appsec.fyi

Supply Chain Security Resources

Post Share

A curated AppSec resource library covering XSS, SQLi, SSRF, IDOR, RCE, XXE, OSINT, and more.

Supply Chain Security

Software supply chain security addresses threats that target the dependencies, build systems, and distribution channels that modern applications rely on. High-profile incidents like SolarWinds, Log4Shell, and the xz backdoor demonstrated that attackers increasingly target upstream components rather than applications directly. Supply chain attacks include dependency confusion (substituting malicious packages with names matching internal packages), typosquatting in package registries, compromised maintainer accounts, malicious code injected into build pipelines, and trojanized development tools. Defenses include software bills of materials (SBOMs), dependency pinning and lock files, signature verification, provenance attestation (SLSA framework), regular dependency auditing with tools like Dependabot, Snyk, or Socket, and careful evaluation of new dependencies before adoption.

Read the Supply Chain guideA long-form, source-cited deep dive synthesized from every resource below. The comprehensive Supply Chain guide on chs.usA hand-written, in-depth practitioner guide — attacks, testing, and prevention.
Date Added Link Excerpt
2026-07-11 NEW 2026New Trojan Turns Visual Studio Projects Into a Software Supply Chain Attack Vector newsA new Trojan has been discovered that exploits Visual Studio projects, turning them into a potent software supply chain attack vector. This malicious code can infiltrate development environments, allowing attackers to compromise legitimate software builds. The ultimate impact is the potential for widespread distribution of malware through trusted software updates. → cyberpress.org
2026-07-10 NEW 2026Injective Labs SDK npm package compromised to steal cryptocurrency keys newsLibrary for detecting supply-chain attacks like the compromise of the @injectivelabs/sdk-ts npm package. Hackers injected malicious code into version 1.20.21 of the package, which was downloaded 310 times, to steal cryptocurrency private keys and mnemonic seed phrases. The malware targeted functions for generating or importing wallet keys, exfiltrating captured data via HTTP POST requests. This incident highlights the risk to applications built with cryptocurrency wallets, trading bots, decentralized exchanges, and DeFi applications. → scworld.com
2026-07-10 NEW 2026Hackers tried to backdoor Injective npm package to steal wallet keys newsMalicious actors attempted to compromise the Injective npm package, a crucial component for developers building on the Injective blockchain. The attackers aimed to inject malicious code into the package to steal users' private wallet keys. This incident highlights the ongoing threats to the cryptocurrency ecosystem and the importance of robust security measures for open-source software. Further details on the specifics of the attack and its prevention are likely to be found in the linked article.
2026-07-10 NEW 2026Injective software package hit by malicious supply chain attack news 1 min readLibrary for building Injective applications, compromised via a malicious supply chain attack on the `@injectivelabs/sdk-ts` package (v1.20.21) published to npm. Attackers gained access to a contributor's GitHub account to push malicious commits and, under the guise of telemetry, uploaded a backdoor that stole developers' private keys and mnemonic seed phrases when using `fromMnemonic` or `fromHex` wallet generation functions. The attack spread through transitive dependencies in 17 additional Injective packages.
2026-07-10 NEW 2026Turning software supply chain security into a daily habit beginnerGuide on operationalizing software supply chain risk, arguing for daily use of SBOMs beyond compliance for vulnerability triage, vendor access reviews, identity monitoring, and incident response. It draws on Group-IB’s High-Tech Crime Trend Report 2026 to illustrate how supply chain attacks link phishing, ransomware, and data breaches through inherited trust. The guide details prioritizing exposed systems, defining compromise windows, containing stolen credentials, and vendor risk scoring, highlighting AI's acceleration of attack timelines. → helpnetsecurity.com
2026-07-10 NEW 2026Xsnow "protestware" in Debian news 4 min readWriteup detailing the "protestware" controversy surrounding the Xsnow application in Debian. The entry discusses how Xsnow's maintainer included a feature that displayed Ukrainian flags when the application's language was set to Russian. This triggered a debate on the Debian development list regarding potential violations of the Debian Free Software Guidelines (DFSG), specifically concerning discrimination. While Xsnow itself was deemed DFSG-compliant, the discussion highlighted concerns about software exhibiting deceptive behavior based on user settings.
2026-07-10 NEW 2026Symlinks Are Still Scary (And Yes, You Can Commit Them to Git) beginner 12 min read AIReference detailing symlink attacks, where a file's content is a path to another location, allowing malicious repositories to trick tools into reading or writing sensitive files. This technique, exemplified by CVE-2024-32002 and CWE-61, bypasses security by exploiting how programs handle file paths without proper resolution, leading to potential remote code execution when combined with Git's support for committing symlinks, as seen in attacks against AI coding assistants and archive tools. → snyk.io
2026-07-10 NEW 2026Compromised @injectivelabs/sdk-ts exfiltrates wallet keys through fake telemetry news 5 min read SecretsWriteup detailing a malicious release of `@injectivelabs/sdk-ts` version 1.20.21, which exfiltrated wallet mnemonics and private keys by masquerading as telemetry. The compromised package subtly injected code into `PrivateKey.fromMnemonic` and `PrivateKey.fromHex` to capture sensitive data and send it to an attacker-controlled endpoint disguised as normal gRPC-web traffic. The attack also involved republishing 17 other `@injectivelabs` packages with a hard dependency on the poisoned SDK, highlighting the risks of transitive dependencies. → aikido.dev
2026-07-10 NEW 2026Securing supply chains from network-based threats beginner 4 min readLibrary for securing supply chains from network-based threats, focusing on visibility, control, and resilience. It details proactive vendor assessment, continuous monitoring, behavior-based endpoint protection, and managed hosting with robust access controls. Specific measures include regular audits of third-party partners against standards like ISO and GDPR, adopting least-privilege access, network segmentation, intrusion detection systems, and mandatory multi-factor authentication. The library also emphasizes the importance of enterprise-grade email security with behavioral detection, DNS filtering, web protection, and modern endpoint solutions leveraging machine learning and analytics for zero-day exploit detection. Continuous security awareness training is highlighted as crucial for strengthening the human element.
2026-07-10 NEW 2026Hackers tried to backdoor Injective npm package to steal wallet keys news 2 min readWriteup on a supply chain attack targeting the Injective npm package `@injectivelabs/sdk-ts`. Version 1.20.21 was compromised through a malicious commit on a developer's GitHub account, leading to the exfiltration of private keys and seed phrases via fake telemetry. This attack vector, which bypasses traditional blockchain security, underscores the risks associated with compromised developer tools, impacting users who may not have installed the affected SDK directly. The malicious code has since been removed and affected versions deprecated.
2026-07-10 NEW 2026Hackers attempt to backdoor Injective npm package to steal wallet keys news 1 min readLibrary providing security analysis of Injective Labs' TypeScript SDK, detailing a supply chain attack where malicious code was pushed to npm, specifically version 1.20.21. Attackers aimed to steal crypto wallet keys and mnemonics by hooking wallet creation functions, exfiltrating data to an obfuscated endpoint. The attack compromised 18 packages before being reversed, affecting ~50,000 weekly downloads and 87 dependent packages. Developers are advised to upgrade to version 1.20.23 and treat any processed credentials as compromised.
2026-07-09 NEW 2026Active Exploitation Alert: Prompt Injection Vulnerability in GitHub Agentic Workflows Threatens Software Supply Chain Security news 5 min readAnalysis of prompt injection attacks targeting GitHub agentic workflows, affecting tools like GitHub Copilot, Google Gemini CLI, and Anthropic Claude Code. These attacks, demonstrated in campaigns like GhostAction and the NX Build System compromise, leverage CWE-1427 (Improper Neutralization of Untrusted Input for LLM Prompting) and MITRE ATT&CK T1677 (Poisoned Pipeline Execution) to steal credentials, execute arbitrary code, and modify repositories, impacting software supply chain security. → rescana.com
2026-07-09 NEW 2026Secure AI Workflows: The Identity and Access Management (IAM) Checklist beginner 3 min read AIChecklist for securing AI workflows, detailing an 8-point roadmap for implementing effective Identity and Access Management (IAM) for human-assisted AI tools like Claude Code and Cursor, and autonomous agents in CI/CD pipelines. It emphasizes granular tool-level permissions, restricted user-scoped tokens, dynamic permission validation, composite identities, safe output restrictions, and deterministic infrastructure-level IAM policies to prevent unauthorized access and maintain auditability across the software development lifecycle. → jfrog.com
2026-07-08 NEW 2026North Korea Expands the Reach of PolinRider Supply Chain Attack Campaign news 3 min readAnalysis of the PolinRider supply chain attack campaign, attributed to North Korean groups Famous Chollima and APT37. This ongoing campaign, targeting open source ecosystems like npm, Packagist, Go modules, and the Chrome Store, utilizes obfuscated JavaScript loaders hidden within malicious packages and browser extensions. Attackers leverage techniques such as whitespace padding, deceptive .woff2 font files, VS Code task files, and Git history rewriting to compromise developer accounts and repositories. Subsequent payloads, including DEV#POPPER RAT and OmniStealer, are fetched from blockchain and RPC infrastructure, aiming to steal credentials, exfiltrate source code, and achieve lateral movement within organizations. → devops.com
2026-07-08 NEW 2026npm v12 Ships This Month Blocking Install Scripts That Enabled Year of Supply Chain Attacks news 13 min readLibrary for securing npm package installations, npm v12 introduces a significant security redesign by defaulting to blocking install scripts. This prevents arbitrary code execution from dependencies, a long-standing vulnerability exploited in supply chain attacks like Shai-Hulud and campaigns targeting Axios and Mastra AI. The new allowlist model requires explicit inclusion of packages authorized to run scripts, with changes version-controlled in source code and auditable in pull requests. It also addresses risks from Git dependencies and binding.gyp files, moving from implicit trust to explicit allowlisting as the default security posture. → techtimes.com
2026-07-08 NEW 2026GitLost: a public GitHub issue can steer an org's Agentic Workflow into leaking private repo contents, and a one-word prefix ("Additionally") bypassed the threat-detection guardrail intermediate 4 min readLibrary detailing GitLost, a prompt injection vulnerability in GitHub's Agentic Workflows. An unauthenticated attacker can exploit GitLost by posting a crafted GitHub Issue in a public repository, tricking the AI agent into leaking private repository contents. The vulnerability arises from treating user-controlled content as trusted instruction input, bypassing guardrails like the "Additionally" keyword, allowing unauthorized access to files such as README.md from private repositories within the same organization.
2026-07-07 NEW 2026Sophos Flags Vect-TeamPCP Cybercriminal Ransomware Alliance news 3 min readAlliance between ransomware-as-a-service group Vect and credential theft specialist TeamPCP represents a significant evolution in cybercrime, combining TeamPCP's expertise in supply chain compromise and harvesting credentials from tools like Trivy and Checkmarx with Vect's RaaS infrastructure. This partnership, confirmed by Sophos, creates an efficient attack pipeline enabling rapid ransomware deployment, lowering the barrier for less skilled attackers and accelerating campaign sophistication. → cybermagazine.com
2026-07-07 NEW 2026Software transparency becomes cyber-security priority beginner 1 min readSurvey of software supply chain security trends, highlighting the accelerated adoption of Software Bills of Materials (SBOMs) driven by upcoming EU Cyber Resilience Act (CRA) regulations. This shift moves beyond traditional vulnerability management to prioritize full transparency of software components, including open-source libraries and third-party dependencies, to better identify risks and respond to emerging threats before the CRA's December 2027 effective date.
2026-07-06 NEW 2026North Korean PolinRider supply chain attack targets 108 unique repos news 1 min readAnalysis of the PolinRider supply chain attack, linked to North Korea's Lazarus group, details how adversaries compromise maintainer accounts across 108 unique open-source repositories. The attack injects obfuscated code into trusted packages, with a hidden loader retrieving payloads from blockchain infrastructure to install remote-access trojans and information stealers. This campaign targets developer secrets, cloud tokens, and cryptocurrency wallets, expanding beyond npm to ecosystems like Go modules and Packagist. → scworld.com
2026-07-06 NEW 2026North Korean Hackers Target Open Source Developers in Supply Chain Attacks news 1 min readAnalysis of PolinRider, a North Korean supply chain campaign targeting open source developers since December 2025. The operation injects JavaScript loaders into compromised GitHub repositories, distributing the DEV#POPPER RAT and OmniStealer. Attacked ecosystems include NPM, Packagist, Go modules, and Chrome extensions, with over 160 malicious artifacts identified. This campaign, linked to Contagious Interview operations, relies on tampering with maintainer accounts and Git history rewriting to disguise malicious code. Affected environments and credentials should be treated as compromised and remediation performed from a clean system. → securityweek.com
2026-07-06 NEW 2026npm Supply Chain Attack: North Korea Hits Mastra AI [2026] news 19 min readAnalysis of the @mastra npm supply chain attack reveals North Korea's Sapphire Sleet (BlueNoroff, APT38) compromised over 140 packages via a stolen maintainer account. The attackers leveraged a typosquatted dependency, `easy-day-js`, within a `postinstall` script to inject malware. This implant disabled TLS verification, contacted C2 infrastructure, deployed a persistent implant, and targeted cryptocurrency wallets like MetaMask, Phantom, and Coinbase Wallet, along with cloud credentials, demonstrating a significant maturation in nation-state-sponsored open-source malware campaigns.
2026-07-06 NEW 2026Supply Chain Attacks Have Become Self-Reinforcing beginnerSupply chain attacks are increasingly self-reinforcing, creating a vicious cycle. Attackers exploit vulnerabilities in one component, which then compromises others down the chain. This means a single breach can have cascading effects, impacting numerous downstream systems and organizations. The interconnectedness of modern software and infrastructure amplifies this problem, making it harder to detect and mitigate these sophisticated threats. → securityboulevard.com
2026-07-06 NEW 2026FBI warns developers over TeamPCP software supply chain attacks newsThe FBI has issued a warning to developers regarding software supply chain attacks involving the TeamPCP tool. These attacks exploit vulnerabilities within the development process to compromise software. While the provided content does not mention a specific bug bounty payout amount, the alert highlights the significant threat posed by these sophisticated attacks to the integrity of software and the security of end-users. Developers are urged to implement robust security measures to mitigate these risks. → developer-tech.com
2026-07-05 NEW 2026Active Exploitation Alert: North Korean PolinRider Supply Chain Attack Targets npm Packagist Go Modules and Chrome Extensions news 5 min readWriteup detailing the PolinRider supply chain attack, attributed to North Korean actors like Lazarus Group and APT37, that targets npm, Packagist, Go modules, and Chrome extensions. It highlights the injection of obfuscated malware loaders into legitimate packages, using techniques like anti-dated commits and blockchain RPC endpoints for C2. The writeup mentions specific compromised packages such as tailwindcss-style-animate and DEV#POPPER, OmniStealer payloads, and recommends tools like Socket.dev PolinRider Tracker for detection and mitigation. → rescana.com
2026-07-04 2026North Koreas Lazarus Group Hid a Full RAT in Six Rollup Polyfill npm Packages news 8 min readLibrary that catalogs a sophisticated npm supply chain attack by North Korea's Lazarus Group. This campaign disguised a full Remote Access Trojan (RAT) within six fake Rollup polyfill packages. Unlike previous attacks targeting install scripts, this malware executes at import time, bypassing npm v12's default security measures. The attack employs a multi-stage payload delivery mechanism, using Base64-encoded commands and dynamically fetched code from remote URLs to evade static analysis. The RAT is designed to exfiltrate credentials, capture screenshots, and execute arbitrary commands, with its techniques showing overlap with prior DPRK campaigns. → techtimes.com
2026-07-04 2026Hackers Just Showed How Fragile the AI Software Supply Chain Really Is news 3 min readAnalysis of the AI software supply chain security vulnerability, highlighted by the TeamPCP compromise of LiteLLM using the Trivy scanner, reveals critical threats. Poisoned AI models, which can evade standard safety training like reinforcement learning from human feedback and adversarial training, pose a significant risk. Microsoft Research's "Trigger in the Haystack" paper identifies a potential detection method, the Double Triangle Attention Pattern, against this escalating threat landscape where AI models are now the first link in the supply chain, not just the code.
2026-07-04 2026TryHackMe: Checkpoint Walkthrough intermediate 2 min read AIWalkthrough of a TryHackMe CISO scenario, assessing four code review model candidates for production readiness. Candidate B, `code_reviewer_lite.safetensors`, was approved after its evaluation showed no critical issues. Candidates A, C (`pr_analyzer_v3.h5`), and D (`api.reviewsvc.io`) were flagged for risks including suspicious file access to `/etc/passwd`, disabled `security_review_flag`, and unverified external API integrations, leading to their rejection. The assessment highlights the importance of thorough supply chain security evaluation. → infosecwriteups.com
2026-07-04 2026I found North Korean (DPRK) malware hiding in my tailwind.config.js news 13 min readLibrary for detecting North Korean (DPRK) malware injected into Node.js projects, specifically found in `tailwind.config.js` files. This malware uses obfuscated code and attempts to exfiltrate data to `api.trongrid.io`. The library highlights the risks of compromised build tools and starter templates, emphasizing the need for thorough inspection of project configuration files. → infosecwriteups.com
2026-07-04 2026Ransomware Groups Turn to Citrix Bleed 2 BYOVD and Supply Chain Credentials news 5 min readLibrary detailing how ransomware groups, like Anubis and TeamPCP, are leveraging vulnerabilities such as Citrix Bleed 2 (CVE-2025-5777) and supply chain attacks. The entry highlights the use of legitimate Remote Management and Monitoring (RMM) tools like ScreenConnect and Zoho Assist for persistence, alongside techniques like Bring Your Own Vulnerable Driver (BYOVD) for disabling endpoint security. It also notes the deployment of data exfiltration tools including S3 Browser, rclone, and Cloudflare Tunnels, and the intentional destruction of data by some ransomware variants. → thehackernews.com
2026-07-03 2026Over 1000 firms hit by TeamPCPs supply-chain attacks newsOver 1,000 companies have been affected by supply-chain attacks orchestrated by the threat actor known as TeamPCP. The group exploited vulnerabilities to gain access and spread their malware. This widespread impact highlights the significant risks associated with compromised software supply chains, as malicious actors can leverage trusted software to infiltrate numerous organizations simultaneously. → cybernews.com
2026-07-03 2026FBI Warns TeamPCP Hackers Compromise Developer Tools in Large-Scale Supply Chain Attacks newsThe FBI has issued a warning about the "TeamPCP" hacking group's use of compromised developer tools to execute large-scale supply chain attacks. This method allows them to infiltrate multiple organizations by targeting shared software or development platforms. The attacks aim to gain access to sensitive information and potentially disrupt operations across various industries. The FBI advises organizations to enhance their security measures, particularly around software development pipelines and third-party integrations, to mitigate these sophisticated threats. → cybersecuritynews.com
2026-07-03 2026North Korean hackers expand supply chain attack campaign across ecosystems newsLibrary of malicious open-source packages identified as part of the North Korean "PolinRider" campaign, which has expanded its reach across multiple software ecosystems. Researchers at Socket discovered 162 malicious release artifacts within 108 packages and browser extensions. This campaign targets developers, aiming to steal credentials and facilitate further attacks, building upon techniques seen in previous North Korean operations.
2026-07-03 2026Don’t eat the ChocoPoCs! How vulnerability researchers were repeatedly targeted by trojanised exploits newsVulnerability researchers have been targeted by "ChocoPoCs," trojanized exploit code designed to steal their information. These malicious PoCs are disguised as legitimate security tools, aiming to compromise the researchers themselves. This ongoing campaign highlights a sophisticated tactic where attackers exploit the very people trying to uncover vulnerabilities. → yeswehack.com
2026-07-02 2026This Report from Gartner Defines the Software Supply Chain Security Market news 4 min readLibrary providing comprehensive software supply chain security, including Spectra Assure for enterprises and Spectra Assure Community for open-source package analysis. This solution addresses market needs highlighted by Gartner's recognition and evolved from foundational work addressing attacks like SolarWinds, offering deep binary analysis, automated risk assessment, SBOM generation, and CI/CD integration for vendors like Azure DevOps, Jenkins, and GitLab CI. → reversinglabs.com
2026-07-02 2026PolinRider supply chain attack expands to Packagist ecosystem newsThe PolinRider supply chain attack has expanded to the Packagist ecosystem, a popular repository for PHP packages. This means malicious code is now being distributed through legitimate-looking PHP packages, potentially compromising users who download and integrate them into their projects. The attack's reach into Packagist highlights a growing trend of supply chain vulnerabilities, where attackers exploit trusted software sources to spread malware. Developers are advised to exercise extreme caution when updating or installing new PHP packages. → developer-tech.com
2026-07-02 2026Aikido Security acquires Root.io to enhance open-source software patching newsLibrary integrating Root.io's agentic vulnerability remediation, which researches, writes, tests, and deploys patches for open-source software within minutes. Aikido plans to offer this as Aikido Libraries, allowing organizations to fix specific flaws in container images and dependencies without rebuilds or migrations, and will back-port critical fixes to the community. → scworld.com
2026-07-02 202615 Best Practices to Prevent Supply Chain Attacks in 2026 beginner 7 min readReference on best practices to prevent supply chain attacks in 2026, detailing how attackers exploit trusted relationships through compromised third-party vendors or software dependencies. It covers real-world examples like SolarWinds, MOVEit Transfer, 3CX Desktop App, Kaseya VSA, Codecov, Target, and XZ Utils, and outlines 15 preventative measures including Zero Trust Architecture, SBOM maintenance, vendor risk management, MFA, least privilege, third-party activity monitoring, securing the SDLC, and code signing. → cloudsek.com
2026-07-02 2026Inside the Advisory Database and what happens when vulnerability volume breaks records news 10 min readReference on GitHub's Advisory Database details record-breaking vulnerability volume and its impact on curation. The blog post highlights increased input from private vulnerability reports, repository advisories, and CVE requests, leading to longer review times despite unchanged advisory quality. It explains the complexity of modern advisories, including package disambiguation and version range reconstruction, and outlines GitHub's efforts to improve community contribution quality, scale curation systems, and implement AI-assisted research tools to manage the growing disclosure ecosystem. → github.blog
2026-07-01 2026NetRise brings managed software supply chain risk management to federal partners news 1 min readLibrary for managed software supply chain risk management, targeting federal integrators and MSPs. It combines binary analysis with NetRise Provenance to provide context on software origin, maintainers, repository health, and downstream exposure. The offering helps validate SBOMs, build software inventories, identify cryptographic algorithms and libraries, and supports federal workflows like RMF, ATO, and continuous monitoring. It addresses federal pressure for better software visibility due to risks from vendors, open source, and third-party products, and supports initiatives around vulnerability remediation and AI security.
2026-07-01 2026AI Coding Agents Skip Package Verification and Attackers Are Exploiting It news 11 min readLibrary that analyzes supply chain risks introduced by AI coding agents. Attackers exploit AI agents' bypass of package verification through methods like PromptMink's "LLMO abuse and knowledge injection" and "slopsquatting," where agents hallucinate non-existent package names. The Clinejection incident demonstrates how AI integration into CI/CD pipelines, as seen with Anthropic's claude-code-action and Cacheract, can amplify these risks, impacting millions of developers through compromised dependencies and credential exfiltration. → techtimes.com
2026-07-01 2026The developer device is the new supply chain attack blind spot news 5 min readSurvey highlighting the growing risk of developer devices as the primary entry point for software supply chain attacks. It details recent compromises like the Nx Console extension incident affecting GitHub, and the inadequacy of traditional EDR and MDM solutions. The analysis emphasizes the need to shift focus from detection to prevention, suggesting policies like installation cooldown periods and governed, visible access to tools and packages to secure the developer endpoint. → techradar.com
2026-07-01 2026Nissan employee data exposed in Oracle flaw attack newsNissan employee data exposed in Oracle flaw attack https://ift.tt/iMLceKT
2026-07-01 2026VS Code Tasks: Npm and Go Packages Download Infostealer newsVS Code Tasks: Npm and Go Packages Download Infostealer https://ift.tt/lUvqoTB → secnews.gr
2026-07-01 2026And another one. GitHub ships break-glass credential revocation news 5 min readLibrary for bulk credential revocation in GitHub Enterprise, allowing owners to instantly cut off compromised Personal Access Tokens, SSH keys, and OAuth tokens across an organization. This "break-glass" feature addresses the challenges of incomplete credential rotations, as seen in recent attacks on Trivy and Microsoft's own repositories, by providing a single action to revoke all credentials, preventing attackers from leveraging lingering access. The library also emphasizes pinning GitHub Actions to full commit SHAs instead of tags to mitigate supply chain risks. → aikido.dev
2026-07-01 2026Phantom Squatting: AI-Hallucinated Domains as a Software Supply Chain Vector advanced 22 min read AIAnalysis of "Phantom Squatting" details how large language models hallucinate web domains, which adversaries then register to intercept traffic from AI systems, posing a significant software supply chain risk. Researchers identified over 13,000 confirmed malicious URLs and approximately 250,000 unregistered hallucinated domains. One real-world case involved an attacker using an AI coding assistant to build a phishing kit targeting a domain predicted to be a high-risk hallucination target. This technique bypasses traditional defenses by leveraging zero-reputation domains generated by trusted AI outputs. → unit42.paloaltonetworks.com
2026-07-01 2026Phantom Squatting: AI-Hallucinated Domains as a Software Supply Chain Vector advanced 22 min readLibrary of resources detailing "phantom squatting," a software supply chain vulnerability where adversaries register AI-hallucinated domains to intercept traffic from LLMs used in development. The research highlights how tools like the Montana Empire phishing kit leverage this vector, bypassing traditional security measures by exploiting the zero-reputation nature of newly registered, AI-generated domains. → unit42.paloaltonetworks.com
2026-06-30 2026Decades-Old Bash Tricks Expose AI Coding Agents to Supply Chain Attacks intermediate 4 min readLibrary that prevents GuardFall vulnerabilities where Bash shell tricks, such as quote removal and $IFS spacing, are used to inject malicious instructions into AI coding agents. The research tested eleven popular open-source agents, including Hermes and Roo-code, finding that most are susceptible to these decades-old Bash techniques, which can lead to supply chain attacks like AWS credential exfiltration or deletion of development environments, particularly in CI pipelines. Only the Continue agent successfully blocked all tested bypass cases. → securityweek.com
2026-06-30 2026AI Security Incident Case: Miasma Worm Attacked Microsoft GitHub newsAI Security Incident Case: Miasma Worm Attacked Microsoft GitHub https://ift.tt/y3c4e1H → securityboulevard.com
2026-06-29 2026Frontier AI is rewriting the economics of software supply chain security beginnerFrontier AI is revolutionizing software supply chain security by offering advanced, automated solutions that significantly reduce manual effort and associated costs. This shift promises to make robust security practices more accessible and affordable, moving beyond traditional, labor-intensive methods. The technology aims to enhance detection, remediation, and overall risk management within complex software development lifecycles, ultimately creating a more secure and efficient digital ecosystem. → venturebeat.com
2026-06-29 2026Malware and Sha1-Hulud TeamPCP is increasing Phoenix rebases malware Blue Shield endpoint agent against dev news 6 min readLibrary for supply chain security, Blue Shield, blocks malicious packages and AI agent skills by analyzing behavior rather than relying on CVE advisories. It operates across developer workstations, CI/CD pipelines, and AI agent sessions to prevent threats like the Shai-Hulud worm and TeamPCP's automated package releases, offering a behavioral analysis that identifies risks before they execute, even for novel attack campaigns.

Frequently Asked Questions

What is a software supply chain attack?
A supply chain attack targets the components, tools, or processes used to build software rather than the application itself. This includes compromising open-source packages, injecting malicious code into build pipelines, hijacking maintainer accounts, or distributing trojanized development tools — allowing attackers to affect thousands of downstream users simultaneously.
What is dependency confusion?
Dependency confusion (also called namespace confusion) exploits how package managers resolve dependencies. An attacker publishes a malicious package to a public registry with the same name as a private internal package. If the build system checks the public registry first or prefers higher version numbers, it installs the attacker's package instead of the legitimate internal one.
How do you defend against supply chain attacks?
Key defenses include maintaining a Software Bill of Materials (SBOM), using lock files and dependency pinning, enabling automated dependency scanning (Dependabot, Snyk, Socket), verifying package signatures and provenance, adopting the SLSA framework for build integrity, using private registries with allow-lists, and regularly auditing your dependency tree for known vulnerabilities.

Weekly AppSec Digest

Get new resources delivered every Monday.