All news with #supply chain compromise tag

🛡️ Researchers discovered a malicious npm package named codexui-android that impersonated an OpenAI Codex UI and exfiltrated developer authentication tokens. The package was published to npm with malicious code absent from the project's public GitHub repository, highlighting risks in artifact distribution. Security experts warn this pattern exploits trust in legitimate-looking developer tooling and reveals blind spots in software supply chain controls.

🔔 This week's briefing highlights active exploitation of a PAN-OS GlobalProtect authentication bypass (CVE-2026-0257), a critical unauthenticated RCE in Gogs, and the coordinated takedown of GlassWorm C2 infrastructure. Other notable items include a long-standing Linux LPE (CIFSwitch) patched upstream, CERT-In urging rapid patching timelines, and several AI-enabled and supply-chain aided campaigns increasing attacker speed and reach.

🔍 Security researchers found a malicious NuGet package named Sicoob.Sdk that impersonated a C# SDK for Brazil's Sicoob banking APIs and exfiltrated client IDs and PFX certificates. Versions 2.0.0–2.0.4 encoded PFX files and sent them, along with PFX passwords and client IDs, to a hardcoded third‑party Sentry endpoint while also capturing raw Boleto API responses. The package has been blocked by NuGet after responsible disclosure, and organizations are urged to rotate affected credentials and audit logs.

📰 This ThreatsDay roundup highlights widespread C2 infrastructure, supply-chain trojanization, exploitation trends, and emerging AI security features. It covers a large regional C2 footprint in the Middle East, an AKS privilege escalation fix, a DAEMON Tools supply-chain compromise added to CISA's KEV, and Apple’s PQC code disclosures. The bulletin also details law firm targeting by SRG, fake installers spreading a Deno RAT, PureLogs phishing, and a spike in DACH cyberattacks.

🔒 CISA is addressing multiple software supply chain intrusions that target developer ecosystems, specifically CI/CD pipelines, code extensions, and workflows. A malicious Nx Console VS Code extension (version 18.95.0) exploited a prior compromise of Nx developer systems to access a GitHub employee’s device, leading to unauthorized access and exfiltration of internal repositories and assignment of CVE-2026-48027. The “Megalodon” campaign injected malicious GitHub Action workflows to harvest CI/CD secrets, cloud credentials, and tokens. CISA urges organizations to detect and remediate potential compromises and implement recommended best practices for package repositories and CI/CD security.

🔍 Wiz has attributed a cluster named Jinx-0164 to a campaign targeting cryptocurrency firms with custom macOS malware, recruiter-themed lures and supply-chain tampering. The actor relies on LinkedIn-based social engineering and lookalike meeting domains to deliver a Python stealer/remote access tool called Audiofix, which poses as an audio driver and harvests keys, credentials and wallet data. They also abuse stolen GitHub tokens to inject backdoors into CI/CD repositories, causing builds to propagate the malware across development environments.

📄 ESET summarizes notable APT activity observed between October 2025 and March 2026, highlighting China-, Iran-, North Korea-, and Russia-aligned operations alongside unattributed clusters. The report illustrates geopolitical drivers behind campaigns, describes new tooling and supply-chain compromises such as a trojanized axios package, and notes destructive incidents impacting critical infrastructure. ESET confirms protections by its products and notes the report reflects a subset of its Threat Intelligence.

🛡️ Researchers uncovered a malicious npm package named mouse5212-super-formatter that exfiltrates files from the /mnt/user-data directory used by Anthropic's Claude AI. OX Security describes the campaign, codenamed Malware-Slop, as a postinstall script that authenticates to GitHub using environment or hard-coded tokens, creates or targets a repository, and uploads local files to an attacker-controlled account. The package has been downloaded hundreds of times, and the linked GitHub account—created shortly before the package appeared—has since disappeared. Analysts noted the actor leaked a private token, suggesting poor OPSEC and possibly AI-assisted malware creation.

🛡️ CrowdStrike, together with Google and the Shadowserver Foundation, announced the simultaneous disruption of all command-and-control channels used by GlassWorm, a persistent campaign that has targeted software developers since early 2025. The operators trojanized VS Code extensions and poisoned npm and Python packages to deliver a data-theft framework capable of credential harvesting and system profiling. Multiple resilient C2 resolution layers were used — Solana memo fields, BitTorrent DHT, Google Calendar events, and commercial VPS hosts — all of which were neutralized in the coordinated action. CrowdStrike attributes the activity to likely Russia-based cybercriminals and warns about the severe risk posed by supply chain compromises to developer ecosystems.

🔒 Researchers at SafeDep uncovered the Megalodon campaign that pushed 5,718 malicious commits into 5,561 public GitHub repositories during a six-hour window on May 18. The attackers modified GitHub Actions workflows to embed base64-encoded bash payloads designed to exfiltrate CI-exposed secrets such as cloud credentials, SSH keys, and OIDC tokens. The campaign used compromised Personal Access Tokens or deploy keys and forged author identities like build-bot to directly commit changes without PRs, and delivered two payload variants that either ran on every push or via workflow_dispatch triggers.

🛡️ Researchers uncovered the TrapDoor campaign, a cross-registry malicious package operation affecting npm, PyPI, and Crates.io that targets developer workflows and AI coding assistant files. The packages exfiltrated secrets such as AWS credentials, GitHub tokens, SSH keys, browser data, and local dev configs by abusing normal execution points like postinstall scripts, import-time execution, and Rust build scripts. Analysts warn this workflow-focused approach enables persistence and lateral movement into CI/CD and cloud infrastructure, recommending stronger install-time scanning, least-privilege credentials, endpoint hardening, and AI tooling governance.

⚡ This week's recap covers supply-chain compromises, resurfacing legacy bugs, and security tools themselves being targeted. Key incidents include a poisoned Nx Console VS Code extension leading to a GitHub breach, new active exploitation of Microsoft Defender flaws, and a nine-year-old Linux kernel privilege bug. Teams face increasing targeted phishing and widespread botnet scanning, while organizations scramble to patch critical CVEs and secure exposed services.

🔒 GitHub said hackers accessed approximately 3,800 internal repositories after a developer installed a malicious version of the Nx Console Visual Studio Code extension that was poisoned during last week's TanStack npm supply-chain attack. The intrusion, linked to the actor known as TeamPCP, used stolen CI/CD credentials to move into multiple projects including UiPath, Guardrails AI and OpenSearch. GitHub secured the compromised device, rotated high-impact secrets and continues log analysis and monitoring to detect follow-on activity.

🔒 GitHub confirmed an intrusion into internal repositories after an employee device was compromised by a poisoned version of the Nx Console VS Code extension published as nrwl.angular-console. The attacker, tracked as TeamPCP, exfiltrated approximately 3,800 repositories; GitHub says it rotated critical secrets and is monitoring for follow-on activity. The trojanized release was available for only 18 minutes but delivered a credential stealer targeting 1Password, Anthropic Claude Code, npm, GitHub and AWS.

🔒 Microsoft disclosed an active supply-chain attack that compromised an @antv npm maintainer account and published malicious versions of charting libraries, including echarts-for-react. The obfuscated ~499 KB JavaScript payload executes during npm install and targets GitHub Actions runners to harvest secrets from GitHub, AWS, HashiCorp Vault, npm, Kubernetes and 1Password by scraping process memory and enumerating secret stores. The campaign leverages privilege escalation, dual-channel exfiltration, and SLSA provenance forgery to evade detection; GitHub removed malicious packages and invalidated exposed tokens.

🎮 In this Deputy CISO post, Aaron Zollman, Vice President and Deputy CISO for Gaming at Microsoft, outlines the distinct security demands of a global, diverse gaming ecosystem. He describes gaming as a “culture of cultures,” spanning platforms, independent studios, and shared studio central teams, each carrying unique risks from account takeover and IP theft to supply chain and regulatory challenges. Zollman stresses partnership over prescription—balancing enterprise-grade controls with low-latency player experiences and studio autonomy. The piece calls for layered defenses, identity governance, anomaly detection, and tailored baselines to protect billions of interactions while enabling creativity.

⚠ GitHub confirmed attackers exfiltrated code from roughly 3,800 internal repositories after a compromised employee device and a poisoned VS Code extension were used to gain access. The company detected and contained the compromise on May 19, removed the malicious extension, isolated the endpoint, and began incident response. A threat actor calling itself TeamPCP posted lists of stolen repos and claimed responsibility, threatening to leak the data if not sold. GitHub is rotating secrets, analyzing logs, and said it will publish a full incident report when investigations conclude.

🚨 The Mini Shai-Hulud worm resurfaced in a coordinated supply-chain wave that published 639 malicious versions across 323 npm packages tied to the AntV visualization ecosystem on 19 May, lasting roughly an hour. Analysis by Socket and updates from Microsoft show the payload added preinstall hooks executing an obfuscated Bun bundle to harvest cloud and CI secrets. Many affected packages are high-download dependencies and the compromised maintainer account held rights to over 500 packages. Responders should pin pre-19 May versions, rotate exposed credentials and audit GitHub for forged repository activity.

🔍 On April 22 a trojanized Bitwarden CLI briefly appeared on npm, harvesting developer tokens via a compromised GitHub Action tied to the Checkmarx supply‑chain incident. Bitwarden later issued CVE‑2026‑42994, but the author notes the CVE was retroactive and did not imply a patchable defect. The piece argues CVE’s artifact‑centric model struggles with agentic and model‑mediated threats that mutate behaviorally and often evade dashboards.

🔒 GitHub confirmed that roughly 3,800 internal repositories were breached after an employee installed a trojanized VS Code extension; the company removed the malicious version from the Marketplace and isolated the compromised device. It says its current assessment indicates exfiltration was limited to GitHub-internal repositories and that it has found no evidence so far of customer data outside the affected repos being impacted. The incident is under active investigation while GitHub continues incident response.