All news with #supply chain backdoor tag

Malicious VS Code Extensions and Supply‑Chain Packages

🔒 Security researchers uncovered malicious extensions on the Microsoft Visual Studio Code Marketplace that delivered stealer malware while posing as a dark theme and an AI assistant. Koi Security reported the extensions downloaded additional payloads, captured screenshots, and siphoned emails, Slack messages, Wi‑Fi passwords, clipboard contents and browser sessions to attacker servers. Microsoft removed the packages in early December 2025 after investigators linked them to a publisher using multiple similarly named packages.

Year-End Infosec Reflections and GenAI Impacts Review

🧭 William Largent’s year-end Threat Source newsletter combines career reflection with a practical security briefing, urging professionals to learn from mistakes while noting rapid changes in the threat landscape. He highlights a Cisco Talos analysis of how generative AI is already empowering attackers—especially in phishing, coding, evasion, and vulnerability discovery—while offering powerful advantages to defenders in detection and incident response. The newsletter recommends immediate, measured experimentation with GenAI tools, training teams to use them responsibly, and blending automation with human expertise to stay ahead of evolving risks.

From Feeds to Flows: Operationalizing Threat Intelligence

🔗 The article argues that traditional threat feeds no longer suffice in modern, interconnected environments and proposes a Unified Linkage Model (ULM) to transform static indicators into dynamic threat flows. ULM defines three core linkage types — adjacency, inheritance and trustworthiness — to map how risk propagates across systems. It outlines practical steps to ingest and normalize feeds, establish and score linkages, integrate with MITRE ATT&CK and risk frameworks, and visualize attack pathways for prioritized response and compliance.

ThreatsDay: Wi‑Fi Hack, npm Worm, DeFi Theft and More

🔒This week's ThreatsDay roundup highlights a string of high-impact incidents, from a $9 million DeFi drain and an npm-based self-replicating worm to airport Wi‑Fi evil‑twin attacks and mass camera compromises. Researchers and vendors including Fortinet, Microsoft, and TruffleHog disclosed evolving malware techniques, supply-chain abuse, and widespread credential exposure. Practical protections include minimizing long-lived secrets, enforcing CI/CD safeguards, updating detection for eBPF-based threats, and applying MFA and phishing-resistant controls.

Picklescan Flaws Enable Malicious PyTorch Model Execution

⚠️ Picklescan, a Python pickle scanner, has three critical flaws that can be abused to execute arbitrary code when loading untrusted PyTorch models. Discovered by JFrog researchers, the issues — a file-extension bypass (CVE-2025-10155), a ZIP CRC bypass (CVE-2025-10156) and an unsafe-globals bypass (CVE-2025-10157) — let attackers present malicious models as safe. The vulnerabilities were responsibly disclosed on June 29, 2025 and fixed in Picklescan 0.0.31 on September 9; users should upgrade and review model-loading practices and downstream automation that accepts third-party models.

Malicious Rust Crate Delivers Cross-Platform Backdoor

⚠️ Researchers identified a malicious Rust crate, evm-units, on crates.io that targeted developer machines running Windows, macOS, and Linux by posing as an Ethereum Virtual Machine helper. Uploaded in mid‑April 2025 and downloaded thousands of times, the package fetched OS-specific payloads from download.videotalks[.]xyz, wrote them to temporary directories, and executed them silently. A related package, uniswap-utils, included evm-units as a dependency, widening exposure; both packages have been removed and indicators released to help defenders.

Critical PickleScan Zero-Days Threaten AI Model Supply

🔒 Three critical zero-day vulnerabilities in PickleScan, a widely used scanner for Python pickle files and PyTorch models, could enable attackers to bypass model-scanning safeguards and distribute malicious machine learning models undetected. The JFrog Security Research Team published an advisory on 2 December after confirming all three flaws carry a CVSS score of 9.3. JFrog has advised upgrading to PickleScan 0.0.31, adopting layered defenses, and shifting to safer formats such as safetensors.

Malicious Chrome and Edge Extensions Threaten Enterprises

🔍 Koi Security revealed a long-running surveillance campaign by an actor it calls 'ShadyPanda' that abused legitimate-seeming Chrome and Edge extensions to harvest browsing data, hijack search results, and deploy a backdoor enabling remote code execution. The group built trust by publishing useful extensions (including Clean Master) and then silently pushed malicious updates that bypassed marketplace re-approval. With an estimated 4.3 million infected browser instances, enterprises should treat browser extensions as high-risk assets and urgently audit and remediate add-ons on corporate and employee devices.

GlassWorm Returns: 24 Malicious Extensions Target Developers

🔍 The GlassWorm supply-chain campaign has resurfaced with 24 malicious extensions distributed across the Microsoft Visual Studio Marketplace and Open VSX, impersonating popular developer tools such as Flutter, React and Tailwind. Researchers say attackers inflated download counts and slipped malicious updates after initial approval to evade filters. Analysis found Rust-based implants that load platform-specific libraries (os.node and darwin.node) to fetch Solana-based C2 details and download encrypted JavaScript payloads, while a Google Calendar fallback is also used. Developers and repository maintainers are urged to audit installed extensions and review update histories.

Malicious npm Package Tries to Manipulate AI Scanners

⚠️ Security researchers disclosed that an npm package, eslint-plugin-unicorn-ts-2, embeds a deceptive prompt aimed at biasing AI-driven security scanners and also contains a post-install hook that exfiltrates environment variables. Uploaded in February 2024 by user "hamburgerisland", the trojanized library has been downloaded 18,988 times and remains available; the exfiltration was introduced in v1.1.3 and persists in v1.2.1. Analysts warn this blends familiar supply-chain abuse with deliberate attempts to evade LLM-based analysis.

Glassworm Malware Surges in Third Wave of VS Code Extensions

🐛 The Glassworm campaign has resurfaced in a third wave, with 24 new malicious VS Code-compatible extensions appearing on both the Microsoft Visual Studio Marketplace and OpenVSX. Once installed, these extensions push updates that deploy Rust-based implants, use invisible Unicode to evade review, exfiltrate GitHub, npm, and OpenVSX credentials and cryptocurrency wallet data, and deploy a SOCKS proxy and an HVNC client for stealthy remote access. Researchers say attackers inflate download counts to blend with legitimate projects and manipulate search results; both vendors have been contacted about continued bypasses.

SmartTube Android TV App Breached, Malicious Update Pushed

⚠️ The popular open-source SmartTube YouTube client for Android TV was compromised after the developer's signing keys were stolen, allowing a malicious update to be distributed to users. A hidden native library, libalphasdk.so, was discovered in release builds and appears absent from the public source. The library runs silently, fingerprints devices, registers them with a remote backend, and exchanges encrypted configuration, while the developer has revoked the old signature and plans a rebuilt app under a new ID, though definitive safe versions and a full public post-mortem are not yet available.

Legacy Python bootstrap scripts enable PyPI takeover risk

🔍 ReversingLabs discovered legacy bootstrap code in Python packages that fetches and executes an installer from the unclaimed domain python-distribute.org. The zc.buildout bootstrap.py pulls distribute_setup.py, and because the domain is for sale an attacker could acquire it and serve malicious payloads. Packages including tornado and slapos.core still contain the script; it targets Python 2 and is not executed automatically during installation, but its presence increases the supply-chain attack surface if developers run it.

OpenAI Data Exposed After Mixpanel Phishing Incident

🔒 OpenAI confirmed a customer data exposure after its analytics partner Mixpanel suffered a smishing attack on November 8, which allowed attackers to access profile metadata tied to platform.openai.com accounts. Stolen fields included names, email addresses, approximate location, OS/browser details, referrers, and organization or user IDs. OpenAI says ChatGPT and core systems were not breached and that no API keys, passwords, payment data, or model payloads were exposed. The company has terminated its use of Mixpanel and is notifying impacted customers directly.

Huawei and Chinese Surveillance: Industry Complicity

🔍 The excerpt, from House of Huawei, recounts Wan Runnan’s experience as a celebrated 1980s entrepreneur who later fled China after supporting the 1989 pro‑democracy protests. At a late‑1980s dinner, local officials told him the Ministry of State Security planned to embed agents in tech firms under the pretext of protection, particularly in roles handling international relations. Wan reports that similar approaches were made to other companies and says Huawei, then a small Shenzhen startup, almost certainly would not have been exempt. He warns that telecommunications back‑end platforms are uniquely able to enable state eavesdropping, a rare public glimpse into intelligence ties with industry.

RomCom via SocGholish Fake Update Targets US Civil Firm

🔒 Arctic Wolf Labs reports that a RomCom payload was delivered via a JavaScript loader known as SocGholish to a U.S.-based civil engineering company, marking the first observed use of this distribution method. The chain relied on fake browser update prompts to run a loader that established a reverse shell, dropped a custom Python backdoor called VIPERTUNNEL, and installed a RomCom DLL loader that launched the Mythic Agent. Attribution to GRU Unit 29155 is assessed at medium-to-high confidence, and the intrusion was blocked before it could progress further.

Shai-Hulud 2.0: Inside a Major npm Supply-Chain Attack

🧨 Check Point Research details the Shai-Hulud 2.0 campaign, a rapid and extensive npm supply-chain attack observed in November 2025. Between 21–23 November attackers compromised hundreds of npm packages and over 25,000 GitHub repositories by abusing the npm preinstall lifecycle script to execute payloads before installation completed. The report outlines techniques, scale, and practical mitigations to help organizations protect development pipelines.

Shai-Hulud Worm Resurfaces, Infects Hundreds of npm Packages

🐛 Security teams have warned of a rapidly spreading secret-stealing worm, Shai-Hulud, that has resurfaced in the npm ecosystem and already infected hundreds of packages with tens of millions of downloads. First seen in September, attackers hijack developer accounts to publish trojanized packages that exfiltrate AWS keys and GitHub tokens to attacker-controlled repositories. Vendors including Wiz Security and Mondoo report explosive scaling—hundreds of new repos discovered every 30 minutes—and urge urgent dependency audits. Recommended mitigations include rotating credentials, disabling npm postinstall scripts in CI, enforcing MFA, pinning versions, and using tools like Safe-Chain to block malicious packages.

Shai-Hulud 2.0 Worm Spreads Through npm and GitHub

⚠️ Researchers at Wiz, JFrog and others are tracking a renewed campaign of the Shai‑Hulud credentials‑stealing worm spreading through the npm registry and GitHub. The new Shai‑Hulud 2.0 executes during the preinstall phase, exfiltrates developer and CI/CD secrets to randomized repositories, and injects malicious payloads into other packages. Widely used modules, including @asyncapi/specs, Zapier, Postman and others, have been compromised, prompting immediate remediation steps for affected developers and organizations.

Shai-Hulud Malware Hits Hundreds of npm Packages, Leaks Secrets

⚠️ Hundreds of trojanized versions of popular npm packages — including toolkits linked to Zapier, ENS Domains, PostHog and others — have been published in a renewed Shai‑Hulud supply‑chain campaign designed to steal developer and CI/CD secrets. The malware runs during pre‑install, collects credentials into files like cloud.json and environment.json, and posts encoded data to quickly created GitHub repositories. Researchers at Aikido Security, Wiz and Step Security identified obfuscated payloads in setup_bun.js and a large, heavily obfuscated bun_environment.js dropper.