All news with #software supply chain security tag

⚠️ TrueSec reports a malicious supply-chain compromise in the Python Package Index package litellm version 1.82.8. The published wheel contains a malicious .pth file named litellm_init.pth (34,628 bytes) that the Python interpreter executes automatically on every startup, without requiring any explicit import of the module. This behavior enables silent, persistent code execution on affected systems and increases the risk to downstream projects and production environments. The incident underscores the urgent need for SBOMs, SLSA, and SigStore adoption to harden supply-chain defenses.

🔒 Supply chain attacks now bypass traditional defenses by exploiting trusted vendors, open-source components, cloud services, and MSP tools, creating cascading impact across distributed environments. Map and inventory all dependencies, classify them by criticality, and continuously evaluate supplier posture using SBOMs, patch cadence, and incident response readiness. Apply Zero Trust controls: MFA, least privilege, segmentation, and just-in-time access, and centralize unified telemetry across endpoints, identity, network, email, and backups to detect anomalies faster. Finally, design recovery playbooks, immutable backups, and automated restore testing to shorten downtime when compromise occurs.

🔒 Recent weeks have seen multiple high-profile supply chain compromises, including malicious modifications to Axios and repository hijacks by TeamPCP that impacted tools such as Trivy. These incidents highlight how widely used libraries can rapidly propagate risk and complicate inventory and remediation efforts. The report emphasizes securing identity and CI/CD pipelines, maintaining accurate software inventories, prioritizing rapid patching, and reinforcing fundamentals like segmentation, robust logging, and multi-factor authentication to limit impact and lateral movement.

🔒 Modern vulnerability management must go beyond scanning version numbers to encompass download policies, AI guardrails, and build-pipeline controls. Organizations should adopt a trusted internal artifact registry, rigorous component screening, and dependency pinning to reduce supply-chain and malicious-package risks. Complement these controls with enriched vulnerability intelligence, SCA, and developer training. Systematic handling of EOL or abandoned components — via migration, LTS, or compensatory controls — completes the approach.

🛡️Open-source components are now central to modern development, but their vulnerability data, maintenance status, and supply-chain integrity are increasingly unreliable. Public vulnerability databases often lack CVSS scores, contain inconsistent metadata, and lag behind exploit availability, leaving teams to guess prioritization. Unmaintained, EOL packages persist across projects, and registries have seen sharp rises in malicious packages and automated worm-like campaigns. AI-assisted coding accelerates development but can amplify these risks by suggesting outdated or hallucinated dependencies and cannot fully remediate legacy or deep dependency flaws on its own.

🔒 The year 2025 saw an unprecedented surge of supply-chain compromises that targeted ecosystems across repositories, package registries, CI/CD workflows, and service providers. Incidents ranged from the US$1.5 billion Bybit Safe{Wallet} heist to self-propagating worms like Shai-Hulud and GlassWorm infecting npm and VS Code extensions. Attackers employed stolen tokens, typosquatting, phishing and malicious CI workflows to plant backdoors, steal secrets, and drain crypto, prompting urgent calls for stronger vendor controls, code audits, and incident response readiness.

🪲 The GlassWorm supply‑chain campaign has resurfaced, compromising 433 packages, repositories, and extensions across GitHub, npm, and VSCode/OpenVSX. Researchers from Aikido, Socket, Step Security and the OpenSourceMalware community link the activity to a single actor using the same Solana address, identical payloads, and shared infrastructure. Malicious commits employ invisible Unicode to hide obfuscated JavaScript that polls the Solana blockchain for memos and downloads a Node.js runtime to execute an information stealer; developers should search for the marker lzcdrtfxyqiplpd and inspect for persistence artefacts.

🧬 Security researchers say a GlassWorm offshoot, tracked as ForceMemo, uses stolen GitHub tokens to inject obfuscated malware into hundreds of Python repositories by appending code to entry files like setup.py, main.py, and app.py. Attackers steal tokens via malicious VS Code and Cursor extensions, then rebase and force-push rewritten commits to preserve author metadata and hide traces. The appended payload uses a Solana transaction memo to fetch additional payloads and includes locale checks that skip execution on Russian-language systems. Downstream users who pip install or run compromised projects risk executing encrypted JavaScript that can steal cryptocurrency and sensitive data.

🛡️ Endor Labs has identified 88 additional malicious npm packages tied to the PhantomRaven supply-chain campaign, published between November 2025 and February 2026, with 81 still live and two active C2 servers. The operation uses Remote Dynamic Dependencies (RDD) to fetch credential-stealing payloads from attacker-controlled URLs during npm install. The payload harvests developer and CI/CD credentials and exfiltrates data via HTTP and WebSocket channels, while attackers rotate accounts, domains, and package metadata to evade takedowns.

⚠️ ReversingLabs uncovered a malicious NuGet package named StripeApi.Net that impersonated the widely used Stripe.net .NET library for Stripe payments. The typosquatting listing duplicated icons, documentation and tags and used the publisher name 'StripePayments' while retaining a default avatar to appear credible. The fake package accrued an apparently inflated 180,000-plus downloads by spreading roughly 300 downloads across 506 versions. Subtle code changes captured Stripe API keys and a machine identifier and exfiltrated them to an attacker-controlled Supabase database; NuGet removed the package quickly after it was reported and investigators found only a test entry.

🔒 Security researchers at Socket uncovered four malicious NuGet packages — NCryptYo, DOMOAuth2_, IRAOAuth2.0, and SimpleWriter_ — that target ASP.NET developers to steal Identity data and manipulate authorization rules. The packages, published in August 2024 by user hamzazaheer and downloaded over 4,500 times before removal, deploy a localhost proxy and stage payloads to relay stolen data to an external C2. Separately, Tenable disclosed a malicious npm package ambar-src that used a preinstall hook to drop cross-platform malware (Windows, Linux, macOS), enabling full-system compromise and data exfiltration.

🔒 In December 2025 npm completed a major credential overhaul, revoking long‑lived classic tokens and moving to short‑lived session tokens and OIDC Trusted Publishing to reduce supply‑chain risk. While MFA by default and ephemeral per‑run CI credentials limit exposure, optional 90‑day tokens that bypass MFA and successful MFA phishing still permit rapid malicious publishes. Developers should favor OIDC, avoid long‑lived bypassable tokens, and enforce MFA-on-publish where possible to further harden the ecosystem.

🔐 Developers and the tools they rely on are increasingly targeted as attackers move beyond exploiting application bugs to compromising developer workflows and ecosystems. Threats include typosquatting, malicious open-source packages, compromised plugins, supply-chain hijacks and fake employees who gain insider access. AI increases the scale and plausibility of social engineering, code changes and malicious package recommendations. Security leaders should combine identity hygiene, least-privilege, secrets management, whitelists and continuous hands-on developer training to reduce risk.

🔐 Software developers are increasingly targeted by attackers exploiting their tools, credentials, and trusted channels rather than traditional application bugs. Threats include malicious IDE extensions, tainted open-source packages, CI/CD pipeline abuse, credential theft, social engineering, and AI-driven manipulation. Because developers hold tokens, API keys, cloud credentials, and long-lived secrets, compromises can grant broad access to source code and infrastructure. CISOs must combine technical controls, least-privilege practices, supply-chain defenses, and ongoing developer training to reduce systemic risk.

⚠️ Cybersecurity researchers disclosed a supply chain attack that replaced legitimate dYdX packages on npm and PyPI with malicious releases designed to steal wallet credentials and enable remote code execution. Malicious code ran during normal use, exfiltrating seed phrases, device data and calling back to a command-and-control endpoint. dYdX and researchers advise isolating affected hosts, moving funds from clean systems and rotating credentials.

🐛 The article warns that modern software supply chains are increasingly vulnerable, highlighting incidents like Shai-Hulud, React2Shell, and XZ Utils as examples of threats that evolved from passive typosquatting to active, worm-like propagation. Once onboard, these worms harvest developer credentials to push infected packages and can trigger destructive dead-man wipes if analyzed. CISOs are urged to end implicit trust in CI/CD identities, break down security silos, adopt cross-functional monitoring, and prepare for AI-driven and polyglot supply-chain attacks.

🔔 Sonatype's 2026 State of the Software Supply Chain report warns of a sharp rise in malicious open-source packages, finding 454,648 new malicious components in 2025 across Maven Central, PyPI, npm and NuGet. The vendor says developers downloaded components 9.8 trillion times last year and that threats have evolved from stunts into industrialized, multi-stage supply chain intrusions. The report highlights AI-related risks, typosquatting and namespace mimicry as primary enablers.

🔓 npm and yarn contain vulnerabilities, dubbed PackageGate, that Koi Security researcher Oren Yomtov says can bypass defenses introduced after the Shai-Hulud campaign by allowing lifecycle scripts to run and lockfile integrity to be evaded. pnpm, vlt and Bun have addressed the issues; npm and yarn have not applied comparable fixes. GitHub and npm maintain some behaviors are intentional—particularly that installing git dependencies with a prepare script will trigger installs—which Yomtov disputes. Developers are advised to prefer patched managers, follow the post-Shai-Hulud guidance, and keep tooling current.

🔐 The npm ecosystem has shifted from simple typosquatting to coordinated, credential-driven supply‑chain intrusions that target maintainers, CI pipelines, and trusted automation. Attackers now compromise legitimate packages via stolen tokens and publish trojanized updates that quietly propagate to millions of downstream projects. Detection increasingly requires runtime and anomaly analysis rather than static scanning, while mitigations focus on treating CI runners as production assets, aggressively rotating and scoping publish tokens, disabling unnecessary lifecycle scripts, and pinning dependencies to immutable versions.

🐛 Shai‑Hulud marks a shift from passive supply‑chain tricks to an actively propagating worm that targets developer identities and CI/CD trust. Variants harvest NPM tokens, GitHub secrets and leverage stolen credentials to publish infected packages automatically, often including a dead‑man switch to erase traces. CISOs must treat pipelines and AI-assisted tooling as primary attack surfaces.