Tag: supply-chain
-
Grafana Labs Says Code Breach Stemmed from TanStack Attack
Grafana Labs has confirmed a recent data breach was caused by the TanStack supply chain attack First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/grafana-labs-code-breach-tanstack/
-
Mini Shai-Hulud Hits @antv npm Packages, Targets CI/CD Secrets
An Active and sophisticated supply chain attack targeting the widely used @antv npm ecosystem, where a threat actor compromised a maintainer account and pushed malicious package updates designed to steal sensitive CI/CD credentials. The campaign, dubbed “Mini Shai-Hulud,” demonstrates how deeply embedded open-source libraries can be weaponized to infiltrate modern development pipelines at scale. The…
-
GitHub links repo breach to TanStack npm supply-chain attack
GitHub says the hackers who breached 3,800 internal repositories gained access via a malicious version of the Nx Console VS Code extension, compromised in last week’s TanStack npm supply-chain attack. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/github-links-repo-breach-to-tanstack-npm-supply-chain-attack/
-
Grafana breach caused by missed token rotation after TanStack attack
The Grafana data breach was caused by a single GitHub workflow token that slipped through the rotation process following the TanStack npm supply-chain attack last week. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/grafana-breach-caused-by-missed-token-rotation-after-tanstack-attack/
-
Mini Shai-Hulud Hits Hundreds of npm Packages in AntV Ecosystem
Mini Shai-Hulud worm hits Alibaba AntV ecosystem in largest npm supply chain wave to date First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/antv-npm-mini-shai-hulud-largest/
-
Microsoft DurableTask Python Client Targeted in TeamPCP Cyberattack
The ongoing TeamPCP software supply chain campaign has compromised the official Microsoft DurableTask Python client, a widely used package for orchestrating workflows in Python applications. Three versions of the durabletask package on PyPI, 1.4.1, 1.4.2, and 1.4.3, were identified as malicious and subsequently quarantined by PyPI after analysis by Wiz researchers. This incident highlights how attackers are…
-
Typosquatting Is No Longer a User Problem. It’s a Supply Chain Problem
AI-generated lookalike domains are now embedded inside the third-party scripts running on your web properties. Here’s why your current stack can’t see them, and what detection actually requires.Download the CISO Expert Guide to Typosquatting in the AI Era →TL;DR Typosquatting is no longer a user problem. Attackers now embed lookalike domains inside legitimate third-party scripts.…
-
Mini Shai-Hulud Attack Hits npm Ecosystem, Compromising Over 600 Packages
A large-scale supply chain attack targeting the npm ecosystem has resurfaced with a new variant of the Mini Shai-Hulud malware, compromising more than 600 packages and introducing advanced evasion techniques, including forged Sigstore provenance. The attack primarily targeted the widely used @antv ecosystem but quickly spread to other popular libraries and developer tools. The attack…
-
Single-Letter Go Module Typosquat Drops DNS-Based Backdoor
A newly uncovered software supply chain attack targeting Go developers demonstrates how a single-character typo can silently introduce a persistent backdoor. A malicious Go module, github.com/shopsprint/decimal, designed to impersonate the widely trusted github.com/shopspring/decimal library used for high-precision arithmetic in financial and analytics applications. The legitimate package is heavily adopted across the Go ecosystem, with more than 38,000 known…
-
Hackers have compromised dozens of popular open source packages in an ongoing supply-chain attack
The attacks are part of a wider campaign known as Mini Shai-Hulud, which has already compromised several open source projects and, in turn, developers and companies that use them. First seen on techcrunch.com Jump to article: techcrunch.com/2026/05/19/hackers-have-compromised-dozens-of-popular-open-source-packages-in-an-ongoing-supply-chain-attack/
-
Only a Handful of CVEs Mattered for Supply Chain in 2025
Is the Vulnerability Exposed and Easily Exploitable?. Not all supply chain vulnerabilities are alike. Between the exploding volume of new CVEs and the number of actual mass attacks, there lies a sweet spot of just dozens of vulnerabilities to quickly patch to head off risk. No company is able to address every new vulnerability. First…
-
Hackers have compromised dozens of popular open source packages in an ongoing supply chain attack
The attacks are part of a wider campaign known as Mini Shai-Hulud, which has already compromised several open source projects and, in turn, developers and companies that use them. First seen on techcrunch.com Jump to article: techcrunch.com/2026/05/19/hackers-have-compromised-dozens-of-popular-open-source-packages-in-an-ongoing-supply-chain-attack/
-
Securing the AI Supply Chain in the European Union
The European Union’s AI strategy is entering a new phase. What began as a commitment to “trustworthy AI,” grounded in ethics and human rights, is now evolving into a legally enforceable framework for technically secure AI. EU-specific AI, data and cybersecurity regulations are taking effect, alongside the January 2026 Digital Omnibus initiative. Cybersecurity is no…
-
New Shai-Hulud malware wave compromises 600 npm packages
Threat actors earlier today published more than 600 malicious packages to the Node Package Manager (npm) index as part of a new Shai-Hulud supply-chain campaign. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-shai-hulud-malware-wave-compromises-600-npm-packages/
-
Shai-Hulud worm copycats emerge after source code leak
Shai-Hulud worm copycats are already attacking NPM developers after its source code leaked, enabling fast supply chain exploitation. The first copycats of the Shai-Hulud worm have already started showing up online, only a few days after the malware’s source code was dumped on GitHub. Researchers had warned this would happen almost immediately, and they were…
-
Popular GitHub Action Tags Redirected to Imposter Commit to Steal CI/CD Credentials
In yet another software supply chain attack, threat actors have compromised the popular GitHub Actions workflow, actions-cool/issues-helper, to run malicious code that harvests sensitive credentials and exfiltrates them to an attacker-controlled server.”Every existing tag in the repository has been moved to point to an imposter commit that does not appear in the action’s normal commit…
-
Compromised GitHub Action Steals Workflow Credentials
A widely used GitHub Action, actions-cool/issues-helper, has been compromised in a supply chain attack that exposes sensitive CI/CD secrets to an attacker-controlled domain. The attack hinges on a subtle but powerful manipulation of Git tags. Instead of altering the visible commit history, the attacker moved all release tags to an “imposter commit” identified as 1c9e803, which does…
-
Mini Shai-Hulud Attack Hits @antv npm Packages
A large-scale npm supply chain attack has compromised multiple widely used packages within the @antv ecosystem, to investigate what appears to be an active and rapidly evolving campaign linked to the Mini Shai-Hulud malware family. The attack centers on the compromise of the npm maintainer account “atool,” which is associated with several popular JavaScript libraries.…
-
Mini Shai-Hulud Attack Hits @antv npm Packages
A large-scale npm supply chain attack has compromised multiple widely used packages within the @antv ecosystem, to investigate what appears to be an active and rapidly evolving campaign linked to the Mini Shai-Hulud malware family. The attack centers on the compromise of the npm maintainer account “atool,” which is associated with several popular JavaScript libraries.…
-
GitHub Actions Supply Chain Attack Redirects Tags to Steal CI/CD Credentials
In yet another software supply chain attack, threat actors have compromised the popular GitHub Actions workflow, actions-cool/issues-helper, to run malicious code that harvests sensitive credentials and exfiltrates them to an attacker-controlled server.”Every existing tag in the repository has been moved to point to an imposter commit that does not appear in the action’s normal commit…
-
Mini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer Account
Cybersecurity researchers have discovered a fresh software supply chain attack campaign that has compromised various npm packages associated with the @antv ecosystem as part of the ongoing Mini Shai-Hulud attack wave.”The attack affects packages tied to the npm maintainer account atool, including echarts-for-react, a widely used React wrapper for Apache ECharts with roughly 1.1 million…
-
(g+) Trivy Supply-Chain-Angriff: Wenn der Security-Scanner selbst zum Angriff wird
Trivys Github Actions wurden zweimal gehackt. Ein Credential-Stealer lief in Tausenden CI/CD-Pipelines unbemerkt. First seen on golem.de Jump to article: www.golem.de/news/trivy-supply-chain-angriff-wenn-der-security-scanner-selbst-zum-angriff-wird-2605-208688.html
-
Developer Workstations Are Now Part of the Software Supply Chain
Supply chain attackers are not only trying to slip malicious code into trusted software. They are trying to steal the access that makes trusted software possible. Recently, three separate campaigns hit npm, PyPI, and Docker Hub in a 48-hour window, and all three targeted secrets from developer environments and CI/CD pipelines, including API keys, cloud…
-
Malicious npm Packages Steal SSH Keys, Cloud Credentials, and Crypto Wallets
A new supply chain attack campaign targeting developers has surfaced in the npm ecosystem, with four malicious packages discovered stealing sensitive data, including SSH keys, cloud credentials, and cryptocurrency wallets. The campaign, identified by OX Security within the past 24 hours, highlights the growing risk posed by typosquatting attacks and reused open-source malware. The malicious…
-
When ransomware hits, confidence doesn’t restore endpoints
Ransomware, supply chain vulnerabilities, insider threats, compliance failures, and software disruptions remain major concerns for security leaders, according to The … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/18/absolute-security-cisos-ransomware-pressure-report/
-
OpenAI hit by supply chain attack linked to malicious TanStack packages
OpenAI said the TanStack supply chain attack compromised two employee devices and exposed credentials from code repositories. OpenAI confirmed that the recent TanStack supply chain attack compromised two employee devices and exposed credential material stored in internal source code repositories. The incident began after the TeamPCP hacking group abused weaknesses in the package publishing process…