All news with #software supply chain security tag

🛡️ Responsible Disclosure in the Age of AI argues that frontier AI systems now autonomously discover software vulnerabilities at unprecedented speed and scale, exposing long-standing technical debt in the software industry. The piece traces the evolution of assurance practices and disclosure frameworks and highlights growing tension between offensive and defensive cyber equities, particularly in the U.S. and China. It calls for coordinated national and international efforts to accelerate remediation, patch management, and investment in automated repair capabilities to close the narrowing window before adversaries exploit these advances.

🔒 This AWS Security blog post outlines best practices for defending against software supply chain attacks, motivated by recent npm incidents like Shai‑Hulud and axios. It emphasizes reducing long‑lived credentials by using temporary credentials (AWS CLI login, IAM Identity Center, OIDC) and centralizing secrets with AWS Secrets Manager or Systems Manager Parameter Store. The article advocates layered defenses including MFA, multi‑approver workflows, artifact signing with AWS Signer, central package repositories using CodeArtifact, image scanning with Amazon Inspector, and provenance attestations for npm packages.

🚨 The Mini Shai-Hulud worm resurfaced in a coordinated supply-chain wave that published 639 malicious versions across 323 npm packages tied to the AntV visualization ecosystem on 19 May, lasting roughly an hour. Analysis by Socket and updates from Microsoft show the payload added preinstall hooks executing an obfuscated Bun bundle to harvest cloud and CI secrets. Many affected packages are high-download dependencies and the compromised maintainer account held rights to over 500 packages. Responders should pin pre-19 May versions, rotate exposed credentials and audit GitHub for forged repository activity.

⚠️ The Shai-Hulud campaign rapidly published more than 600 malicious npm package versions across 323 unique packages, primarily targeting the @antv ecosystem but also compromising other widely used libraries. The injected, obfuscated payloads harvest developer and CI/CD secrets and exfiltrate data via the Session P2P network, with GitHub used as a fallback repository to publish stolen artifacts. Researchers from Socket and Endor Labs report the attack includes self-propagation, token reuse, and abuse of CI OIDC tokens, allowing malicious packages to appear legitimately signed. Developers should uninstall affected packages and rotate any exposed credentials immediately.

⚠ TeamPCP's "Mini Shai-Hulud" campaign has trojanized npm and PyPI packages from maintainers including TanStack, Mistral AI, OpenSearch, UiPath, and Guardrails AI, deploying an obfuscated credential stealer that targets cloud services, crypto wallets, AI tools, messaging apps and CI systems. The malware exfiltrates data via a Session Protocol domain (filev2.getsession[.]org), a typosquat domain and GitHub API dead-drops, and persists through IDE hooks in Claude Code and VS Code. Attackers abused GitHub Actions OIDC permissions and produced malicious packages with valid SLSA attestations; TanStack's cluster was assigned CVE-2026-45321 (CVSS 9.6).

🔐 Google has expanded Binary Transparency for Android to publish a cryptographic, append-only ledger that records production Google app binaries and Mainline modules. Beginning May 1, 2026, supported production apps will have public ledger entries to attest authenticity. Google is also providing verification tooling so users and researchers can confirm software integrity and detect unauthorized or "one-off" builds.

🔒 A new supply chain campaign used sleeper Ruby gems and Go modules published by BufferZoneCorp to deploy post-install payloads that harvest credentials and establish persistence. The malicious Ruby packages exfiltrated environment variables, SSH keys, AWS secrets, .npmrc/.netrc files and developer configuration during install. The Go modules tampered with GitHub Actions by installing fake go wrappers, intercepting builds, and adding a hard-coded SSH key to ~/.ssh/authorized_keys. Users should remove affected packages, rotate exposed credentials, and inspect systems and CI runners for unauthorized SSH entries and outbound connections.

🛡️ Security researchers at Socket and StepSecurity have identified malicious versions of pgserve and automagik published to the npm registry that execute a credential-harvesting payload during installation. The trojans collect tokens, SSH keys, cloud credentials (AWS, Azure, GCP), browser passwords and crypto wallet funds, and attempt to propagate by using any npm publish tokens found on infected machines. Stolen data is encrypted and exfiltrated to a decentralized ICP canister, chosen specifically to resist takedown. Developers are urged to rotate all credentials immediately, disable automatic postinstall scripts (npm config set ignore-scripts true), harden CI/CD egress and tighten token scopes.

🚨 Researchers have uncovered a self-propagating npm supply-chain attack that steals developer credentials and attempts to republish infected packages from compromised accounts. Socket and StepSecurity observed malicious versions in at least 16 Namastex Labs packages, including AI tooling and database modules. The payload harvests tokens, API keys, SSH keys, cloud and CI/CD credentials, browser-stored wallets, and attempts to use npm and PyPI publish tokens to inject itself into packages and spread.

⚠️ CISA alerts organizations to a software supply chain compromise impacting the Axios npm package. On March 31, 2026, axios@1.14.1 and axios@0.30.4 introduced a malicious dependency plain-crypto-js@4.2.1 that fetches multi-stage payloads, including a remote access trojan. The agency recommends detection and remediation steps such as downgrading to axios@1.14.0 or axios@0.30.3, removing node_modules/plain-crypto-js/, rotating exposed credentials, hardening npm configuration (set ignore-scripts=true and min-release-age=7), and conducting EDR hunts and network monitoring to confirm no remaining indicators of compromise.

⚠️ Unit 42's hands-on evaluation finds frontier AI models can autonomously identify complex software vulnerabilities and map exploit chains, dramatically accelerating the discovery-to-exploitation timeline. The researchers warn this capability raises immediate risks to open source projects and supply chains, and will compress N-day windows to hours. They urge aggressive prevention, automated patching, and hardened development pipelines.

🔒 The NCSC has published a coordinated plan to improve NHS cyber resilience, focusing on piloting tools via ACD 2.0, securing the software supply chain, managing vulnerability disclosures, enhancing visibility and promoting services such as Early Warning, the Cyber Action Toolkit and Cyber Essentials. The agency is applying the Software Security Code of Practice in procurement and using data science to prioritise supplier risk while its Vulnerability Reporting Service continues to support GP surgeries, trusts and health boards. Additional measures include the NHS App adopting passkeys, attack surface management, deception-technology experiments, DNS analytics and Threat Hunting Workshops to develop playbooks and strengthen sector collaboration.

⚠️ A critical remote code execution vulnerability has been disclosed in protobuf.js, the widely used JavaScript implementation of Google's Protocol Buffers, caused by unsafe dynamic code generation that concatenates schema-derived identifiers into functions. An attacker who can supply or influence schemas can inject arbitrary JavaScript into a generated Function() call, which executes when the crafted schema is processed. Maintainers and Endor Labs urge immediate upgrades to patched releases and recommend treating schema-loading as untrusted while auditing transitive dependencies.

⚠️ TrueSec reports a malicious supply-chain compromise in the Python Package Index package litellm version 1.82.8. The published wheel contains a malicious .pth file named litellm_init.pth (34,628 bytes) that the Python interpreter executes automatically on every startup, without requiring any explicit import of the module. This behavior enables silent, persistent code execution on affected systems and increases the risk to downstream projects and production environments. The incident underscores the urgent need for SBOMs, SLSA, and SigStore adoption to harden supply-chain defenses.

🔒 Supply chain attacks now bypass traditional defenses by exploiting trusted vendors, open-source components, cloud services, and MSP tools, creating cascading impact across distributed environments. Map and inventory all dependencies, classify them by criticality, and continuously evaluate supplier posture using SBOMs, patch cadence, and incident response readiness. Apply Zero Trust controls: MFA, least privilege, segmentation, and just-in-time access, and centralize unified telemetry across endpoints, identity, network, email, and backups to detect anomalies faster. Finally, design recovery playbooks, immutable backups, and automated restore testing to shorten downtime when compromise occurs.

🔒 Recent weeks have seen multiple high-profile supply chain compromises, including malicious modifications to Axios and repository hijacks by TeamPCP that impacted tools such as Trivy. These incidents highlight how widely used libraries can rapidly propagate risk and complicate inventory and remediation efforts. The report emphasizes securing identity and CI/CD pipelines, maintaining accurate software inventories, prioritizing rapid patching, and reinforcing fundamentals like segmentation, robust logging, and multi-factor authentication to limit impact and lateral movement.

🔒 Modern vulnerability management must go beyond scanning version numbers to encompass download policies, AI guardrails, and build-pipeline controls. Organizations should adopt a trusted internal artifact registry, rigorous component screening, and dependency pinning to reduce supply-chain and malicious-package risks. Complement these controls with enriched vulnerability intelligence, SCA, and developer training. Systematic handling of EOL or abandoned components — via migration, LTS, or compensatory controls — completes the approach.

🛡️Open-source components are now central to modern development, but their vulnerability data, maintenance status, and supply-chain integrity are increasingly unreliable. Public vulnerability databases often lack CVSS scores, contain inconsistent metadata, and lag behind exploit availability, leaving teams to guess prioritization. Unmaintained, EOL packages persist across projects, and registries have seen sharp rises in malicious packages and automated worm-like campaigns. AI-assisted coding accelerates development but can amplify these risks by suggesting outdated or hallucinated dependencies and cannot fully remediate legacy or deep dependency flaws on its own.

🔒 The year 2025 saw an unprecedented surge of supply-chain compromises that targeted ecosystems across repositories, package registries, CI/CD workflows, and service providers. Incidents ranged from the US$1.5 billion Bybit Safe{Wallet} heist to self-propagating worms like Shai-Hulud and GlassWorm infecting npm and VS Code extensions. Attackers employed stolen tokens, typosquatting, phishing and malicious CI workflows to plant backdoors, steal secrets, and drain crypto, prompting urgent calls for stronger vendor controls, code audits, and incident response readiness.

🪲 The GlassWorm supply‑chain campaign has resurfaced, compromising 433 packages, repositories, and extensions across GitHub, npm, and VSCode/OpenVSX. Researchers from Aikido, Socket, Step Security and the OpenSourceMalware community link the activity to a single actor using the same Solana address, identical payloads, and shared infrastructure. Malicious commits employ invisible Unicode to hide obfuscated JavaScript that polls the Solana blockchain for memos and downloads a Node.js runtime to execute an information stealer; developers should search for the marker lzcdrtfxyqiplpd and inspect for persistence artefacts.