supply chain
Glassworm botnet disrupted after resilient C2 infrastructure takedown
The Glassworm botnet targeting developers in software supply-chain attacks has been disrupted after researchers took down its resilient command-and-control infrastructure relying on Solana blockchain transactions and the BitTorrent DHT network. In a coordinated operation conducted yesterday, CrowdStrike, Google, and The Shadowserver Foundation cut off the botnet operators’ access to four distinct command-and-control (C2) channels designed […]
New Shai-Hulud malware wave compromises 600 npm packages
Threat actors earlier today published more than 600 malicious packages to the Node Package Manager (npm) index as part of a new Shai-Hulud supply-chain campaign. Most of the affected packages are in the @antv ecosystem, which includes libraries for charting, graph visualization, building flowcharts, and mapping. However, popular packages outside this namespace have also been […]
Popular node-ipc npm package compromised to steal credentials
Hackers have injected credential-stealing malware into newly published versions of node-ipc, a popular inter-process communication package, in a new supply chain attack targeting npm. The node-ipc package is a Node.js module that enables various processes to communicate through all forms of sockets, including Unix, Windows, UDP, TLS, and TCP. Despite the maintainer publishing in March […]
Shai Hulud attack ships signed malicious TanStack, Mistral npm packages
Hundreds of packages across npm and PyPI have been compromised in a new Shai-Hulud supply-chain campaign delivering credential-stealing malware targeting developers. The attacker hijacked valid OpenID Connect (OIDC) tokens to publish malicious package versions with verifiable provenance attestation (SLSA Build Level 3) Attributed to the TeamPCP threat group, the attack started with compromising dozens of TanStack […]
Official CheckMarx Jenkins package compromised with infostealer
Checkmarx warned over the weekend that a rogue version of its Jenkins Application Security Testing (AST) plugin had been published on the Jenkins Marketplace. The compromise was claimed by the TeamPCP hacker group, which initiated a spree of supply-chain attacks that included the Shai-Hulud campaigns on npm and the Trivy vulnerability scanner breach, resulting in the delivery of credential-stealing […]
DAEMON Tools trojanized in supply-chain attack to deploy backdoor
Hackers trojanized installers for the DAEMON Tools software and since April 8, delivered a backdoor to thousands of systems that downloaded the product from the official website. The supply-chain attack led to thousands of infections in more than 100 countries. However, second-stage payloads were deployed only to a dozen machines, indicating a targeted attack aimed […]
Backdoored PyTorch Lightning package drops credential stealer
A malicious version of the PyTorch Lightning package published on the Python Package Index (PyPI) delivers a credential-stealing payload targeting browsers, environment files, and cloud services. The developer disclosed the supply-chain attack on April 30, saying that version 2.6.3 of the package included a hidden execution chain that downloads and executes a JavaScript payload. PyTorch […]
PyPI package with 1.1M monthly downloads hacked to push infostealer
An attacker pushed a malicious version of the popular elementary-data package Python Package Index (PyPI) to steal sensitive developer data and cryptocurrency wallets. The dangerous release is 0.23.3, and it extended to the Docker image due to the package’s workflow that creates the image from the code and uploads it to a container registry for […]
New Checkmarx supply-chain breach affects KICS analysis tool
Hackers have compromised Docker images, VSCode and Open VSX extensions for the Checkmarx KICS analysis tool to harvest sensitive data from developer environments. KICS, short for Keeping Infrastructure as Code Secure, is a free, open-source scanner that helps developers identify security vulnerabilities in source code, dependencies, and configuration files. The tool is typically run locally […]
New npm supply-chain attack self-spreads to steal auth tokens
A new supply chain attack targeting the Node Package Manager (npm) ecosystem is stealing developer credentials and attempting to spread through packages published from compromised accounts. The threat was spotted by researchers at application security companies Socket and StepSecurity in multiple packages from Namastex Labs, a company that provides AI-based agentic solutions designed to improve […]