< ciso
brief />
Tag Banner

All news with #software supply chain security tag

81 articles · page 2 of 5

Mini Shai-Hulud Worm Compromises npm and PyPI Supply Chain

⚠ TeamPCP's "Mini Shai-Hulud" campaign has trojanized npm and PyPI packages from maintainers including TanStack, Mistral AI, OpenSearch, UiPath, and Guardrails AI, deploying an obfuscated credential stealer that targets cloud services, crypto wallets, AI tools, messaging apps and CI systems. The malware exfiltrates data via a Session Protocol domain (filev2.getsession[.]org), a typosquat domain and GitHub API dead-drops, and persists through IDE hooks in Claude Code and VS Code. Attackers abused GitHub Actions OIDC permissions and produced malicious packages with valid SLSA attestations; TanStack's cluster was assigned CVE-2026-45321 (CVSS 9.6).
read more →

Google Expands Binary Transparency for Android Apps

🔐 Google has expanded Binary Transparency for Android to publish a cryptographic, append-only ledger that records production Google app binaries and Mainline modules. Beginning May 1, 2026, supported production apps will have public ledger entries to attest authenticity. Google is also providing verification tooling so users and researchers can confirm software integrity and detect unauthorized or "one-off" builds.
read more →

Poisoned Ruby Gems and Go Modules Target Developers

🔒 A new supply chain campaign used sleeper Ruby gems and Go modules published by BufferZoneCorp to deploy post-install payloads that harvest credentials and establish persistence. The malicious Ruby packages exfiltrated environment variables, SSH keys, AWS secrets, .npmrc/.netrc files and developer configuration during install. The Go modules tampered with GitHub Actions by installing fake go wrappers, intercepting builds, and adding a hard-coded SSH key to ~/.ssh/authorized_keys. Users should remove affected packages, rotate exposed credentials, and inspect systems and CI runners for unauthorized SSH entries and outbound connections.
read more →

Malicious pgserve and automagik Packages Target npm

🛡️ Security researchers at Socket and StepSecurity have identified malicious versions of pgserve and automagik published to the npm registry that execute a credential-harvesting payload during installation. The trojans collect tokens, SSH keys, cloud credentials (AWS, Azure, GCP), browser passwords and crypto wallet funds, and attempt to propagate by using any npm publish tokens found on infected machines. Stolen data is encrypted and exfiltrated to a decentralized ICP canister, chosen specifically to resist takedown. Developers are urged to rotate all credentials immediately, disable automatic postinstall scripts (npm config set ignore-scripts true), harden CI/CD egress and tighten token scopes.
read more →

New npm supply-chain worm steals auth tokens, spreads

🚨 Researchers have uncovered a self-propagating npm supply-chain attack that steals developer credentials and attempts to republish infected packages from compromised accounts. Socket and StepSecurity observed malicious versions in at least 16 Namastex Labs packages, including AI tooling and database modules. The payload harvests tokens, API keys, SSH keys, cloud and CI/CD credentials, browser-stored wallets, and attempts to use npm and PyPI publish tokens to inject itself into packages and spread.
read more →

Supply Chain Compromise Affects Axios npm Packages

⚠️ CISA alerts organizations to a software supply chain compromise impacting the Axios npm package. On March 31, 2026, axios@1.14.1 and axios@0.30.4 introduced a malicious dependency plain-crypto-js@4.2.1 that fetches multi-stage payloads, including a remote access trojan. The agency recommends detection and remediation steps such as downgrading to axios@1.14.0 or axios@0.30.3, removing node_modules/plain-crypto-js/, rotating exposed credentials, hardening npm configuration (set ignore-scripts=true and min-release-age=7), and conducting EDR hunts and network monitoring to confirm no remaining indicators of compromise.
read more →

Frontier AI Raises Software Vulnerability Risks, Urgency

⚠️ Unit 42's hands-on evaluation finds frontier AI models can autonomously identify complex software vulnerabilities and map exploit chains, dramatically accelerating the discovery-to-exploitation timeline. The researchers warn this capability raises immediate risks to open source projects and supply chains, and will compress N-day windows to hours. They urge aggressive prevention, automated patching, and hardened development pipelines.
read more →

NCSC outlines coordinated NHS plan to boost cyber resilience

🔒 The NCSC has published a coordinated plan to improve NHS cyber resilience, focusing on piloting tools via ACD 2.0, securing the software supply chain, managing vulnerability disclosures, enhancing visibility and promoting services such as Early Warning, the Cyber Action Toolkit and Cyber Essentials. The agency is applying the Software Security Code of Practice in procurement and using data science to prioritise supplier risk while its Vulnerability Reporting Service continues to support GP surgeries, trusts and health boards. Additional measures include the NHS App adopting passkeys, attack surface management, deception-technology experiments, DNS analytics and Threat Hunting Workshops to develop playbooks and strengthen sector collaboration.
read more →

Critical RCE in protobuf.js due to unsafe code gen

⚠️ A critical remote code execution vulnerability has been disclosed in protobuf.js, the widely used JavaScript implementation of Google's Protocol Buffers, caused by unsafe dynamic code generation that concatenates schema-derived identifiers into functions. An attacker who can supply or influence schemas can inject arbitrary JavaScript into a generated Function() call, which executes when the crafted schema is processed. Maintainers and Endor Labs urge immediate upgrades to patched releases and recommend treating schema-loading as untrusted while auditing transitive dependencies.
read more →

Malicious litellm Wheel Found in Python Package Index

⚠️ TrueSec reports a malicious supply-chain compromise in the Python Package Index package litellm version 1.82.8. The published wheel contains a malicious .pth file named litellm_init.pth (34,628 bytes) that the Python interpreter executes automatically on every startup, without requiring any explicit import of the module. This behavior enables silent, persistent code execution on affected systems and increases the risk to downstream projects and production environments. The incident underscores the urgent need for SBOMs, SLSA, and SigStore adoption to harden supply-chain defenses.
read more →

Five Steps to Strengthen Supply Chain Security & Resilience

🔒 Supply chain attacks now bypass traditional defenses by exploiting trusted vendors, open-source components, cloud services, and MSP tools, creating cascading impact across distributed environments. Map and inventory all dependencies, classify them by criticality, and continuously evaluate supplier posture using SBOMs, patch cadence, and incident response readiness. Apply Zero Trust controls: MFA, least privilege, segmentation, and just-in-time access, and centralize unified telemetry across endpoints, identity, network, email, and backups to detect anomalies faster. Finally, design recovery playbooks, immutable backups, and automated restore testing to shorten downtime when compromise occurs.
read more →

Protecting the Software Supply Chain: 2026 Guidance

🔒 Recent weeks have seen multiple high-profile supply chain compromises, including malicious modifications to Axios and repository hijacks by TeamPCP that impacted tools such as Trivy. These incidents highlight how widely used libraries can rapidly propagate risk and complicate inventory and remediation efforts. The report emphasizes securing identity and CI/CD pipelines, maintaining accurate software inventories, prioritizing rapid patching, and reinforcing fundamentals like segmentation, robust logging, and multi-factor authentication to limit impact and lateral movement.
read more →

Managing Open-Source Vulnerabilities Across the Pipeline

🔒 Modern vulnerability management must go beyond scanning version numbers to encompass download policies, AI guardrails, and build-pipeline controls. Organizations should adopt a trusted internal artifact registry, rigorous component screening, and dependency pinning to reduce supply-chain and malicious-package risks. Complement these controls with enriched vulnerability intelligence, SCA, and developer training. Systematic handling of EOL or abandoned components — via migration, LTS, or compensatory controls — completes the approach.
read more →

Open-Source Vulnerabilities and Supply Chain Risks in AI

🛡️Open-source components are now central to modern development, but their vulnerability data, maintenance status, and supply-chain integrity are increasingly unreliable. Public vulnerability databases often lack CVSS scores, contain inconsistent metadata, and lag behind exploit availability, leaving teams to guess prioritization. Unmaintained, EOL packages persist across projects, and registries have seen sharp rises in malicious packages and automated worm-like campaigns. AI-assisted coding accelerates development but can amplify these risks by suggesting outdated or hallucinated dependencies and cannot fully remediate legacy or deep dependency flaws on its own.
read more →

Supply-Chain Attacks in 2025: Notable Incidents and Lessons

🔒 The year 2025 saw an unprecedented surge of supply-chain compromises that targeted ecosystems across repositories, package registries, CI/CD workflows, and service providers. Incidents ranged from the US$1.5 billion Bybit Safe{Wallet} heist to self-propagating worms like Shai-Hulud and GlassWorm infecting npm and VS Code extensions. Attackers employed stolen tokens, typosquatting, phishing and malicious CI workflows to plant backdoors, steal secrets, and drain crypto, prompting urgent calls for stronger vendor controls, code audits, and incident response readiness.
read more →

GlassWorm Compromise Hits 400+ Repos Across Platforms

🪲 The GlassWorm supply‑chain campaign has resurfaced, compromising 433 packages, repositories, and extensions across GitHub, npm, and VSCode/OpenVSX. Researchers from Aikido, Socket, Step Security and the OpenSourceMalware community link the activity to a single actor using the same Solana address, identical payloads, and shared infrastructure. Malicious commits employ invisible Unicode to hide obfuscated JavaScript that polls the Solana blockchain for memos and downloads a Node.js runtime to execute an information stealer; developers should search for the marker lzcdrtfxyqiplpd and inspect for persistence artefacts.
read more →

GlassWorm offshoot ForceMemo injects malware in Python repos

🧬 Security researchers say a GlassWorm offshoot, tracked as ForceMemo, uses stolen GitHub tokens to inject obfuscated malware into hundreds of Python repositories by appending code to entry files like setup.py, main.py, and app.py. Attackers steal tokens via malicious VS Code and Cursor extensions, then rebase and force-push rewritten commits to preserve author metadata and hide traces. The appended payload uses a Solana transaction memo to fetch additional payloads and includes locale checks that skip execution on Russian-language systems. Downstream users who pip install or run compromised projects risk executing encrypted JavaScript that can steal cryptocurrency and sensitive data.
read more →

PhantomRaven resurfaces on npm with 88 malicious packages

🛡️ Endor Labs has identified 88 additional malicious npm packages tied to the PhantomRaven supply-chain campaign, published between November 2025 and February 2026, with 81 still live and two active C2 servers. The operation uses Remote Dynamic Dependencies (RDD) to fetch credential-stealing payloads from attacker-controlled URLs during npm install. The payload harvests developer and CI/CD credentials and exfiltrates data via HTTP and WebSocket channels, while attackers rotate accounts, domains, and package metadata to evade takedowns.
read more →

Typosquatted NuGet Package Targets Stripe Developers

⚠️ ReversingLabs uncovered a malicious NuGet package named StripeApi.Net that impersonated the widely used Stripe.net .NET library for Stripe payments. The typosquatting listing duplicated icons, documentation and tags and used the publisher name 'StripePayments' while retaining a default avatar to appear credible. The fake package accrued an apparently inflated 180,000-plus downloads by spreading roughly 300 downloads across 506 versions. Subtle code changes captured Stripe API keys and a machine identifier and exfiltrated them to an attacker-controlled Supabase database; NuGet removed the package quickly after it was reported and investigators found only a test entry.
read more →

Malicious NuGet Packages Exfiltrate ASP.NET Identity

🔒 Security researchers at Socket uncovered four malicious NuGet packages — NCryptYo, DOMOAuth2_, IRAOAuth2.0, and SimpleWriter_ — that target ASP.NET developers to steal Identity data and manipulate authorization rules. The packages, published in August 2024 by user hamzazaheer and downloaded over 4,500 times before removal, deploy a localhost proxy and stage payloads to relay stolen data to an external C2. Separately, Tenable disclosed a malicious npm package ambar-src that used a preinstall hook to drop cross-platform malware (Windows, Linux, macOS), enabling full-system compromise and data exfiltration.
read more →