URL has been copied successfully!
TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO
URL has been copied successfully!

Collecting Cyber-News from over 60 sources

TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO


Tags: , , , , , ,

A new coordinated cross-ecosystem software supply chain attack campaign has targeted npm, PyPI, and Crates.io to distribute credential-stealing malware.The campaign, codenamed TrapDoor, spans more than 34 malicious packages across over 384 versions. The earliest activity was recorded on May 22, 2026, at 8:20 p.m. UTC, with new packages published to the ecosystems in waves from a cluster of

First seen on thehackernews.com

Jump to article: thehackernews.com/2026/05/trapdoor-supply-chain-attack-spreads.html

Loading

Share via Email
Share on Facebook
Tweet on X (Twitter)
Share on Whatsapp
Share on LinkedIn
Share on Xing
Copy link

also interesting:

  1. Top 12 ways hackers broke into your systems in 2024
  2. 71% of CISOs hit with third-party security incident this year
  3. Malicious PyPI Packages Deliver SilentSync RAT
  4. Self-Propagating npm Malware Turns Trusted Packages Into Attack Paths