Tag: supply-chain
-
âš¡ Weekly Recap: Linux Flaws, Defender 0-Days, Router Botnets, and Supply Chain Chaos
Monday recap. Same mess, new week.A sketchy dev tool got people pwned, old bugs came back from the dead, and security products somehow needed protecting from themselves. A bunch of companies spent the week checking old boxes and forgotten servers they should’ve patched years ago. Good times.Phishing crews are getting smarter too – less obvious…
-
Hackers Hide Linux Malware in SSH-Like Package Filename
Hackers have been observed disguising a malicious Linux payload under an SSH-like filename during software installation, as part of a coordinated supply chain attack targeting developer ecosystems. The attack hinges on a hidden post-install script embedded inside package.json, rather than the expected composer.json used in PHP environments. This subtle placement allows the malicious code to evade detection during routine dependency…
-
TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO
A new coordinated cross-ecosystem software supply chain attack campaign has targeted npm, PyPI, and Crates.io to distribute credential-stealing malware.The campaign, codenamed TrapDoor, spans more than 34 malicious packages across over 384 versions. The earliest activity was recorded on May 22, 2026, at 8:20 p.m. UTC, with new packages published to the ecosystems in waves from…
-
Hackers Compromise 34 npm, PyPI, and Crates Packages in Major Supply Chain Attack
Hackers have launched a large-scale software supply chain attack targeting developers across npm, PyPI, and Crates.io, compromising at least 34 open-source packages and hundreds of associated versions. Security researchers at Socket are tracking the campaign as “TrapDoor,” a crypto-focused credential stealer designed to infiltrate developer environments and exfiltrate sensitive data. Cross-Ecosystem Supply Chain Attack The…
-
Hackers Compromise 34 npm, PyPI, and Crates Packages in Major Supply Chain Attack
Hackers have launched a large-scale software supply chain attack targeting developers across npm, PyPI, and Crates.io, compromising at least 34 open-source packages and hundreds of associated versions. Security researchers at Socket are tracking the campaign as “TrapDoor,” a crypto-focused credential stealer designed to infiltrate developer environments and exfiltrate sensitive data. Cross-Ecosystem Supply Chain Attack The…
-
GitHub Strengthens npm Security With Staged Publishing Protection
GitHub has introduced a major security enhancement to the npm ecosystem with the general availability of staged publishing and new install-time controls in npm CLI version 11.15.0. These updates are designed to reduce software supply chain risks, particularly those arising from compromised developer accounts, malicious package updates, and automated CI/CD workflows. GitHub Strengthens npm Security…
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 98
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Popular node-ipc npm Package Infected with Credential Stealer New Actors Deploy Shai-Hulud Clones: TeamPCP Copycats Are Here Active Supply Chain Attack Compromises @antv Packages on npm actions-cool/issues-helper GitHub Action Compromised: All Tags Point to…
-
Laravel Lang packages hijacked to deploy credential-stealing malware
A supply chain attack targeting the Laravel Lang localization packages has exposed developers to a sophisticated credential-stealing malware campaign after attackers abused GitHub version tags to distribute malicious code through Composer packages. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/laravel-lang-packages-hijacked-to-deploy-credential-stealing-malware/
-
npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks
GitHub has rolled out new controls for npm to improve the security of the software supply chain, giving maintainers the ability to explicitly approve a release prior to the packages becoming publicly available for installation.Called staged publishing, the feature is now generally available on npm. It mandates that a human maintainer pass a two-factor authentication…
-
Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware
A new “coordinated” supply chain attack campaign has impacted eight packages on Packagist including malicious code designed to run a Linux binary retrieved from a GitHub Releases URL.”Although the affected packages were all Composer packages, the malicious code was not added to composer.json,” Socket said. “Instead, it was inserted into package.json, targeting projects that ship…
-
Laravel-Lang PHP Packages Compromised to Deliver Cross-Platform Credential Stealer
Cybersecurity researchers have flagged a fresh software supply chain attack campaign that has targeted multiple PHP packages belonging to Laravel-Lang to deliver a comprehensive credential-stealing framework.The affected packages include – laravel-lang/lang laravel-lang/http-statuses laravel-lang/attributes laravel-lang/actions”The timing and pattern of the newly published tags First seen on thehackernews.com Jump to article: thehackernews.com/2026/05/laravel-lang-php-packages-compromised.html
-
Laravel-Lang PHP Packages Compromised to Deliver Cross-Platform Credential Stealer
Cybersecurity researchers have flagged a fresh software supply chain attack campaign that has targeted multiple PHP packages belonging to Laravel-Lang to deliver a comprehensive credential-stealing framework.The affected packages include – laravel-lang/lang laravel-lang/http-statuses laravel-lang/attributes laravel-lang/actions”The timing and pattern of the newly published tags First seen on thehackernews.com Jump to article: thehackernews.com/2026/05/laravel-lang-php-packages-compromised.html
-
Hackers Use SEO Poisoning to Fake Gemini CLI, Claude Installers
Financially motivated threat actors are running an active campaign that impersonates Google’s Gemini CLI and Anthropic’s Claude Code, using SEO poisoning to deliver a fileless PowerShell infostealer to developer workstations worldwide. First identified in early March 2026 by EclecticIQ researchers, the campaign represents a calculated escalation in supply-chain-focused eCrime targeting AI developer tooling. The infection…
-
Hackers Use SEO Poisoning to Fake Gemini CLI, Claude Installers
Financially motivated threat actors are running an active campaign that impersonates Google’s Gemini CLI and Anthropic’s Claude Code, using SEO poisoning to deliver a fileless PowerShell infostealer to developer workstations worldwide. First identified in early March 2026 by EclecticIQ researchers, the campaign represents a calculated escalation in supply-chain-focused eCrime targeting AI developer tooling. The infection…
-
Hackers Compromise Laravel-Lang Packages via 700 GitHub Repos
A sophisticated and active supply chain attack has struck the Laravel-Lang open-source organization, compromising over 700 historical package versions across four widely used PHP localization repositories. The attack, detected on May 22, 2026, and reported by both Aikido Security and the Socket Research Team, introduces a fully functional remote code execution (RCE) backdoor that executes automatically via Composer’s…
-
7 Questions CISOs Must Answer on AI Threats, Supply Chain Risk and Cyber Resilience
First seen on scworld.com Jump to article: www.scworld.com/native/7-questions-cisos-must-answer-on-ai-threats-supply-chain-risk-and-cyber-resilience
-
AI-Driven Threats, Critical Vulnerabilities, and Supply Chain Breaches Define the Week in May 2026
Weekly summary of Cybersecurity Insider newsletters for May 2026. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/weekly-roundup/ai-driven-threats-critical-vulnerabilities-and-supply-chain-breaches-define-the-week-in-may-2026/
-
5,561 GitHub Repositories Hit by Megalodon Supply Chain Attack in Six Hours
SafeDep uncovered the Megalodon attack targeting 5,561 GitHub repositories with malicious CI workflows and cloud credential theft. First seen on hackread.com Jump to article: hackread.com/github-repositories-megalodon-supply-chain-attack/
-
The Cyber Express Weekly Roundup: Supply Chain Breaches, AI Content Enforcement, And Event Disruption Attacks
The global cybersecurity landscape continues to evolve rapidly as attackers expand their focus on developer ecosystems, public-facing institutions, and anonymization infrastructure. At the same time, regulators and law enforcement agencies are stepping up enforcement efforts around AI misuse and cybercrime-enabling services. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/tce-weekly-roundup-cybersecurity-supply-chain/
-
The Cyber Express Weekly Roundup: Supply Chain Breaches, AI Content Enforcement, And Event Disruption Attacks
The global cybersecurity landscape continues to evolve rapidly as attackers expand their focus on developer ecosystems, public-facing institutions, and anonymization infrastructure. At the same time, regulators and law enforcement agencies are stepping up enforcement efforts around AI misuse and cybercrime-enabling services. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/tce-weekly-roundup-cybersecurity-supply-chain/
-
The Cyber Express Weekly Roundup: Supply Chain Breaches, AI Content Enforcement, And Event Disruption Attacks
The global cybersecurity landscape continues to evolve rapidly as attackers expand their focus on developer ecosystems, public-facing institutions, and anonymization infrastructure. At the same time, regulators and law enforcement agencies are stepping up enforcement efforts around AI misuse and cybercrime-enabling services. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/tce-weekly-roundup-cybersecurity-supply-chain/
-
A hacker group is poisoning open source code at an unprecedented scale
GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks. First seen on arstechnica.com Jump to article: arstechnica.com/information-technology/2026/05/a-hacker-group-is-poisoning-open-source-code-at-an-unprecedented-scale/
-
Hackers Abuse Hugging Face to Deliver npm Malware
A newly uncovered supply chain attack targeting the npm ecosystem has been linked to North Korean (DPRK)-aligned threat actors. The campaign centers around a malicious npm package named terminal-logger-utils, which embeds a sophisticated multi-stage malware capable of keylogging, data exfiltration, and remote system control. The package was distributed through three dependent libraries pretty-logger-utils, ts-logger-pack, and pinno-loggers which automatically…
-
Mini Shai-Hulud Attack Prompts npm to Revoke 2FA-Bypass Tokens
npm has forced a platform-wide reset of granular access tokens that bypass two-factor authentication (2FA) after a wave of supply chain attacks linked to the “Mini Shai-Hulud” campaign compromised hundreds of JavaScript packages. The emergency action, rolled out on May 19, invalidated all npm tokens with write permissions that allowed publishing without 2FA. The move…
-
Grafana Labs links GitHub environment breach to TanStack npm supply chain attack
The company behind the widely used observability platform refused an extortion demand and has since taken steps to harden its security. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/grafana-labs-github-environment-breach-tanstack-npm-supply-chain/820866/
-
GitHub, Grafana Labs breaches traced back to TanStack supply chain compromise
GitHub CISO Alexis Wales has named the malicious VS Code extension behind the breach they suffered at the hands of the threat group TeamPCP: Nx Console, a popular developer … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/21/github-grafana-breach-root-cause-nx-console/
-
Three-Quarters of Firms Knowingly Ship Vulnerable Code
AI risks threaten to permeate supply chains through unvetted code and unaudited suppliers First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/threequarters-knowingly-ship/
-
A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale
GitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has impacted hundreds of organizations. First seen on wired.com Jump to article: www.wired.com/story/teampcp-software-supply-chain-attack-spree-github/