vet` tool verifies package source URLs against trusted registries and checks for inconsistencies to prevent such supply chain compromises. |
| 2026-04-16 2026 | Shai-Hulud 2.0: Most Aggressive NPM Supply Chain Attack of 2025 - Check Point news | Writeup of Shai-Hulud 2.0, an aggressive npm supply chain attack targeting developers. The campaign, active in November 2025, compromised hundreds of npm packages and thousands of GitHub repositories, exfiltrating multi-cloud and developer credentials like GitHub access tokens, AWS, GCP, and Azure credentials. Attackers utilized npm's preinstall lifecycle script and the Bun runtime for evasion, exfiltrating data to GitHub repositories. The attack demonstrated a significant escalation from dependency compromise to multi-cloud access and CI/CD infiltration. |
| 2026-04-16 2026 | Supply Chain Security: Sigstore and Cosign - GitGuardian beginner | Library for signing and verifying container images using Sigstore's Cosign. This resource details Sigstore, a suite of tools designed to secure software supply chains by ensuring software integrity. It focuses on Cosign, a tool for signing artifacts within OCI registries, utilizing features like hardware and KMS signing, and integration with Kubernetes Secrets. The library allows users to generate key pairs, sign images by digest, and verify signatures against a provided public key, addressing the challenges of managing and integrating cryptographic signing into CI/CD workflows. → blog.gitguardian.com |
| 2026-04-16 2026 | GuardDog: CLI Tool to Identify Malicious PyPI and npm Packages beginner | Tool for identifying malicious PyPI and npm packages, Go modules, RubyGems, GitHub actions, and VSCode extensions. GuardDog leverages Semgrep rules and metadata heuristics to scan package source code and metadata. It supports scanning local or remote packages and custom rule creation using Semgrep or Yara formats. Integration with GitHub Actions is facilitated through SARIF output for code scanning. |
| 2026-04-16 2026 | tj-actions Supply Chain Attack (CVE-2025-30066) - Sysdig news | Writeup detailing the tj-actions/changed-files supply chain attack (CVE-2025-30066), where a malicious Node.js function was injected to steal GitHub Runner credentials via memory scanning and exfiltration. The writeup covers the attack mechanics, affected repositories, and detection strategies using Falco rules and Sysdig Secure runtime monitoring, emphasizing the need to rotate secrets in affected public and private repositories. |
| 2026-04-16 2026 | tj-actions/changed-files Compromised - Semgrep news | Semgrep rule for detecting compromised GitHub Actions, specifically targeting `tj-actions/changed-files` and `reviewdog/action-setup@v1`. This action, `tj-actions/changed-files`, was previously compromised and may have leaked secrets. The rule helps identify usages of these actions within CI pipelines, enabling prompt remediation and security audits. Users can run this rule locally or within the Semgrep AppSec Platform in blocking mode to prevent further compromise. |
| 2026-04-16 2026 | Most Notable Supply Chain Attacks of 2025 - Kaspersky news | Survey of notable supply chain attacks in 2025, detailing incidents including a RAT in DogWifTools, the US$1.5 billion Bybit heist via Safe{Wallet}, a GitHub Actions compromise targeting Coinbase, backdoors in 21 Magento extensions, ransomware distributed through an MSP exploiting SimpleHelp, injected malicious code in Gluestack npm packages, phishing attacks on npm package maintainers, and the s1ngularity attack on the Nx build system. |
| 2026-04-16 2026 | GitHub Actions Supply Chain Attacks: tj-actions and reviewdog - Hunters news | Analysis of CVE-2025-30066 and CVE-2025-30154 details a CI/CD supply-chain attack targeting GitHub Actions, specifically impacting tj-actions/changed-files and reviewdog/action-setup. Threat actors injected malicious code to exfiltrate secrets by logging them, leveraging unauthorized modifications to repository tags to redirect users to compromised commits. This attack, potentially originating against Coinbase, evolved into a broader campaign, highlighting risks in CI/CD security and necessitating actions like ceasing usage of affected actions and rotating secrets. |
| 2026-04-16 2026 | Supply Chain Cyber Attacks Surge as EU Breach Exposes Weaknesses news | Analysis of supply chain cyber attacks highlights increasing threats via compromised open-source tools like Trivy. Attacks leverage misconfigured GitHub Actions and exploit trust in legitimate update channels to infiltrate cloud systems, harvest credentials, and exfiltrate data. The European Commission breach, affecting multiple EU websites and Union entities, exemplifies how vulnerabilities in components like Trivy can cascade, impacting tens of thousands of repositories and exposing sensitive customer information. |
| 2026-04-16 2026 | Axios Supply Chain Attack Hits OpenAI: Users Urged to Update macOS Certificates news | Axios Supply Chain Attack Hits OpenAI: Users Urged to Update macOS Certificates https://ift.tt/3IP51Bc |
| 2026-04-16 2026 | Defending Supply Chains Software Pipelines Against Nation-State Compromise intermediate | Defending Supply Chains, Software Pipelines Against Nation-State Compromise https://ift.tt/erOhXZ7 |
| 2026-04-16 2026 | Supply chain dependencies: Have you checked your blind spot? beginner | Survey of supply chain cyber risks, highlighting blind spots such as indirect vendor vulnerabilities, compromised software components, and reliance on single vendors. The analysis cites incidents like the 2023 3CX compromise, the 2024 CDK and Change Healthcare ransomware attacks, the 2025 Jaguar Land Rover ransomware attack, and the July 2024 faulty CrowdStrike update to illustrate how disruptions can cascade, impacting businesses, economies, and national security. |
| 2026-04-16 2026 | Over 25K systems exposed by adware app to supply chain compromise news | Library for identifying supply chain risks, exemplified by the Dragon Boss Solutions adware compromise. This adware exposed over 25,000 systems through an unsecured update channel, allowing attackers to push malicious payloads with SYSTEM privileges. The vulnerability was exploitable for approximately $10, and impacted numerous entities including educational institutions, operational technology networks, government organizations, and healthcare institutions globally, with a significant concentration in the U.S. → scworld.com |
| 2026-04-16 2026 | Why Software Supply Chain Security Requires a New Playbook beginner | Library providing techniques for securing software supply chains, addressing risks from malicious dependencies like typosquatting packages, compromised trusted components, and insecure CI/CD pipelines. It advocates for an integrity-driven development approach, shifting from reactive defense to proactive prevention by controlling entry into development environments, verifying code integrity, minimizing access, and real-time monitoring, effectively treating software delivery as a security process. → sonatype.com |
| 2026-04-16 2026 | OpenAI Revokes macOS Signing Certificate After Axios Supply-Chain Attack news | OpenAI Revokes macOS Signing Certificate After Axios Supply-Chain Attack https://ift.tt/E3RXm9G → letsdatascience.com |
| 2026-04-15 2026 | Supply-chain attacks against open source projects could have incredible impact beginner | Analysis of supply-chain attacks targeting open-source security scanners like Trivy, LiteLLM, and Telnyx, where attackers inject credential-stealing malware through GitHub Actions and container images. This compromises development pipelines, impacting thousands of organizations and potentially millions of users. Recommended mitigation includes waiting a week before adopting new open-source packages and implementing review processes to scan for backdoors. |
| 2026-04-15 2026 | GitHub Actions Supply Chain Attack: Trivy Breach & Workflow news | Library detailing the GitHub Actions supply chain attack targeting the Trivy security scanner, where attackers leveraged misconfigured workflows and compromised credentials. This campaign, initially led by Hackerbot-claw and later by the TeamPCP group, resulted in code execution, token exfiltration, malicious artifact injection into Trivy's VSCode extension, and force-pushing of version tags. The attacks later expanded to compromise NPM packages and the Checkmarx AST GitHub Action, highlighting the pervasive risks of insecure CI/CD pipelines. → securityboulevard.com |
| 2026-04-15 2026 | The Future Of GitHub Actions Security And What You Can Do Right Now intermediate | Library for securing GitHub Actions, focusing on proactive measures and current realities. It addresses GitHub's evolving roadmap toward deterministic workflow dependencies, centralized execution policy, and tighter secret scoping. The library helps organizations manage the immediate risks of scattered secrets and compromised automation layers, providing visibility, detection, and remediation for existing environments before platform-level controls are fully implemented. → blog.gitguardian.com |
| 2026-04-15 2026 | Someone bought 30 WordPress plugins and planted backdoors in all of them news | Library detailing the compromise of 30+ WordPress plugins (Essential Plugin portfolio) and Smart Slider 3 Pro via supply chain attacks. The Essential Plugin attack involved purchasing plugins on Flippa, injecting a PHP deserialization backdoor, and activating it to serve SEO spam exclusively to Googlebot. Smart Slider 3 Pro was compromised through its update infrastructure. Both incidents highlight WordPress's lack of mechanisms for reviewing plugin ownership transfers and requiring code signing for updates. |
| 2026-04-15 2026 | 25000 Endpoints Exposed by Dragon Boss Solutions Update Domain Supply Chain Attack news | 25,000+ Endpoints Exposed by Dragon Boss Solutions Update Domain Supply Chain Attack https://ift.tt/urPB6SM → cybersecuritynews.com |
| 2026-04-15 2026 | NetRise Highlights Software Supply Chain Risk and Showcases Provenance at VulnCon news | NetRise Highlights Software Supply Chain Risk and Showcases Provenance at VulnCon https://ift.tt/oecaP7C → tipranks.com |
| 2026-04-15 2026 | OpenAI Rotates macOS Certificates After Axios Supply Chain Attack news | Analysis of OpenAI's response to a supply chain attack targeting the Axios npm package, attributed to a North Korea-linked actor. This incident led to OpenAI rotating its macOS code signing certificates to mitigate risks after a GitHub Actions workflow was compromised. Users of ChatGPT Desktop, Codex, and Atlas applications must update by May 8, 2026, as older versions will cease functioning due to certificate revocation. The attack highlights the vulnerability of dependency management, specifically referencing misconfigurations in pinning package versions. |
| 2026-04-14 2026 | WordPress Supply Chain Attack Hits Thousands of Sites news | Library of WordPress plugins compromised in a supply chain attack, impacting thousands of sites. Attackers leveraged ownership changes of popular extensions to inject backdoors, creating vulnerabilities for data theft and full site control. The incident highlights systemic risks in the open-source ecosystem, emphasizing the need for better plugin governance and transparency in acquisition practices, similar to the SolarWinds breach's impact on enterprise networks. |
| 2026-04-14 2026 | CPUID Supply Chain Attack: STX RAT Malware Distributed via Trojanized CPU-Z and HWMonitor Downloads news | Writeup of the CPUID supply chain attack, detailing how attackers compromised the official website for HWMonitor and CPU-Z, distributing trojanized installers via Cloudflare R2. This attack leveraged DLL sideloading with a malicious cryptbase.dll to execute a five-stage in-memory attack chain, ultimately deploying STX RAT, a remote access trojan capable of stealing credentials, session cookies, and crypto wallet keys. The incident highlights the risks of compromised download channels, affecting global users across various sectors. → rescana.com |
| 2026-04-14 2026 | You Don't Have to Be Hacked to Be Compromised beginner | Analysis of the widespread impact of the Axios JavaScript library compromise by North Korean threat actor UNC1069, highlighting how compromised developer accounts and backdoored packages like WAVESHAPER.V2 demonstrate significant software supply chain risk. This incident underscores the business imperative for robust third-party risk management, including Software Composition Analysis, dependency integrity validation, and comprehensive incident response planning for supply chain scenarios. |
| 2026-04-14 2026 | Trojan Malware Dominates as Supply Chain Attacks Escalate news | Library for detecting trojan malware and supply chain attacks, detailing incidents like SANDWORM_MODE's data harvesting and spreading, the Trivy/LiteLLM campaign abusing trusted tools, and the axios compromise exploiting transitive dependencies. It highlights the escalating trend of attackers injecting malicious code through seemingly legitimate open-source packages and trusted release channels, emphasizing the need for vigilance beyond package names to protect developer and CI environments from credential theft and further compromise. |
| 2026-04-14 2026 | OpenAI Impacted by North Korea-Linked Axios Supply Chain Hack Rotates Security Certificates news | Library compromise impacting OpenAI, where North Korea-linked actors poisoned the Axios JavaScript library on NPM. Malicious versions deployed a RAT, affecting OpenAI's macOS application signing workflow and exposing code-signing certificates. OpenAI rotated certificates and stated no user data or intellectual property was compromised, though older macOS applications will lose support. → cxodigitalpulse.com |
| 2026-04-13 2026 | OpenAIs Mac apps needs an update thanks to the Axios hack news | Library update requiring macOS users to install the latest versions due to a supply-chain attack on the Axios JavaScript library. A North Korean hacking group (UNC1069) injected malware into Axios after compromising its lead maintainer's accounts, impacting downstream software through millions of weekly downloads. OpenAI treated its signing certificate as compromised due to a misconfiguration in its GitHub workflow, even though no evidence suggests user data access or code alteration. |
| 2026-04-13 2026 | OpenAIs macOS app-signing process hit by axios supply chain attack news | Analysis of the axios supply chain attack impacting OpenAI's macOS app-signing process, where malicious versions [email protected] and [email protected] were published to npm, leading to a remote access trojan installation. OpenAI's GitHub Actions workflow for signing apps like ChatGPT Desktop, Codex, and Atlas automatically downloaded the compromised axios 1.14.1, prompting certificate revocation and rotation. The incident highlights risks from misconfigured workflows and a widespread dependency like axios, affecting numerous cloud and code environments. → scworld.com |
| 2026-04-13 2026 | OpenAI rotates macOS certs after Axios attack hit code-signing workflow news | Library for securing applications against supply chain attacks, exemplified by OpenAI's response to a malicious Axios package compromising its GitHub Actions workflow. This incident, linked to UNC1069, led to the rotation of macOS code-signing certificates used for ChatGPT Desktop, Codex, and Atlas to prevent potential misuse of the signing key for distributing malware. OpenAI's investigation found no evidence of compromised certificates or user data, but users must update macOS applications to versions signed with new certificates before May 8, 2026, to avoid functionality loss. → bleepingcomputer.com |
| 2026-04-13 2026 | Distributed Risk: Open-Source Software as Strategic Infrastructure beginner | Analysis of distributed risk highlights how open-source software is strategic infrastructure, vulnerable to upstream compromise attacks like the XZ Utils incident and the Axios package compromise. This "capture, poison, exploit" (CPE) framework details how malicious actors can manipulate project governance, poison distribution channels like npm and PyPI, or exploit known weaknesses such as Log4Shell in unpatched systems, leading to widespread downstream exposure and geopolitical leverage. |
| 2026-04-13 2026 | Axios Breach Fallout: OpenAI's MacOS App Updates Explained news | Library updates address a supply chain attack that compromised the Axios JavaScript library, leading to a potential remote access trojan threat and exploited GitHub Actions workflows targeting OpenAI's macOS applications. OpenAI has rotated its macOS code signing certificate, released new versions of ChatGPT Desktop, Codex App, Codex CLI, and Atlas, and is revoking support for older, vulnerable versions to prevent credential misuse and the distribution of counterfeit software signed with compromised certificates. |
| 2026-04-13 2026 | OpenAI Impacted by North Korea-Linked Axios Supply Chain Hack news | Writeup detailing the Axios supply chain attack, where malicious NPM packages of the popular JavaScript HTTP client were distributed by North Korea-linked hackers. OpenAI was impacted, with a GitHub Actions workflow for macOS app-signing inadvertently downloading and executing a compromised Axios version. While OpenAI believes its macOS signing certificate was not compromised, they are revoking and rotating it as a precaution against potential code signing abuses. Evidence suggests widespread impact, with malicious versions seen in multiple environments. → securityweek.com |
| 2026-04-13 2026 | OpenAI Flags Supply Chain Attack Risk Urges macOS Users news | Library compromise highlights software supply chain risks, as North Korean threat actors are believed to have tampered with the Axios developer tool. This impacted OpenAI's GitHub Actions workflow, which accessed code-signing materials for macOS applications. OpenAI urges users to update ChatGPT Desktop and related tools to the latest versions by May 8 to mitigate potential threats, though investigations found no evidence of user data access or system breaches. |
| 2026-04-13 2026 | OpenAI Revokes macOS App Certificate After Malicious Axios Supply Chain Incident news | Writeup detailing the OpenAI macOS app certificate revocation following a supply chain incident involving the malicious Axios library, which was poisoned by UNC104 and delivered a WAVESHAPER.V2 backdoor. The incident, alongside another targeting Trivy and leading to the deployment of the SANDCLOCK credential stealer and CanisterWorm, highlights widespread risks to open-source ecosystems and cloud environments, with vendors like CrowdStrike, Microsoft, and Trend Micro analyzing related campaigns such as CVE-2026-33634. → thehackernews.com |
| 2026-04-13 2026 | Axios npm Supply Chain Attack Triggers Security Fixes news | Analysis of the Axios npm supply chain attack, linked to North Korea's Lazarus Group (UNC1069), details OpenAI's exposure through a GitHub Actions workflow misconfiguration. The incident involved a malicious version of Axios (v1.14.1) used in OpenAI's macOS app-signing process. OpenAI responded by rotating code-signing certificates, requiring users to update macOS applications, and coordinating with Apple to block notarization attempts with the old certificate. → thecyberexpress.com |
| 2026-04-12 2026 | OpenAI Rotates macOS App Certificates After Axios Supply-Chain Attack Says No User Data Was Breached news | Library for detecting and mitigating supply-chain attacks, exemplified by the Axios vulnerability (version 1.14.1) impacting OpenAI's macOS applications. This resource addresses how compromised third-party developer tools can lead to certificate rotation and requires users to update applications like ChatGPT Desktop, Codex, and Atlas. The incident highlights risks to CI/CD pipelines and code-signing systems, a growing trend where attackers target developer infrastructure rather than end-users directly. |
| 2026-04-12 2026 | Hackers Exploit GitHub Copilot Flaw to Exfiltrate Sensitive Data news | Hackers Exploit GitHub Copilot Flaw to Exfiltrate Sensitive Data https://ift.tt/mHwP0Yn → cybersecuritynews.com |
| 2026-04-12 2026 | OpenAI identifies security issue involving third-party tool says user data was not accessed news | Writeup of a software supply chain attack affecting OpenAI, where a compromised third-party tool, Axios, was downloaded via a misconfigured GitHub Actions workflow. The attack attempted to exfiltrate a signing certificate for macOS applications like ChatGPT Desktop, Codex, and Atlas, but OpenAI's analysis indicates the certificate was likely not compromised. User data, API keys, and passwords remained unaffected. OpenAI is updating security certifications and requiring users to update macOS apps. |
| 2026-04-11 2026 | OpenAI Issues Urgent Warning: macOS Users Must Update ChatGPT & Codex Immediately news | OpenAI Issues Urgent Warning: macOS Users Must Update ChatGPT & Codex Immediately https://ift.tt/ekBf2XK |
| 2026-04-11 2026 | OpenAI Flags ChatGPT Desktop Security Issue After Attack news | Library update highlights supply chain risks in Axios compromise, impacting OpenAI's ChatGPT Desktop and other tools by leveraging malicious code injection via GitHub workflows. This incident forced OpenAI to revoke and replace security certificates, underscoring the need for robust app verification to prevent fake applications. Separately, Google's Pentagon deal for AI integration into classified networks, unlike Anthropic's refusal due to concerns over autonomous weapons and domestic surveillance, raises questions about safeguards and employee dissent within AI firms. |
| 2026-04-11 2026 | DPRK Threat Actor Compromises Axios NPM Package news | Library that analyzes a North Korea-nexus threat actor's compromise of the popular "axios" NPM package. The attacker introduced a malicious dependency, "plain-crypto-js," which acted as an obfuscated dropper for the WAVESHAPER.V2 backdoor across Windows, macOS, and Linux. The dropper uses `postinstall` hooks and OS-specific techniques involving PowerShell, curl, and bash to download and execute platform payloads, aiming for reconnaissance and command execution. GTIG attributes this to financially motivated UNC1069, noting infrastructure overlaps and the evolution of the WAVESHAPER backdoor. → cloud.google.com |
| 2026-04-11 2026 | 16 Minutes to Impact: npm crypto-draining malware news | Library for detecting and mitigating npm supply chain compromises, detailing a September 2025 incident where attackers leveraged phishing to inject cryptocurrency-draining malware into popular JavaScript packages like 'chalk'. The malware intercepted browser traffic and manipulated wallet transactions, highlighting risks to crypto businesses and applications. It also details malware capabilities such as multi-chain targeting, real-time address manipulation, and stealth features designed to evade detection. |
| 2026-04-11 2026 | Widespread npm Supply Chain Attack: Billions at Risk news | Analysis of a widespread npm supply chain attack targeting 18 popular packages, including debug, chalk, and ansi-styles, which are downloaded billions of times weekly. The attack, initiated via phishing and account compromise, injected crypto-stealing malware designed to hijack cryptocurrency transactions by imperceptibly altering destination addresses before user signing. This incident highlights the critical risks inherent in the open-source software supply chain, emphasizing the need for robust security measures to prevent malicious code propagation within development pipelines and cloud environments. → paloaltonetworks.com |
| 2026-04-11 2026 | npm Supply Chain Attack: debug, chalk, and Beyond news | Library for detecting and mitigating widespread npm supply chain attacks, specifically detailing the debug/chalk incident. This resource unpacks how malicious versions of popular packages, including debug and chalk, were distributed and bundled into frontend applications. The attack hijacks browser network and wallet APIs to silently rewrite cryptocurrency recipients and approvals, diverting transactions to attacker-controlled wallets. It highlights the rapid propagation through CI/CD pipelines and the scope beyond initial reports, emphasizing the need for ongoing vigilance and registry updates. → wiz.io |
| 2026-04-11 2026 | The Nx s1ngularity Attack: Inside the Credential Leak news | Tool for scanning local environments for compromise from the Nx s1ngularity supply chain attack. It detects leaked credentials, including GitHub tokens, npm keys, SSH private keys, API keys, and cryptocurrency wallet files, and checks for exploitation of LLM client configuration files for tools like Claude and Gemini. The tool also provides a privacy-preserving service to check if specific secrets were exfiltrated. → blog.gitguardian.com |
| 2026-04-11 2026 | s1ngularity: Nx supply chain attack leaks secrets news | Writeup of the s1ngularity Nx supply chain attack, detailing how malicious Nx build system npm packages led to the exfiltration of sensitive developer assets like cryptocurrency wallets, GitHub tokens, and SSH keys. The attack leveraged AI CLI tools for reconnaissance and initially exfiltrated data to attacker-controlled GitHub repositories, which were later disabled by GitHub. A subsequent phase involved using leaked GitHub tokens to publicly expose over 5500 private repositories. The compromise was attributed to a flawed GitHub Actions workflow using `pull_request_target` with unsanitized pull request titles, granting arbitrary command execution and elevated permissions. → wiz.io |
| 2026-04-11 2026 | CISA 2025 Minimum Elements for SBOM beginner | Guidance on CISA's 2025 Minimum Elements for Software Bill of Materials (SBOM) seeks public comment to update the 2021 NTIA SBOM Minimum Elements. This revised guidance enhances software transparency and supply chain security by providing a detailed inventory of software components, enabling better risk management and vulnerability identification. It emphasizes machine-processable formats for scalable implementation and integration into cybersecurity practices, with comments due by October 3, 2025, via the Federal Register. |
| 2026-04-11 2026 | SLSA 3 Compliance with GitHub Actions and Sigstore intermediate | Library for achieving SLSA 3 compliance, integrating GitHub Actions with Sigstore's Cosign, Fulcio, and Rekor. This solution automates the generation of non-forgeable build provenance for Go projects, enabling verification of software authenticity and build origins. It addresses supply chain security concerns highlighted by incidents like Log4j and Solarwinds, allowing users to audit and replicate builds without managing their own signing keys. → github.blog |
| 2026-04-11 2026 | cosign Verification of npm Provenance and GitHub Attestations intermediate | Library for verifying npm provenance, GitHub Artifact Attestations, and Homebrew provenance using the cosign v2.4.0 release. It demonstrates how to verify artifacts by retrieving bundles containing signed attestations and applying verification policies via command-line flags. The library supports verifying public and private GitHub repositories, and also integrates with Homebrew's provenance. |
| 2026-04-11 2026 | Securing CI/CD After tj-actions and reviewdog Attacks beginner | Guide detailing security hardening for GitHub Actions workflows following the tj-actions/changed-files and reviewdog/action-setup supply chain attacks. It explains the chained exploitation, tag redirection, and log-based exfiltration techniques used by attackers, emphasizing the dangers of mutable tags, unprotected secrets, and overly broad access controls. The guide offers a defense-in-depth blueprint including pinning to commit SHAs, enforcing MFA, enabling tag protection, avoiding persistent credentials, and implementing runtime monitoring to secure CI/CD pipelines. |
| 2026-04-11 2026 | GitHub Actions Supply Chain Attack: Coinbase to tj-actions news | Writeup of a GitHub Actions supply chain attack, detailing how attackers compromised tj-actions/changed-files and reviewdog/action-setup. This multi-layered attack initially targeted Coinbase's open-source project agentkit before escalating to impact thousands of repositories by injecting malicious payloads that leaked CI/CD runner secrets and credentials. The analysis highlights abuse of third-party actions and dependencies, emphasizing the need for detection and prevention steps for consumers and maintainers. → unit42.paloaltonetworks.com |
| 2026-04-11 2026 | tj-actions/changed-files supply chain attack news | Library update detailing a supply chain attack on the tj-actions/changed-files GitHub Action, leading to CVE-2025-30066. The compromise involved a malicious payload that leaked secrets from affected repositories into workflow logs, including AWS access keys, GitHub PATs, and private RSA keys. Mitigation steps include stopping usage of the affected action, rotating leaked secrets, pinning actions to commit hashes, and utilizing GitHub's allow-listing features. The attack vector likely involved compromising a GitHub personal access token. → wiz.io |
| 2026-04-11 2026 | tj-actions/changed-files compromise (CVE-2025-30066) news | Alert detailing a supply chain compromise affecting the tj-actions/changed-files GitHub Action (CVE-2025-30066). This vulnerability, potentially linked to a reviewdog/action-setup@v1 compromise (CVE-2025-30154), allowed for the disclosure of secrets such as access keys, PATs, npm tokens, and private RSA keys. CISA urges users to audit repositories, rotate compromised secrets, and update to patched versions to mitigate this risk. |
| 2026-04-11 2026 | XZ Backdoor CVE-2024-3094 - JFrog news | Analysis of CVE-2024-3094 details a sophisticated supply chain attack on XZ Utils, versions 5.6.0 and 5.6.1, which allowed unauthorized remote SSH access. The malicious payload, injected into the OpenSSH server (SSHD), modified decryption routines using ChaCha20 and Ed448 signatures to enable attackers with a specific private key to execute arbitrary commands or bypass authentication. The article outlines detection methods, remediation steps including downgrading and system restarts, and a kill switch, along with JFrog OSS tools for vulnerability scanning. |
| 2026-04-11 2026 | xz Backdoor CVE-2024-3094 - OpenSSF news | Writeup on CVE-2024-3094, detailing a sophisticated backdoor inserted into xz/liblzma versions 5.6.0 and 5.6.1. The backdoor was obfuscated within distribution tarballs, targeting RPM or DEB packages for x86-64 architecture built with gcc and the gnu linker, with the potential to break sshd authentication. The OpenSSF highlights how community vigilance and the paced release process of Linux distributions helped contain the impact, while emphasizing ongoing efforts to secure the open source supply chain. |
| 2026-04-11 2026 | XZ Utils backdoor (CVE-2024-3094) overview beginner | Reference to CVE-2024-3094 details a significant backdoor discovered in xz-utils versions 5.6.0 and 5.6.1, impacting the sshd binary and enabling remote code execution. The article curates high-quality external analyses, OSINT reports, and technical breakdowns, including information on its distribution across Fedora, Debian, Kali, and Arch Linux. It also provides historical context, referencing past supply chain attack attempts on open-source software dating back to Ken Thompson's work. → securitylabs.datadoghq.com |
| 2026-04-11 2026 | Ultralytics PyPI package delivers coinminer news | Library compromise of Ultralytics PyPI package: Malicious versions 8.3.41, 8.3.42, 8.3.45, and 8.3.46 distributed an XMRig coinminer by exploiting a GitHub Actions script injection. This allowed attackers to execute arbitrary code, leading to multiple releases containing downloader code in __init__.py. The initial compromise involved crafted pull requests to inject malicious payloads, with subsequent malicious versions published due to maintainers not fully locating the breach. This supply chain attack had a significant potential impact due to Ultralytics' widespread adoption. → reversinglabs.com |
| 2026-04-11 2026 | Supply-chain attack analysis: Ultralytics beginner | Analysis of the Ultralytics supply-chain attack details how compromised GitHub Actions and PyPI API tokens led to malicious code injection in versions 8.3.41, 8.3.42, 8.3.45, and 8.3.46. The incident highlights the importance of securing build workflows, the use of Sigstore transparency logs, and PyPI provenance attestations for detecting and preventing future attacks. Recommendations include revoking unused API tokens, configuring GitHub Environments, and publishers auditing workflows for insecure patterns like `pull_request_target`, pinning dependencies, utilizing Trusted Publishers, and avoiding committing binary files. |
| 2026-04-11 2026 | GitLab discovers widespread npm supply chain attack news | Library for detecting and analyzing the "Shai-Hulud" npm supply chain attack, which uses a destructive malware variant. The malware harvests credentials from GitHub, npm, AWS, GCP, and Azure, exfiltrates data, and propagates by infecting other packages. It features a "dead man's switch" that triggers data destruction if its propagation and exfiltration channels are severed, employing techniques like multi-stage loading, credential harvesting, and automated package republishing. |
| 2026-04-11 2026 | Shai-Hulud: Self-Replicating Worm Compromises 500+ NPM Packages news | Library for detecting and analyzing the Shai-Hulud worm, which compromised over 500 NPM packages including @ctrl/tinycolor. This attack featured self-propagation via `NpmModule.updatePackage`, credential harvesting using TruffleHog and cloud SDKs for AWS, GCP, and Azure, and persistence mechanisms involving GitHub Actions workflows. The malware specifically targeted Linux and macOS environments, exfiltrating secrets like GitHub tokens and AWS access keys. |
| 2026-04-11 2026 | Shai-Hulud npm supply chain attack overview news | Writeup on the Shai-hulud npm supply chain attack, a self-replicating worm that compromises npm accounts to infect legitimate packages. This malware inserts malicious code into packages, spreading via `postinstall` scripts, and exfiltrates cloud service tokens (npm, GitHub, AWS, GCP) by installing TruffleHog and targeting specific secrets. The worm also attempts to exfiltrate GitHub tokens via malicious workflows and convert private repositories to public, impacting popular packages like ngx-bootstrap and ng2-file-upload. → reversinglabs.com |
| 2026-04-11 2026 | Shai-Hulud Worm Compromises npm Ecosystem news | Analysis of the Shai-Hulud 2.0 npm worm details its aggressive propagation through pre-install execution, bypassing static analysis. This campaign targets GitHub repositories, stealing credentials for AWS, GCP, and Azure, exfiltrating them to public GitHub repositories, and even attempting to destroy home directories as a fallback. The worm also automates its spread by injecting malicious code into other packages maintained by compromised developers, potentially crippling CI/CD pipelines and leading to significant cloud service compromises. LLMs may have assisted in generating its obfuscated payload. → unit42.paloaltonetworks.com |
| 2026-04-11 2026 | Shai-Hulud 2.0: 25K+ Repos Exposed news | Shai-Hulud 2.0: 25K+ Repos Exposed → wiz.io |
| 2026-04-11 2026 | Shai-Hulud 2.0: Detection and Defense Guidance intermediate | Library providing detection and defense guidance for the Shai-Hulud 2.0 supply chain attack, which compromised numerous npm packages via preinstall scripts and stole credentials using tools like TruffleHog. It details attack propagation paths, the use of fake personas like "Linus Torvalds," and offers mitigation strategies including credential rotation, CI/CD isolation, and leveraging Microsoft Defender for its code scanning, posture management, and runtime anomaly detection capabilities. → microsoft.com |
| 2026-04-11 2026 | Shai-Hulud 2.0 npm worm: analysis intermediate | Analysis of Shai-Hulud 2.0, a self-replicating npm worm that backdoored 796 packages, reveals its sophisticated credential-stealing payload. This worm utilizes the Bun JavaScript runtime to evade detection, harvests credentials from local filesystems and cloud environments (AWS, Google Cloud, Azure) using techniques like `trufflehog` and accessing instance metadata services, and exfiltrates them to public GitHub repositories. It self-propagates by injecting malicious files like `setup_bun.js` and `bun_environment.js` into other npm packages, and can also establish GitHub self-hosted runners for remote code execution via vulnerable GitHub Actions. → securitylabs.datadoghq.com |
| 2026-04-11 2026 | Two different attackers poisoned popular open source tools - and showed us the future of supply chain compromise news | Analysis of supply chain compromise via attacks on Trivy and Axios, demonstrating the future of malware delivery. Attackers leveraged vulnerabilities in open source tools, including a vulnerability scanner and a JavaScript library, to steal secrets and plant backdoors. These incidents highlight the growing threat of sophisticated social engineering and the potential for AI-driven attacks to target developer environments and compromise tens of thousands of organizations. → theregister.com |
| 2026-04-11 2026 | Mac ChatGPT App Gets Urgent Security Update After Supply Chain Threat news | Mac ChatGPT App Gets Urgent Security Update After Supply Chain Threat https://ift.tt/mp4TwQ6 |
| 2026-04-11 2026 | CrowdStrike: Stolen credentials used in Axios npm supply chain attack news | Analysis of the Axios npm supply chain attack, where stolen maintainer credentials were used to inject ZshBucket malware variants across Linux, macOS, and Windows. The attack, attributed by CrowdStrike to Stardust Chollima, demonstrates enhanced malware capabilities including data exfiltration, remote command execution, and a unified JSON-based communication protocol. This incident highlights the significant risk posed by compromised open-source libraries to software supply chains. |
| 2026-04-11 2026 | The Scanner Was the Weapon: 36 Months of Precision Supply Chain Attacks Against DevSecOps Infrastructure advanced | Library detailing 36 months of precision supply chain attacks, highlighting compromises of DevSecOps tools like vulnerability scanners and CI/CD pipelines. It examines the XZ Utils backdoor (CVE-2024-3094), the reviewdog GitHub Actions compromise (CVE-2025-30066 / CVE-2025-30154), and the multi-stage infostealer targeting Aqua Security's Trivy. The analysis reveals attacker sophistication in targeting trusted software, leveraging build-time injection and automated trust exploitation. |
| 2026-04-10 2026 | Crushing the Axios supply chain threat with Tenable Hexa AI: Use cases for agentic AI intermediate | Tool for detecting and mitigating the Axios npm supply chain attack. Tenable Hexa AI, an agentic engine, automates scan configuration, identifies impacted assets, and prioritizes remediation, mirroring workflows applicable to emerging threats like CVEs or zero-days. Specific remediation steps for Axios include downgrading to safe versions, removing phantom dependencies, and rotating secrets. → securityboulevard.com |
| 2026-04-10 2026 | Supply chain attack at CPUID pushes malware with CPU-Z/HWMonitor news | Library for analyzing supply chain attacks, specifically detailing a compromise at CPUID that distributed malware via trojanized versions of CPU-Z and HWMonitor. The attack involved DLL sideloading using a malicious CRYPTBASE.dll and delivered the STX RAT infostealer. This incident highlights a pattern targeting widely used utilities, similar to a prior FileZilla compromise. → bleepingcomputer.com |
| 2026-04-10 2026 | Renovate & Dependabot: The New Malware Delivery System news | Library for detecting supply chain attacks that exploit automated dependency updates. It analyzes how tools like Renovate and Dependabot, designed to streamline updates, can inadvertently accelerate malware distribution. The library highlights real-world incidents, including the compromise of tj-actions/changed-files, Salesloft Drift, Shai-Hulud, trivy-action, and the Axios package, demonstrating how malicious code can be integrated into CI/CD pipelines and production code through compromised dependencies and automated merges. → securityboulevard.com |
| 2026-04-10 2026 | Renovate & Dependabot: The new Malware Delivery System news | Library analyzing how automated dependency updaters like Renovate and Dependabot can inadvertently accelerate malware distribution in supply chain attacks. It details how these tools, designed for efficiency, can bypass security scrutiny by automatically merging malicious package updates, as seen with the Axios and trivy-action compromises. The entry highlights the implicit trust afforded to bot-generated pull requests and their potential to introduce malware rapidly, even into CI/CD pipelines through workflow modifications. → blog.gitguardian.com |
| 2026-04-10 2026 | Supply Chain Attacks Are Exploiting Our Assumptions beginner | Library of techniques for defending against software supply chain attacks, addressing implicit trust assumptions exploited by attackers. It analyzes recent incidents such as the XZ Utils backdoor, npm and PyPI package compromises like `rustdecimal` and `torchtriton`, and attacks leveraging compromised accounts (e.g., `ctrl/tinycolor`, `Nx`, `rspack`). The library highlights methods to move beyond dependency scanning and SBOMs, focusing on verifying code provenance and build integrity to mitigate risks from deceptive doubles, stolen secrets, and poisoned pipelines. → blog.trailofbits.com |
| 2026-04-10 2026 | Protecting Your Software Supply Chain: Typosquatting and Dependency Confusion intermediate | Library detailing typosquatting and dependency confusion attacks on software supply chains. These attacks exploit developers' typographical errors when downloading packages from registries like npm and PyPI, or through compromised dependencies. Real-world examples such as the Codecov and Event Stream breaches highlight how attackers infiltrate systems by mimicking legitimate packages, leading to data breaches, system compromises, and reputational damage. The library provides insights for engineering managers and security practitioners to protect their infrastructure from these evolving threats. → blog.gitguardian.com |
| 2026-04-10 2026 | LiteLLM PyPI Packages Compromised in TeamPCP Supply Chain Attacks news | Library versions 1.82.7 and 1.82.8 of the LiteLLM Python package, a unified interface for AI model switching, were compromised on PyPI by the TeamPCP group. The malicious versions contained a credential stealer and malware dropper, posing significant risks due to LiteLLM's access to API keys and configuration data. This incident is part of a broader campaign by TeamPCP, which also targeted Aqua's Trivy scanner and CheckMarx's VS Code extensions. Sonatype advises affected organizations to remove the malicious package, rotate credentials, and investigate for persistence mechanisms. → helpnetsecurity.com |
| 2026-04-10 2026 | Supply-Chain Attack Defense: Developer Host Machine Hardening intermediate | Library for hardening developer host machines against supply-chain attacks, detailing configurations for Python (pip, uv) and JavaScript/TypeScript (npm, pnpm, yarn, bun). It implements defenses such as release age gates and disabling install scripts, referencing techniques like `uv`'s `exclude-newer` and `npm`'s `min-release-age` and `ignore-scripts`. The guide also provides guidance on verifying AI-suggested packages and detecting suspicious package behavior through tools like Socket.dev. |
| 2026-04-10 2026 | TeamPCP Credential Infostealer Chain Attack Reaches Python's LiteLLM news | Library for detecting credential infostealer supply chain attacks, specifically detailing the TeamPCP campaign targeting Python's LiteLLM. This multi-stage attack chain exploits vulnerabilities in Trivy, GitHub Actions, Docker images, and npm packages, ultimately compromising LiteLLM through a malicious `.pth` file executed upon interpreter startup. The malware harvests a wide array of credentials including SSH keys, cloud provider secrets, Kubernetes tokens, and Git credentials, exfiltrating them to a compromised domain, and can deploy privileged DaemonSets in Kubernetes environments. |
| 2026-04-10 2026 | Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers news | Library for interacting with the dYdX v4 protocol, compromised versions of the JavaScript (`@dydxprotocol/v4-client-js`) and Python (`dydx-v4-client`) packages have been found to steal cryptocurrency wallet credentials and, in the Python version, execute remote access trojans. Threat actors inserted malicious code into core registry files, exploiting developer account compromise to distribute these poisoned updates across ecosystems. The attack also highlights risks associated with un-published packages on npm, where typosquatting can lead to malware distribution. → thehackernews.com |
| 2026-04-10 2026 | N. Korean Hackers Spread 1,700 Malicious Packages Across npm, PyPI, Go, Rust news | Library detailing the Contagious Interview campaign, which has released over 1,700 malicious packages across npm, PyPI, Go, Rust, and Packagist. These packages, including `dev-log-core`, `logutilkit`, and `github[.]com/golangorg/formstash`, function as malware loaders, distributing infostealers and RATs capable of post-compromise activity. The malicious code is concealed within legitimate functions, making detection challenging. → thehackernews.com |
| 2026-04-10 2026 | The Next Wave of Supply Chain Attacks: NPM, PyPI, and Docker Hub news | Survey connecting supply chain attacks across npm, PyPI, and Docker Hub, highlighting root causes like maintainer phishing and weak authentication, as seen in incidents involving npm packages like chalk and debug, PyPI packages like num2words, and official Debian base images on Docker Hub. It emphasizes the danger of malicious content persistence and reactive detection, pointing out how stolen credentials and exploitable registry gaps allow attackers to poison ecosystems. |
| 2026-04-10 2026 | PyPI, npm, and the New Frontline of Software Supply Chain Attacks news | Library for analyzing software supply chain attacks, detailing incidents involving Trivy (CVE-2026-33634), LiteLLM, Telnyx, and Axios. These attacks targeted popular open-source packages and developer tooling, with attackers gaining unauthorized access to trusted projects and injecting malicious code. The primary objective was credential theft, including cloud keys and SSH keys, with some incidents also exfiltrating cryptocurrency wallet files. The library highlights the need for dependency hygiene and strong CI/CD security controls, such as pinning package versions, atomic credential rotation, and restricting egress from CI/CD runners. |
| 2026-04-10 2026 | Malicious PyPI and npm Packages Exploiting Dependencies in Supply Chain Attacks news | Library detailing malicious PyPI and npm packages exploiting supply chain vulnerabilities. The `termncolor` PyPI package, leveraging the `colorinal` dependency, employed DLL side-loading via `vcpktsvr.exe` and `libcef.dll` for persistence and command-and-control communication. Similarly, compromised npm packages like `redux-ace` and `rtk-logger` targeted developers via job assessments, harvesting credentials and system data. These incidents highlight risks from automated dependency upgrades, exemplified by the `eslint-config-prettier` compromise. → thehackernews.com |
| 2026-04-10 2026 | Supply Chain Attack: How Attackers Weaponize Software beginner | Library detailing software supply chain attacks, explaining how attackers weaponize trust in open source packages from registries like npm and PyPI, CI/CD platforms such as GitHub Actions, and cloud SDKs from vendors like AWS. It covers how compromised developer accounts, malicious updates, or abused CI/CD credentials can lead to vulnerabilities, citing the CCleaner incident as an example of malicious code injected into a digitally signed release. |
| 2026-04-10 2026 | 2026 Supply Chain Security Report: Attack Analysis news | Report analyzing the 2025-2026 supply chain attack landscape, including the multi-wave Shai-Hulud campaigns, the s1ngularity attack on Nx, GhostActions on PyPI, and the September npm hijacking. It details common attack patterns like credential compromise, install-time execution, cross-ecosystem propagation, and CI/CD pipeline exploitation, noting incidents at Jaguar Land Rover and Marks & Spencer, alongside F5 BIG-IP source code theft. The report also maps supply chain security requirements to SOC 2 and ISO 27001 compliance frameworks. |
| 2026-04-10 2026 | Securing Software Supply Chains: 2026 Priorities beginner | Survey of 2026 software supply chain security priorities, this event discussed critical infrastructure needs driven by AI-generated code and open-source components. Key themes included visibility gaps in AI and open-source, challenges aligning compliance with operations, and the necessity for better coordination across security, policy, and procurement teams. It also highlighted the importance of organizational resilience through role clarity, consistent third-party oversight, context-guided modernization, stronger compliance execution, improved metrics, and enhanced collaboration across sectors to address evolving threats. |
| 2026-04-10 2026 | 2026 Software Supply Chain Report news | Report detailing the 2025 evolution of open source malware, with over 454,600 new malicious packages identified across major registries like npm and PyPI. The report highlights industrialized campaigns by state-linked entities such as the Lazarus Group, who deployed sophisticated multi-stage payload chains and introduced self-replicating malware like Shai-Hulud. Attacks increasingly leverage typosquatting, namespace confusion, and toolchain masquerading to target developer and build environments, with observed behaviors including TEA token harvesting, secrets exfiltration, and backdoor deployment. → sonatype.com |
| 2026-04-10 2026 | Supply Chain Attacks 2025-2026: Axios, Shai-Hulud, and More news | Analysis of supply chain attacks from 2025-2026 details incidents like the Axios npm RAT, Shai-Hulud worm, Chalk/Debug compromise, Nx/s1ngularity attack, and the TeamPCP campaign. These attacks exploited compromised npm accounts, typosquatting, build pipeline infiltration, and dependency confusion across npm, PyPI, GitHub Actions, and container registries. The analysis explains common attack vectors, impact including credential exfiltration and crypto wallet draining, and outlines detection and automated remediation strategies for security teams. |
| 2026-04-09 2026 | Inside the TeamPCP cascading supply chain attack news | Library for detecting and mitigating supply chain attacks, detailing the TeamPCP campaign that compromised the telnyx and LiteLLM PyPI packages, as well as Checkmarx extensions on Open VSX. The attacks leveraged stolen credentials to inject malicious code, exfiltrating cloud secrets and tokens, impacting security tools like Trivy and KICS GitHub Actions, and demonstrating the risks of unverified dependencies. → reversinglabs.com |
| 2026-04-09 2026 | Hackers Expose Vulnerabilities in Software Supply Chains news | Library for detecting and mitigating software supply chain risks, exemplified by the Axios NPM package compromise attributed to North Korea-nexus threat actor UNC1069. This incident highlights how attackers exploit trust relationships in development workflows, injecting malicious code like WAVESHAPER.V2 via compromised maintainer accounts. The attack vector, involving a JavaScript dropper with obfuscation, demonstrates the cascading impact of transitive dependencies across development ecosystems, leading to potential credential theft, system compromises, and extortion. |
| 2026-04-09 2026 | LiteLLM PyPI Supply Chain Attack Reaches Mercor: Two Poisoned Releases AI Gateway Credential Risk and the Fallout That Froze Work news | Library detailing a LiteLLM PyPI supply chain attack, specifically versions 1.82.7 and 1.82.8, which compromised AI gateway credentials. The incident highlights the risks of poisoned releases and the propagation of credential exposure through automated build systems and startup mechanism abuse. Remediation involves dependency verification, secret rotation, and auditing egress traffic, emphasizing the critical need for secure pipelines and hash validation protocols for third-party code. |
| 2026-04-09 2026 | Compromised litellm PyPI Package Delivers Multi-Stage Credential Stealer news Python | Library for Python that, when compromised in versions 1.82.7 and 1.82.8, acted as a multi-stage credential stealer. The malicious code within the popular litellm package could exfiltrate sensitive data including API keys, environment variables, cloud credentials (AWS, GCP, Azure), and Kubernetes secrets. It deployed a three-layer payload for reconnaissance, data harvesting, and establishing persistence, potentially linked to TeamPCP and LAPSUS$. → sonatype.com |
| 2026-04-08 2026 | Axios Compromised: The Supply Chain Attack Shows How Thin the Line Between Everyday Packages and Malicious Code Has Become news | Analysis of the Axios supply chain attack, where malicious dependency plain-crypto-js was injected into Axios versions 1.14.1 and 0.30.4 on March 31, 2026. Google Threat Intelligence and Microsoft confirmed the incident, linking it to UNC1069 and WAVESHAPER.V2 malware, with affected platforms including Windows, macOS, and Linux. The attack leveraged trust in everyday packages, potentially leading to RAT payload downloads and credential exfiltration in CI systems and build pipelines, highlighting the vulnerability of software supply chains. |
| 2026-04-08 2026 | Why the Next Supply Chain Shock Will Come From Cyber Not Shortages news | Analysis of third-party cyber risk highlights how compromised suppliers like Collins Aerospace and the retailer Mango cause widespread disruption. Current reliance on static assessments is insufficient; a shift to continuous assurance is necessary. This involves embedding security into partnership agreements, ongoing verification through audits and monitoring, and aligning with frameworks like NIST 800-53 and ISO 27001 to manage the digital supply chain proactively. |
| 2026-04-08 2026 | Your developers work for cyber gangs news | Library for securing open-source dependencies, addressing risks highlighted by March 2026 supply chain attacks. These incidents included credential theft via compromised scanners like Aqua Security's Trivy, invisible malware injection using Unicode payloads by GlassWorm, and a North Korean state actor hijacking the popular axios npm package. The library also covers the challenges posed by blockchain-based command-and-control infrastructure, making traditional takedown methods ineffective. |
| 2026-04-07 2026 | Malware distributed via ILSpy WordPress domain breach news | Library of techniques for mitigating supply chain attacks, specifically addressing the recent ILSpy WordPress domain breach. This incident involved malware distribution through a compromised official WordPress site, luring developers to install malicious browser extensions. The attack highlights the increasing threat of actors targeting software supply chains, urging developers to strengthen URL verification, utilize official repositories, and exercise caution with unsolicited browser extensions. → scworld.com |
| 2026-04-07 2026 | Guardarian Users Targeted With Malicious Strapi NPM Packages news | Library of 36 malicious NPM packages targeting Strapi users, discovered by SafeDep, delivered payloads for Redis code execution, Docker container escape, credential harvesting, and reverse shell deployment. Payloads exploited Redis instances for webshells and reverse shells, escaped Docker containers, and targeted PostgreSQL databases. The campaign specifically aimed at Guardarian users, exfiltrating configurations and API modules, with attackers pivoting to reconnaissance and data collection after initial aggressive approaches failed. → securityweek.com |
| 2026-04-07 2026 | Behind the Scenes: How StepSecurity Detected and Helped Remediate the Largest npm Supply Chain Attack news | Analysis of the largest npm supply chain attack detailing StepSecurity's real-time detection of a compromised axios package. The incident involved a state-sponsored actor hijacking the popular HTTP client, inserting a malicious dependency, and actively deleting GitHub issues to conceal the compromise. StepSecurity utilized its AI Package Analyst and Harden-Runner to identify suspicious indicators and anomalous network activity, enabling rapid notification and remediation efforts for customers. |
| 2026-04-07 2026 | Malicious Axios npm Packages Trigger Supply Chain Attack: How Attackers Could Access Crypto Wallets and API Keys news | Malicious Axios npm Packages Trigger Supply Chain Attack: How Attackers Could Access Crypto Wallets and API Keys https://ift.tt/y4GF6z0 |
| 2026-04-07 2026 | Poisoned Axios Package Linked To Cross-Platform Malware Delivery Campaign news | Poisoned Axios Package Linked To Cross-Platform Malware Delivery Campaign https://ift.tt/g6zZsCJ → cyberpress.org |
| 2026-04-07 2026 | Guardarian Users Targeted in Supply Chain Attack via Malicious Strapi NPM Packages news | Writeup of a supply chain attack targeting Guardarian users via malicious Strapi NPM packages. Threat actors published 36 fake packages, disguised as Strapi plugins, designed to deliver payloads including remote shells, Docker escape, and credential harvesting. Techniques involved exploiting Redis, targeting PostgreSQL, scanning for wallet files, exfiltrating Strapi configurations, and establishing persistent access. The attack evolved from aggressive payloads to reconnaissance and targeted credential theft, specifically for the Strapi ecosystem. → cxodigitalpulse.com |
| 2026-04-07 2026 | Chainguard Emphasizes Short-Lived Tokens to Address Software Supply Chain Risks news | Chainguard Emphasizes Short-Lived Tokens to Address Software Supply Chain Risks https://ift.tt/pUAHQc3 → tipranks.com |
| 2026-04-07 2026 | North Korean Hackers Target High-Profile Node.js Maintainers news | Analysis of UNC1069's social engineering campaign targeting Node.js maintainers, including those involved with Socket, Platformatic, Dotenv, and the Node.js Security Working Group. These attackers employ detailed, multi-week lures, mirroring tactics seen in Operation Dream Job and Contagious Interview, to trick high-profile maintainers into executing malware, as evidenced by the Axios supply chain attack. → securityweek.com |
| 2026-04-07 2026 | Avocado warns on code repository supply chain attacks news | Avocado warns on code repository supply chain attacks https://ift.tt/I76zWlE |
| 2026-04-07 2026 | Avocado warns on code repository supply chain attacks news | Avocado warns on code repository supply chain attacks https://ift.tt/SyPbT1q |
| 2026-04-06 2026 | AI-Assisted Supply Chain Attack Targets GitHub news | AI-Assisted Supply Chain Attack Targets GitHub https://ift.tt/W3OMdbX → darkreading.com |
| 2026-04-06 2026 | Researchers Uncover 36 Rogue npm Packages Delivering Redis RCE and Persistent Malware news | Researchers Uncover 36 Rogue npm Packages Delivering Redis RCE and Persistent Malware https://ift.tt/eSV5lXZ → cyberpress.org |
| 2026-04-06 2026 | How to Prevent OWASP Software Supply Chain Failures intermediate | Reference for preventing OWASP A03:2025 Software Supply Chain Failures, emphasizing continuous third-party monitoring, SBOM management, and device fingerprinting. This category, ranked number one in community surveys, encompasses compromises in building, distributing, or updating software, often through third-party code or tools. Effective strategies involve preventive controls like SBOM and dependency governance, alongside detective controls that monitor for abnormal behavior, addressing risks such as using obsolete functions and unmaintained components, and validating software integrity and provenance. |
| 2026-04-06 2026 | Axios Compromise on npm Introduces Hidden Malicious Package news | Writeup on the axios npm compromise, where attackers hijacked an account to publish malicious versions (axios@1.14.1, axios@0.30.4) that silently introduced a hidden dependency on `plain-crypto-js@4.2.1`. This technique, tracked as sonatype-2026-001623 and sonatype-2026-001622 respectively, leveraged npm's postinstall scripts to execute obfuscated code, download a RAT, and spread to other packages like those in the OpenClaw ecosystem. → sonatype.com |
| 2026-04-06 2026 | NPM Supply Chain Attacks Explained: Dependency Confusion Exploits and Defense intermediate | Library detailing NPM supply chain attacks, focusing on dependency confusion exploits and defense strategies. It analyzes significant incidents like the 2025 NPM Phishing Hack compromising chalk and debug, the Shai-Hulud malware worm targeting credentials and proliferating through postinstall scripts, and the 2026 SANDWORM_MODE exploit poisoning AI toolchains via typosquatting. The library also covers critical NPM vulnerabilities such as install-time arbitrary code execution and extreme dependency depth, and outlines bug bounty methodologies for hunting dependency confusion. |
| 2026-04-06 2026 | Axios npm Package Compromised in Supply Chain Attack news | Library compromised in a supply chain attack affecting axios@1.14.1 and axios@0.30.4 via the malicious plain-crypto-js@4.2.1 package. The attack, originating from a hijacked maintainer account, poisoned both the 1.x and 0.x branches of the popular npm HTTP client. Mitigation strategies include rolling back to unaffected versions, pinning dependencies, or using alternative HTTP clients like the native fetch API, got, or ky. |
| 2026-04-06 2026 | The 2026 Guide to Software Supply Chain Security beginner | The 2026 Guide to Software Supply Chain Security |
| 2026-04-05 2026 | Week in review: Axios npm supply chain compromise critical FortiClient EMS bugs exploited news | Library of security news and analysis detailing recent exploits including the Axios npm supply chain compromise, FortiClient EMS vulnerabilities (CVE-2026-35616, CVE-2026-21643), Cisco IMC auth bypass (CVE-2026-20093), and a Google Chrome zero-day (CVE-2026-5281). It also covers the emergence of EvilTokens for Microsoft 365 phishing, malware distribution via Claude Code leaks, and TrueConf zero-day exploitation targeting government networks. → helpnetsecurity.com |
| 2026-04-05 2026 | 36 Malicious npm Packages Exploited Redis PostgreSQL to Deploy Persistent Implants news | Library of 36 malicious npm packages disguised as Strapi CMS plugins, which exploit Redis and PostgreSQL to deploy persistent implants, harvest credentials, and execute reverse shells. These packages, uploaded under fake developer accounts, utilize the `postinstall.js` script to execute payloads including Docker container escape, system reconnaissance, and PostgreSQL database exploitation with hardcoded credentials. The campaign's evolution shows a pivot from aggressive exploitation to data collection and targeted credential theft, potentially indicating a cryptocurrency platform attack. → thehackernews.com |
| 2026-04-04 2026 | Hackers breached the European Commission by poisoning the security tool it used to protect itself news | Library for securing applications, focusing on supply chain attacks. This library addresses vulnerabilities exploited in tools like Trivy, as demonstrated by the European Commission breach. It highlights the risks of compromised open-source security software and the sophisticated tactics employed by threat actors such as TeamPCP and ShinyHunters, who leveraged techniques like credential harvesting and force-pushing malicious code to gain unauthorized access and exfiltrate sensitive data. |
| 2026-04-04 2026 | Supply Chain Attacks Surge in March 2026 news | Library for detecting and mitigating supply chain attacks impacting open-source software. It details compromises of the Axios NPM package, which distributed a cross-platform RAT via a hidden dependency ([email protected]), and the LiteLLM PyPI package, which aimed to harvest cloud credentials and SSH keys using a malicious `.pth` file and obfuscated payloads. Recommendations include reviewing lockfiles, searching for malicious domains, using SCA tools, implementing MFA, and revoking compromised secrets. → securityboulevard.com |
| 2026-04-04 2026 | Supply chain attack on Axios npm package: Scope impact and remediations intermediate | Analysis of the Axios npm package supply chain attack details how attackers compromised versions 1.14.1 and 0.30.4 by injecting a malicious dependency, `plain-crypto-js`, which executed a remote access trojan dropper. This attack, targeting a popular HTTP client, poses significant risks of data theft, including credentials and API keys. The article stresses the need for immediate incident response, secret rotation, and proactive defense strategies like dependency pinning and environment scanning to mitigate future supply chain compromises. → securityboulevard.com |
| 2026-04-04 2026 | How critical Axios NPM package got hacked: maintainer shared full story intermediate | How critical Axios NPM package got hacked: maintainer shared full story https://ift.tt/cqQuNFB → cybernews.com |
| 2026-04-04 2026 | UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack intermediate | Writeup detailing UNC1069's sophisticated social engineering campaign that compromised the Axios npm package. Threat actors, identified as North Korean, meticulously cloned company founders and branding to build rapport, then used fake Slack workspaces and Microsoft Teams calls to trick maintainers into downloading remote access trojans. This allowed them to steal npm credentials and publish trojanized versions (1.14.1 and 0.30.4) containing the WAVESHAPER.V2 implant, demonstrating a scalable pattern targeting high-impact open-source maintainers to poison the software supply chain. → thehackernews.com |
| 2026-04-04 2026 | European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack news | Writeup detailing the European Commission's data breach, confirming over 300GB of data theft from its AWS environment. Hackers exploited an API key compromised during the TeamPCP-led supply chain attack on Aqua Security's Trivy vulnerability scanner. The attackers leveraged tools like TruffleHog to discover secrets and exfiltrate data related to 71 clients of the Europa web hosting service, with the stolen information later appearing on the ShinyHunters leak site. → securityweek.com |
| 2026-04-04 2026 | Mercor faces class action lawsuit after supply chain attack news | Lawsuit against Mercor alleges failure to implement basic cybersecurity protections, including multifactor authentication and data encryption, leading to a supply chain attack via the LiteLLM open-source software tool. The breach, attributed to the Lapsus$ group, reportedly exposed over 40,000 individuals' sensitive personal data. The suit seeks damages for identity theft, fraud, and invasion of privacy, demanding significant overhauls to Mercor's data security systems and program. |
| 2026-04-03 2026 | The developer credential economy: Why exposure data is the new front line in the supply chain war news | Analysis of the "Developer Credential Economy" highlights how supply chain attacks leverage exposed developer credentials, such as API keys and cloud access tokens, creating a lucrative black market. Endpoint detection and response (EDR) tools are insufficient as they operate reactively and lack visibility into CI/CD environments where credential theft occurs. A Continuous Threat Exposure Management (CTEM) strategy is crucial for proactively identifying and eliminating exposure conditions like long-lived access tokens before they can be exploited, as demonstrated by the Axios and Anthropic Claude Code incidents. → securityboulevard.com |
| 2026-04-03 2026 | North Korean hackers blamed for hijacking popular Axios open source project to spread malware news | Library hijack of the popular JavaScript tool Axios, hosted on npm, is attributed to suspected North Korean hackers (UNC1049). The attackers compromised a developer account to push malicious versions containing a remote access trojan, impacting millions of developers and representing a significant supply chain attack. Security firms like StepSecurity and Aikido investigated, with Aikido advising users who downloaded the compromised code to assume their systems are compromised. The malware was designed to self-delete, complicating detection. → techcrunch.com |
| 2026-04-03 2026 | Do not get high(jacked) off your own supply (chain) news | Analysis of recent supply chain attacks targeting widely used libraries like Axios and projects like Trivy, highlighting the impact of vulnerabilities such as React2Shell and Log4j. The entry emphasizes the ongoing threat posed by compromised open-source components and the necessity of securing CI/CD pipelines, maintaining software inventories, and implementing fundamental security practices like MFA and robust logging. |
| 2026-04-03 2026 | 12 Months That Changed Supply Chain Security - 2025 Month by Month news | Survey of 2025 supply chain threats, month by month, detailing targeted developer compromises, CI/CD manipulation, and open-source module poisoning. Notable incidents include Lazarus Group's Operation 99 and Operation Marstech Mayhem, PlushDaemon's attack on IPany, UAC-0212 exploiting CVE-2024-38213, the compromise of GitHub Action tj-actions/changed-files via CVE-2025-30066, Scattered Spider's DragonForce ransomware attacks, and the theft of Solana keys via PyPI packages. The analysis highlights the escalating scale and sophistication of attacks across ecosystems, cloud platforms, and critical infrastructure. |
| 2026-04-03 2026 | Securing the Software Supply Chain: OpenSSF, SLSA, SBOM, and Sigstore intermediate | Securing the Software Supply Chain: OpenSSF, SLSA, SBOM, and Sigstore |
| 2026-04-03 2026 | OWASP Top 10 2025: A03 Software Supply Chain Failures (Beginner's Guide) beginner | Guide to OWASP Top 10 2025: A03 Software Supply Chain Failures, this entry details common attack vectors such as malicious packages, compromised CI/CD systems, and vulnerable components, citing real-world examples like SolarWinds, Log4j (CVE-2021-44228), and the XZ Utils backdoor (CVE-2024-3094). It offers practical countermeasures including SBOM generation, continuous dependency scanning, artifact signing, and CI/CD hardening, aligning with community concerns over this critical risk. |
| 2026-04-03 2026 | SLSA Framework: The Definitive Guide for Securing Your Software Supply Chain intermediate | Library detailing the SLSA (Supply-chain Levels for Software Artifacts) framework, designed to secure the software supply chain against attacks like SolarWinds and Log4Shell. It defines incremental security levels for build processes, focusing on verifiable provenance metadata and automated enforcement. The library explains SLSA's core concepts, including provenance structure, cryptographic signing with Sigstore (Cosign, Fulcio, Rekor), and its alignment with NIST SSDF and EO 14028. It breaks down SLSA's benefits for AppSec engineers and security professionals looking to prevent tampering, ensure artifact integrity, and secure build infrastructure. |
| 2026-04-03 2026 | Five Key Flaws Exploited in 2025's Software Supply Chain Incidents news | Analysis of five major 2025 software supply chain incidents, detailing exploitation campaigns targeting critical vulnerabilities. These include the React2Shell RCE flaw (CVE-2025-55182) in React.js, exploited by nation-state groups; the Shai Hulud 2.0 worm that poisoned thousands of npm packages; and the Clop group's exploitation of a zero-day RCE vulnerability (CVE-2025-61882) in Oracle E-Business Suite. The analysis highlights the impact of these exploits on numerous organizations and the increasing sophistication of supply chain attacks. → infosecurity-magazine.com |
| 2026-04-03 2026 | Predictions for Open Source Security in 2025 | OpenSSF news | Survey of open source security predictions for 2025, highlighting increased risks from state actors and AI. The xz Utils backdoor incident illustrates vulnerabilities in widely adopted open source projects, often maintained by few volunteers. Generative AI can accelerate vulnerability discovery and sophisticated social engineering attacks, enabling attackers to scale efforts previously requiring nation-state resources. While AI also offers defensive capabilities, the increased attack surface and potential for malicious code injection necessitates greater investment and vigilance in open source supply chains. |
| 2026-04-03 2026 | Supply Chain Attacks in Q4 2025: From Isolated Incidents to Systemic Failure Modes news | Survey of systemic supply chain failure modes observed in Q4 2025, including exploits against developer tooling and distribution channels. Case studies like Shai-Hulud (npm) and GlassWorm (VS Code marketplaces) highlight attackers leveraging implicit trust and identity abuse for widespread compromise, while the F5 BIG-IP breach demonstrates vendor compromise propagating downstream. These incidents illustrate how attacks bypassed traditional defenses by targeting dependencies, identities, and update mechanisms, leading to deep initial access and significant "trust debt" across the software supply chain. |
| 2026-04-03 2026 | Supply Chain Security in CI: SBOMs, SLSA, and Sigstore intermediate | Library for enhancing CI/CD supply chain security, enabling practical implementation of SBOMs, SLSA provenance, and artifact signing using tools like Syft, cosign, and Grype. It details how to generate CycloneDX or SPDX SBOMs, capture build provenance with SLSA generators, and sign container images or blobs with Sigstore's keyless or key-based signing. The library aids in creating auditable builds, ensuring release integrity, and automating vulnerability scanning by integrating SBOMs with scanners. |
| 2026-04-03 2026 | SLSA - Supply-chain Levels for Software Artifacts intermediate | Framework for establishing and improving software supply chain security. SLSA offers a set of standards and controls designed to prevent tampering and enhance the integrity of software packages and infrastructure. It provides four compliance levels, each building on industry-recognized best practices for source code, builds, and dependencies, to create a common language for assessing software supply chain security and protecting against advanced threats. |
| 2026-04-03 2026 | A03 Software Supply Chain Failures - OWASP Top 10:2025 beginner | Reference to OWASP Top 10:2025 A03 Software Supply Chain Failures, this entry details breakdowns in software building, distribution, or updates caused by third-party code, tools, or dependencies. It highlights risks like unpatched components (e.g., CWE-1104, CWE-1395), untracked dependencies, and vulnerable CI/CD pipelines, referencing attacks like SolarWinds, Bybit theft, and the Shai-Hulud npm worm, and vulnerable CVEs such as CVE-2017-5638. Prevention involves robust SBOM management, continuous vulnerability monitoring (CVE, NVD, OSV), securing developer tools, and implementing strict change and hardening processes for repositories and build servers. → owasp.org |
| 2026-04-03 2026 | Mercor Breach Linked to LiteLLM Attack Raises AI Supply Chain Security Concerns news | Library compromise of LiteLLM, a Python Package Index tool, led to the Mercor breach via a supply chain attack. Attackers injected malicious code, exploiting stolen credentials to upload harmful versions of the library, which automated pipelines then downloaded. This incident exposed sensitive data, including user information, credentials, and proprietary assets, impacting numerous companies and raising significant concerns about AI supply chain security, open-source vulnerabilities, and the tactics of groups like TeamPCP and Lapsus$. |
| 2026-04-03 2026 | North Korean hackers implicated in major supply chain attack news | North Korean hackers implicated in major supply chain attack https://ift.tt/qYWBvLI |
| 2026-04-03 2026 | Source Code Leaks Highlight Lack of Supply Chain Oversight news | Analysis of recent supply chain attacks, including compromises of Trivy, Axios, and Anthropic's Claude Code, reveals significant vulnerabilities in development pipelines and credential management. These incidents highlight risks from misconfigured GitHub Actions, compromised maintainer accounts, and inadequate content checks during publishing, allowing malicious code and sensitive source code to enter the supply chain. Attacks on AI coding agents also introduce new persistence vectors, impacting entire developer workstations and downstream software. → darkreading.com |
| 2026-04-03 2026 | Open Source Security Tool Trivy Hit by Supply Chain Attack Prompting Urgent Industry Response news | Tool Trivy was compromised in a supply chain attack, with malicious release v0.69.4 briefly distributed, exfiltrating sensitive data and executing malicious code. Attackers leveraged compromised credentials and manipulated release processes, impacting downstream systems and related tooling like GitHub Actions. This incident highlights the vulnerability of trusted open source scanners and CI/CD pipelines, prompting calls for artifact integrity verification, credential scoping, and zero-trust principles in software supply chains. |
| 2026-04-03 2026 | Supply chain blast: Top npm package backdoored to drop dirty RAT on dev machines news | Library alert detailing a sophisticated npm supply chain attack where a hijacked maintainer account for the popular Axios package (used by 100 million weekly) introduced two backdoored versions: axios@1.14.1 and axios@0.30.4. Attackers bypassed CI/CD pipelines, publishing a malicious dependency, plain-crypto-js@4.2.1, which delivered cross-platform remote-access trojans (RATs) tailored for macOS, Windows, and Linux. This highly organized campaign, attributed to suspected North Korean threat actor UNC1069, highlights the significant risks associated with compromised dependencies and the need for robust application security practices. → theregister.com |
| 2026-04-03 2026 | Axios supply chain attack victim posts postmortem to prevent a repeat news | Writeup detailing the Axios supply chain attack by North Korean group UNC1069, which injected Remote Access Trojans (RATs) via malicious versions `axios@1.14.1` and `axios@0.30.4`. The attack leveraged social engineering, including a fake Microsoft Teams call, and delivered payloads through the `plain-crypto-js@4.2.1` dependency. Remediation involves downgrading Axios, cleaning dependencies, rotating credentials, and monitoring network connections to `sfrclak.com`. Axios is implementing OIDC-based publishing and immutable releases to prevent future incidents. → techzine.eu |
| 2026-04-03 2026 | Axios Compromised With A Malicious Dependency news | Library for detecting and mitigating the Axios supply chain attack where versions 0.30.4 and 1.14.1 were compromised via the malicious dependency `plain-crypto-js` version 4.2.1. This attack installs a Remote Access Trojan (RAT) on Windows, macOS, and Linux systems, enabling attackers to gain complete control. Immediate actions include rotating credentials, pinning dependencies, and treating affected machines as fully compromised. The library can help identify affected versions and provide context on the attack's mechanisms across different operating systems. → ox.security |
| 2026-04-03 2026 | Mitigating the Axios npm supply chain compromise intermediate | Analysis of a recent Axios npm supply chain compromise reveals North Korean state actor Sapphire Sleet injected malicious dependencies into popular Axios versions 1.14.1 and 0.30.4. These compromised packages, utilizing a fake runtime dependency `plain-crypto-js@4.2.1` with silent install-time code execution, connected to a Sapphire Sleet-controlled C2 server at `hxxp://sfrclak[.]com:8000/6202033` to download platform-specific remote access trojan (RAT) payloads for Windows, macOS, and Linux. The attack highlights the risks of poisoned open-source frameworks, enabling actors to achieve broad downstream impact by compromising widely adopted libraries. → microsoft.com |
| 2026-04-03 2026 | North Korean hackers bug software used by thousands of US companies in potential crypto heist attempt news | Library: Axios, a software package used by thousands of US companies, was compromised in a supply-chain attack attributed to suspected North Korean hackers. This incident allowed unauthorized access to malicious updates, potentially enabling cryptocurrency theft to fund North Korea's nuclear and missile programs. Experts anticipate a lengthy recovery process and downstream impact, noting this as another instance of Pyongyang leveraging software vulnerabilities for financial gain. |
| 2026-04-03 2026 | Axios npm supply chain attack: Malicious updates add remote access trojan news | Library detailing a sophisticated supply chain attack targeting the popular `axios` npm package. Malicious updates (`[email protected]`, `[email protected]`) introduced a remote access trojan via a compromised account and a pre-staged dependency, `plain-crypto-js`. The trojan deployed OS-specific payloads for Windows, macOS, and Linux, establishing backdoors to a command and control server at `sfrclak[.]com`. Cleanup involved obfuscated scripts and self-destructing RATs, with artifacts like `%PROGRAMDATA%/wt.exe` on Windows and `/Library/Caches/com.apple.act.mond` on macOS. → scworld.com |
| 2026-04-03 2026 | Update anxiety: is it safe to run apt update during active supply chain attack intermediate | Update anxiety: is it safe to run “apt update” during active supply chain attack https://ift.tt/xeBRmYn → cybernews.com |
| 2026-04-03 2026 | Axios NPM Distribution Compromised in Supply Chain Attack news | Analysis of the Axios npm supply chain attack details how a compromised maintainer account led to malicious versions (v1.14.1, v0.30.4) being published, introducing a dependency on the trojanized `plain-crypto-js` package. This compromise, tracked as GHSA-fw8c-xr5c-95f9 and MAL-2026-2306, involved a dropper executing platform-specific RATs from `sfrclak.com:8000`. Security teams should audit axios usage, rotate exposed credentials, investigate compromise paths, and monitor for suspicious activity. → wiz.io |
| 2026-04-03 2026 | Axios compromise: How AppSec teams should respond intermediate | Library response checklist for the Axios supply chain compromise, detailing steps to audit dependencies, rotate credentials, review CI/CD logs, and secure code repositories. It advocates for continuous dependency inventory, extended SBOMs (xBOMs) including SaaSBOMs and CBOMs, ongoing OSS package monitoring, short-lived CI/CD credentials, and modeling cascading risk, particularly for crypto and fintech assets, to mitigate threats posed by compromised packages like axios and its transitive dependencies. → reversinglabs.com |
| 2026-04-03 2026 | CyCognito Details Axios Supply Chain Attack After Malicious npm Releases Deliver Remote Access Trojan news | Analysis of a software supply chain attack detailing how malicious versions of the npm package axios ([email protected] and [email protected]) delivered a remote access trojan during installation. The incident, identified by CyCognito, affected developer workstations, CI/CD runners, and other environments resolving dependencies during a limited exposure window, potentially exposing credentials and secrets within trusted engineering workflows. Recommended responses include precise exposure identification via lockfiles and build logs, credential rotation, and hardening dependency handling by limiting install-time script execution. → securityboulevard.com |
| 2026-04-03 2026 | GlassWorm Supply Chain Cyber Attack Threatens Connected Cars news | Analysis of GlassWorm, a sophisticated supply chain attack targeting connected car development, highlights its novel use of invisible Unicode characters to conceal malicious payloads. Compromising popular Visual Studio Code extensions on Open VSX and npm packages, GlassWorm harvests developer credentials, VPN configurations, and authentication tokens. Command-and-control operations leverage the Solana blockchain and Google Calendar to exfiltrate data, posing a significant threat to automotive software pipelines and the security of modern vehicles. |
| 2026-04-03 2026 | North Korean hackers bug software used by thousands of US companies in potential crypto heist attempt news | Library for securing software supply chains, this resource details a suspected North Korean APT attack leveraging the Axios open-source software. The incident highlights the risks of malicious updates, with potential cryptocurrency theft as a motive. Mandiant and Wiz identify the threat actor, emphasizing the broad economic impact across sectors and the ongoing challenges in assessing downstream consequences. The attack underscores vulnerabilities exploited by sophisticated state-sponsored actors, particularly in the context of AI-driven development. |
| 2026-04-03 2026 | North Korean hackers bug software used by thousands of US companies in potential crypto heist attempt news | Writeup of a supply-chain attack targeting the Axios software package, attributed to suspected North Korean hackers. The attackers gained access to a developer's account, pushing malicious updates to thousands of US companies. Experts anticipate a long-term campaign to steal cryptocurrency to fund North Korea's nuclear and missile programs, with downstream impacts potentially taking months to assess. Mandiant and Wiz have commented on the incident, noting the sophistication and boldness of Pyongyang's hacking operations. |
| 2026-04-03 2026 | North Korea-Linked Hackers Hit Axios in Supply Chain Attack news | North Korea-Linked Hackers Hit Axios in Supply Chain Attack https://ift.tt/WXtKrSs |
| 2026-04-02 2026 | Software supply chain hacks trigger wave of intrusions data theft news | Analysis of recent supply chain attacks, including the Axios npm compromise by North Korean hackers (UNC1069) and attacks involving Trivy, KICS, LiteLLM, and Telnyx linked to TeamPCP, reveals widespread intrusions and data theft. These incidents have led to stolen secrets being exploited for cloud environment compromises, ransomware, and cryptocurrency theft, impacting numerous organizations globally across various sectors. TeamPCP's activities include exploiting credentials for cloud intrusions and potential partnerships with Vect ransomware and their planned CipherForce RaaS program. → helpnetsecurity.com |
| 2026-04-02 2026 | Et Tu Agent? Did You Install the Backdoor? news | Library for detecting novel software supply chain attacks, focusing on malicious dependencies like the one in the Axios incident and the TeamPCP campaign. It analyzes package behavior, examining network access, shell processes, obfuscation, and postinstall scripts, to identify threats that traditional CVE databases and vulnerability scanners miss, offering detection speeds orders of magnitude faster than industry averages. |
| 2026-04-02 2026 | The build pipeline is becoming the new frontline: Axios npm compromise highlights growing software supply chain risks experts warn news | Analysis of the Axios npm compromise highlights the escalating risks of software supply chain attacks, where build pipelines become the new frontline. Attackers compromised the Axios npm account, publishing malicious versions that installed a remote access trojan (RAT) targeting macOS, Windows, and Linux. This sophisticated attack involved a staged dependency that self-deleted and cleared its tracks, making detection difficult. Researchers warn that such attacks exploit trust in open-source ecosystems and necessitate closer scrutiny of CI/CD systems, package dependencies, and developer environments to defend against evolving threat actor playbooks, potentially linked to groups like UNC1069. |
| 2026-04-02 2026 | Trivy supply chain intrusion reportedly compromises Cisco source code news | Library for identifying and mitigating supply chain risks, highlighted by the Trivy vulnerability scanner's role in a Cisco source code compromise. This incident involved threat actors leveraging illicit GitHub Action plugins to gain access to Cisco's build environment, steal credentials, and exfiltrate AWS keys. The attack resulted in the cloning of over 300 Cisco GitHub repositories, including sensitive AI-related code and data from government agencies and financial institutions, and points to potential further compromises from related LiteLLM and Checkmarx incidents. → scworld.com |
| 2026-04-02 2026 | Google links axios attack to suspected North Korean actor news | Google links axios attack to suspected North Korean actor https://ift.tt/Qo2k98l |
| 2026-04-02 2026 | Frequently Asked Questions About the Axios npm Supply Chain Attack by North Korea-Nexus Threat Actor UNC1069 news | Library details a supply chain attack on the popular axios npm package, where North Korea-nexus threat actor UNC1069 injected malicious versions (1.14.1 and 0.30.4). This compromise, live for approximately three hours, delivered the WAVESHAPER.V2 cross-platform remote access trojan via a malicious dependency, plain-crypto-js. The attack targeted millions of developer environments, with affected systems needing to be treated as fully compromised. Remediation involves downgrading axios, blocking C2 traffic, and rotating credentials. → securityboulevard.com |
| 2026-04-02 2026 | North Korean hackers linked to Axios npm supply chain compromise news | Writeup detailing the Axios npm supply chain compromise attributed to North Korean attackers (UNC1069), where malicious versions of the library introduced a hidden dependency with a post-install script to deploy WAVESHAPER.V2 backdoor variants targeting macOS, Windows, and Linux. The attack leveraged stealthy code and external infrastructure to evade detection, highlighting the significant downstream risk of compromised transitive dependencies in the JavaScript ecosystem. → helpnetsecurity.com |
| 2026-04-02 2026 | North Korean hackers behind axios critical supply chain attack Google says news | North Korean hackers behind axios critical supply chain attack, Google says https://ift.tt/bSufe84 → cybernews.com |
| 2026-04-02 2026 | Axios open source library targeted in sophisticated supply chain attack news | Axios open source library targeted in sophisticated supply chain attack https://ift.tt/m7Wu1vD → cybersecuritydive.com |
| 2026-04-02 2026 | North Korea-linked hack hits largely invisible software that powers online services news | North Korea-linked hack hits largely invisible software that powers online services https://ift.tt/SzoMu5C |
| 2026-04-02 2026 | Axios supply chain attack chops away at npm trust news | Writeup on the Axios supply chain attack, detailing how compromised credentials led to malicious versions of axios (axios@1.14.1, axios@0.30.4) and a malicious dependency (plain-crypto-js@4.2.1) being published to npm. These versions inject a Remote Access Trojan (RAT) via a post-install script, potentially exposing secrets and leading to full machine compromise. Indicators of compromise include specific domains, IP addresses, and temporary file paths on affected operating systems. |
| 2026-04-02 2026 | LiteLLM Supply Chain Attack Exposes Credentials Across AI Ecosystems news | Library detailing a LiteLLM supply chain attack where malicious PyPI packages, injected by threat actor TeamPCP, silently stole credentials and infrastructure data. The multi-stage malware used stealthy execution, harvested sensitive information including cloud credentials and Kubernetes secrets, and established persistence via system-level backdoors and privileged pod deployment. Mitigation strategies involve removing compromised versions, rebuilding systems, rotating credentials, auditing pipelines, and strengthening supply chain security through dependency pinning and verification. → esecurityplanet.com |
| 2025-12-11 2025 | 📚 tl;dr sec 308 news AI | 😈 MCP Security, ☁️ AWS re:Invent Recaps, 🤖 Detecting Malicious Pull Requests with AI https://t.co/gt4zMQKZpp |
| 2025-12-03 2025 | 30 low-high level honeypots in a single PyPI package news Python | https://t.co/sH0hx43Dcp |
| 2025-11-29 2025 | Story of Cyberattack: Salesforce Supply Chain Breach news | Analysis of the 2025 Salesforce supply chain attacks, involving compromised Salesloft Drift and Gainsight integrations, highlights the abuse of OAuth tokens and third-party app vulnerabilities. Attackers leveraged stolen credentials and API access to exfiltrate sensitive data from over 200 companies, demonstrating a significant risk inherent in SaaS ecosystems where external applications possess broad permissions and often overlook security controls. |
| 2025-10-30 2025 | fr0gger/proximity: Proximity is a MCP security scanner powered with NOVA intermediate AI | Library for security scanning of MCP (Model Context Protocol) servers and Agent Skills. Proximity leverages NOVA security rules to detect issues like prompt injection and jailbreak attempts, offering pattern-specific remediation. It supports MCP Spec 2025-11-25, providing detailed analysis of server capabilities, agent skill structures, permissions, and LLM evaluations. |
| 2025-10-15 2025 | The MCP Security Tool You Probably Need - MCP Snitch intermediate AI | Tool for securing MCP proxy operations, MCP Snitch intercepts tool calls and enforces user-defined whitelists to prevent overprivileged access, inspired by browser security evolution. It addresses current authentication weaknesses, such as broad GitHub PAT scopes, by mediating operations and providing visibility and control, acting as a critical layer until MCP protocols and platforms implement native fine-grained, temporal scoping and sandboxing. |
| 2025-07-29 2025 | GitHub - jeanlucdupont/EXEfromCER: PoC that downloads an executable from a public SSL certificate intermediate RCE | Tool for demonstrating executable delivery via SSL certificates. This proof of concept embeds a full Windows executable within a custom extension of an X.509 certificate, served over HTTPS. A Python client connects to the server, extracts the embedded binary from the certificate, saves it to disk, and then executes it, showcasing a novel attack vector. |
| 2024-10-10 2024 | Security hardening for GitHub Actions - GitHub Docs beginner | Guide for GitHub Actions security hardening detailing best practices for managing secrets, including the principle of least privilege, masking sensitive data using `::add-mask::`, deleting and rotating exposed secrets, avoiding structured data as secrets, registering transformed or generated secrets, auditing secret handling and usage, and reviewing run logs. It also covers mitigating script injection risks by using JavaScript actions or intermediate environment variables, and emphasizes pinning actions to full-length commit SHAs to prevent malicious code injection from third-party repositories. |
| 2024-09-30 2024 | GitHub - praetorian-inc/gato: GitHub Actions Pipeline Enumeration and Attack Tool intermediate | Tool for enumerating and exploiting GitHub Actions pipeline vulnerabilities. Gato, or GitHub Attack Toolkit, identifies poisoned pipeline execution vulnerabilities and scans workflow artifacts for secrets using NoseyParker. It supports various attack modules including GitHub Classic PAT privilege enumeration, GitHub Code Search API enumeration, and self-hosted runner attack detection through workflow file and run-log analysis. This tool has been superseded by Trajan. |
| 2024-07-23 2024 | Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests intermediate | In this article, we’ll discuss some common security malpractices for GitHub Actions and workflows, and how to best avoid them. Our examples are based on real-world GitHub workflow implementation vulne... → securitylab.github.com |
| 2022-01-18 2022 | Making Sense of the Constantly Changing Log4Shell Landscape news RCE | Library for application security, focusing on the evolving Log4Shell vulnerability. It provides a comprehensive overview of the Log4Shell landscape, detailing various techniques and considerations for managing the risks associated with this critical vulnerability. |
| 2022-01-15 2022 | 10 real-world stories of how weve compromised CI/CD pipelines intermediate | Writeups detail 10 real-world compromises of CI/CD pipelines, showcasing vulnerability discovery and exploitation techniques. These NCC Group research articles highlight findings from their Exploit Development Group, emphasizing deep technical investigations and practical guidance for enhancing cyber resilience across various security domains, including software and AI security. |
| 2022-01-10 2022 | Open Source Developer Intentionally Corrupts His Own Widely-Used Libraries news | Writeup of the intentional sabotage of the 'colors' and 'faker' JavaScript libraries by their developer, Marak Squires. Versions v1.4.44-liberty-2 of 'colors' and '6.6.6' of 'faker' contained infinite loops and disruptive code, impacting thousands of downstream projects including Amazon's Cloud Development Kit. This event highlights the complexities and potential repercussions of open-source development, particularly concerning developer compensation and corporate reliance on free software. The issue with 'faker' can be mitigated by downgrading to version 5.5.3. |
| 2021-12-29 2021 | Log4j: The Worst Vulnerability In Nearly A Decade? news | Log4j: The Worst Vulnerability In Nearly A Decade? |
| 2021-12-22 2021 | Why SBOM management is no longer optional beginner | Library for Software Bills of Materials (SBOM) management, crucial for addressing software supply chain vulnerabilities like Log4Shell. It emphasizes generating, storing, and searching SBOMs for rapid incident response, supporting aggregation and various SBOM formats like SPDX. This proactive approach ensures visibility and quick identification of affected applications during zero-day exploits. |
| 2021-12-22 2021 | Why the Log4j vulnerability is such a big deal according to a former NSA hacker news | Library analysis by a former NSA hacker details the severe remote code execution (RCE) vulnerability, Log4Shell, found in Apache's Log4j logging tool. This critical flaw, rated 10 on the CVSS scale, is present in numerous widely-used applications and services, including those from Apple, Twitter, and Amazon, as well as Minecraft and Tesla vehicles. Its ubiquitous nature and the difficulty in locating and patching all instances make it a significant threat, enabling attacks like data theft, malware deployment, and system compromise by various actors, including nation-states and ransomware gangs. |
| 2021-12-16 2021 | Mitigate Log4j2 / Log4Shell in Elasticsearch intermediate RCE | Reference detailing Log4Shell (CVE-2021-44228) and its impact on Elasticsearch versions 5.0 to 7.16.0. It explains mitigation strategies, including updating Log4j to 2.17.1, setting `log4j2.formatMsgNoLookups=true`, removing the `JndiLookup` class, and leveraging the Java Security Manager. The document also addresses subsequent vulnerabilities like CVE-2021-45046, CVE-2021-45105, and CVE-2021-44832, clarifying their applicability to Elasticsearch. |
| 2021-12-15 2021 | Dependency beginner | Dependency |
| 2021-12-13 2021 | Semgrep beginner RCE | Semgrep |
| 2021-12-12 2021 | Digging deeper into Log4Shell - 0Day RCE exploit found in Log4j advanced RCE | Writeup on CVE-2021-44228, a critical Remote Code Execution vulnerability in the Apache Log4j library that leverages JNDI lookups. Attackers can exploit this by controlling log messages, triggering LDAP calls to execute arbitrary Java code loaded from attacker-controlled servers, leading to widespread exploitation due to Log4j's common usage. |
| 2021-12-12 2021 | PSA: Log4Shell and the current state of JNDI injection intermediate RCE | Writeup on JNDI Injection exploits, including the Log4Shell vulnerability (CVE-2021-44228). This entry details how Java runtimes, even newer versions, are susceptible. It explains that JNDI lookups via RMI and LDAP can lead to remote code execution, referencing earlier patches like CVE-2009-1094 and CVE-2018-3149. The writeup also covers exploitation vectors involving Apache XBean BeanFactory and Java deserialization, highlighting the importance of patching Log4J and disabling JNDI lookups. |
| 2021-12-04 2021 | Hashes for punycodes-1.0.1.tar.gz beginner | Hashes for punycodes-1.0.1.tar.gz |
| 2021-11-01 2021 | Common Threat Matrix for CI/CD Pipeline intermediate | Matrix detailing CI/CD pipeline threats, modeled after MITRE ATT&CK®. It classifies adversary tactics and techniques specific to CI/CD environments, extending beyond just supply-chain attacks. This resource aims to share knowledge on securing CI/CD environments with the cybersecurity community, addressing the full attack surface. |
| 2021-10-27 2021 | Protect your open source project from supply chain attacks beginner | Library for securing open source projects from supply chain attacks, this resource details best practices aligned with the SLSA framework and OpenSSF Scorecards rubric. It covers techniques such as enforcing multi-factor authentication, requiring commit reviews, using secret manager tools like HashiCorp Vault, implementing least privilege access controls, defining build configurations as code, assessing dependency risks with tools like deps.dev and Scorecards, generating authenticated build provenance, and verifying cryptographically signed artifacts using services like Sigstore. The Allstar project can automate many of these recommendations. |
| 2021-09-15 2021 | Native Container Image Scanning in Amazon ECR beginner | Library for native container image scanning within Amazon ECR, leveraging the CoreOS Clair open-source project for static analysis of OS packages against CVEs. This solution offers scheduled re-scans via Lambda functions and an HTTP API, or immediate scans with "scan-on-push" or "scan-on-demand" modes. It integrates with AWS CLI and SDKs, providing actionable insights and enabling drill-down into specific findings, without requiring third-party licenses or infrastructure setup. → aws.amazon.com |
| 2021-06-24 2021 | Google Releases New Framework to Prevent Software Supply Chain Attacks news | Framework outlining Supply chain Levels for Software Artifacts (SLSA) to secure the software development pipeline and prevent tampering. SLSA, inspired by Google's Binary Authorization for Borg, offers four progressive security levels for software packages and build platforms, culminating in SLSA 4's two-person review and hermetic build process, aiming to provide auditable metadata for policy engines. → thehackernews.com |
| 2021-05-25 2021 | Supply Chain Security Begins with Secure Software Development beginner | Library of open-source tools and practical guidance for secure software development and supply chain security, stemming from NCC Group's vulnerability research across cryptography, hardware, AI, and exploitation. The Exploit Development Group (EDG) delivers high-impact research and bespoke exploit development, with academic partnerships further advancing cyber resilience and nurturing future talent. |
| 2021-05-19 2021 | Creating the Perfect Python Dockerfile intermediate | This content focuses on best practices for building efficient and secure Docker images for Python applications. Key considerations include choosing appropriate base images, minimizing image size through multi-stage builds and `.dockerignore` files, optimizing dependency installation, and implementing security measures like running as a non-root user. The goal is to create Dockerfiles that are faster to build, smaller in size, and more secure for deployment. |
| 2021-05-18 2021 | Colonial Pipeline Darkside and Models news | Analysis comparing incident response models from Sophos and Mandiant for the Darkside ransomware attack. It highlights differences in kill chain stages, such as Sophos categorizing at least two steps Mandiant omits, and discrepancies in specific techniques listed for "move laterally," with Mandiant citing Beacon and plink while Sophos lists PSExec and SSH. The entry emphasizes the need for defenders to critically evaluate and unionize such data due to variations in observed post-exploitation actions, referencing CVE-2021-20016. |
Frequently Asked Questions
- What is a software supply chain attack?
- A supply chain attack targets the components, tools, or processes used to build software rather than the application itself. This includes compromising open-source packages, injecting malicious code into build pipelines, hijacking maintainer accounts, or distributing trojanized development tools — allowing attackers to affect thousands of downstream users simultaneously.
- What is dependency confusion?
- Dependency confusion (also called namespace confusion) exploits how package managers resolve dependencies. An attacker publishes a malicious package to a public registry with the same name as a private internal package. If the build system checks the public registry first or prefers higher version numbers, it installs the attacker's package instead of the legitimate internal one.
- How do you defend against supply chain attacks?
- Key defenses include maintaining a Software Bill of Materials (SBOM), using lock files and dependency pinning, enabling automated dependency scanning (Dependabot, Snyk, Socket), verifying package signatures and provenance, adopting the SLSA framework for build integrity, using private registries with allow-lists, and regularly auditing your dependency tree for known vulnerabilities.
Weekly AppSec Digest
Get new resources delivered every Monday.