All news with #supply chain compromise tag

⚠ The widely used Trivy vulnerability scanner and its official GitHub Actions were backdoored after attackers injected a credential‑stealing payload into official releases, the trivy-action and setup-trivy components, and published binaries. The malware harvests pipeline secrets by reading process memory and searching filesystems for SSH keys, cloud credentials, Kubernetes tokens, Docker configs, and wallets, exfiltrating encrypted data to a typosquatted domain or, failing that, by creating a public repository named tpcp-docs. Researchers say the intrusion followed an earlier compromise and incomplete credential rotation that let attackers regain access via insecure GitHub Actions; victims should rotate secrets immediately and pin Actions to full commit SHAs. Known safe versions include Trivy v0.69.3, trivy-action tag 0.35.0, and setup-trivy 0.2.6.

🔒 The Trivy open-source scanner and its GitHub Actions integrations (aquasecurity/trivy-action and aquasecurity/setup-trivy) were compromised in March 2026 when an attacker force-pushed 75 version tags to point to malicious commits. The injected Python infostealer harvests CI/CD secrets from runners, attempts exfiltration to an attacker-controlled domain, and can stage stolen data using captured PATs if network exfiltration fails. Vendors advise immediate secret rotation, blocking the malicious domain/IP, and pinning Actions to full commit SHAs.

🔍 Enterprises now sit directly in adversaries' collection paths: they may not be primary targets but their shared telecom, cloud, MSP, and identity dependencies are being exploited upstream. Commercial spyware like Predator and state‑aligned groups documented in Singapore's February 2026 telco breaches show how device and backbone compromises create persistent, upstream access. CISOs must assume provider compromise, demand attestation, harden session and identity layers, and shift detection to low‑noise, long‑duration intelligence operations.

🔍 CrowdStrike linked a spike in script-execution detections to a compromised GitHub Action, aquasecurity/trivy-action, used widely in CI/CD pipelines. An attacker force‑repointed 76 of 77 release tags to commits that prepended a ~105‑line credential stealer to the legitimate entrypoint, enabling secret harvesting on both GitHub-hosted and self‑hosted runners. Harvested data was encrypted with AES-256-CBC and a hardcoded 4096‑bit RSA key, then exfiltrated via a typosquatted domain and, as a fallback, by creating public GitHub releases under victim accounts; the malicious code then invoked the original scanner to hide its activity.

🔒 Speagle is a newly identified malware that subverts the client and infrastructure of the legitimate document protection product Cobra DocGuard to harvest and exfiltrate sensitive information while masquerading as normal client-server traffic. Researchers at Symantec and Carbon Black (Broadcom) say the 32-bit .NET binary verifies the DocGuard installation, collects system and browser artefacts, and uses a compromised Cobra server for command-and-control and data theft. Tracked as Runningcrab, the activity appears narrowly targeted to environments running the security software and may stem from a supply-chain compromise; attribution remains unknown.

🛡️ Bitrefill says a cyberattack in early March was likely carried out by North Korea’s Lazarus/BlueNoroff cluster, citing reused IPs, emails, malware, and on-chain tracing as linking indicators. The company traced the intrusion to a compromised employee laptop and stolen legacy credentials that exposed a snapshot containing production secrets and some cryptocurrency wallets. Bitrefill reports about 18,500 exposed purchase records (including 1,000 with names), believes losses were limited and will be covered from capital, and is strengthening security controls and monitoring.

🚨 In mid-November security researcher Paul McCarty flagged a vast spam campaign in the npm registry that injected tens of thousands of useless modules named after Indonesian dishes. The packages — about 86,000 at discovery — often appeared legitimate, used chains of dependencies, and some contained self-replication to publish more modules and even tied into the TEA blockchain to harvest tokens. The campaign created dependency bloat, reputational risk, and the potential for future supply-chain abuse; Kaspersky recommends developer awareness training and container/dependency scanning with tools such as KASAP and specialized runtime protection.

🎮 Acronis TRU found hundreds of GitHub repositories posing as "free" game cheats that deliver the Vidar 2.0 infostealer, warning the true number of malicious repos could be in the thousands. Campaigns begin in game-focused Discord and Reddit communities and use PS2EXE-compiled PowerShell loaders to evade basic detections. Loaders add Windows Defender exclusions, fetch secondary payload URLs from Pastebin linking to GitHub-hosted binaries, and deploy a Themida-packed Vidar executable that establishes persistence via scheduled tasks. The payload then harvests credentials, tokens and files and exfiltrates them through C2 infrastructure masked by Telegram bots and Steam dead-drop resolvers.

🛡️ Rapid7 and Microsoft researchers have documented a ClickFix operation that compromised over 250 WordPress sites to distribute fileless infostealers using counterfeit Cloudflare CAPTCHA prompts. The injected JavaScript hides from administrators and coerces visitors into pasting obfuscated commands that launch an in-memory DoubleDonut loader, which injects payloads into legitimate Windows processes. Observed payloads include a new Vidar variant and two previously undocumented stealers—Impure Stealer (.NET) and VodkaStealer (C++)—both using advanced encoding, encryption and sandbox-detection checks. Site owners are urged to restrict public admin access, tighten credentials and apply the published IOCs and YARA rules.

🪲 The GlassWorm supply‑chain campaign has resurfaced, compromising 433 packages, repositories, and extensions across GitHub, npm, and VSCode/OpenVSX. Researchers from Aikido, Socket, Step Security and the OpenSourceMalware community link the activity to a single actor using the same Solana address, identical payloads, and shared infrastructure. Malicious commits employ invisible Unicode to hide obfuscated JavaScript that polls the Solana blockchain for memos and downloads a Node.js runtime to execute an information stealer; developers should search for the marker lzcdrtfxyqiplpd and inspect for persistence artefacts.

🧬 Security researchers say a GlassWorm offshoot, tracked as ForceMemo, uses stolen GitHub tokens to inject obfuscated malware into hundreds of Python repositories by appending code to entry files like setup.py, main.py, and app.py. Attackers steal tokens via malicious VS Code and Cursor extensions, then rebase and force-push rewritten commits to preserve author metadata and hide traces. The appended payload uses a Solana transaction memo to fetch additional payloads and includes locale checks that skip execution on Russian-language systems. Downstream users who pip install or run compromised projects risk executing encrypted JavaScript that can steal cryptocurrency and sensitive data.

🔒 This weekly recap spotlights multiple high‑urgency incidents, including two actively exploited Chrome zero‑days—an out‑of‑bounds write in Skia (CVE‑2026‑3909) and an implementation flaw in V8 (CVE‑2026‑3910)—patched in Chrome 146.0.7680.75/76. It also documents large router botnets such as SocksEscort and KadNap that flash custom firmware to maintain persistence and operate as proxy services. Supply‑chain abuse reappears with UNC6426, which used stolen nx npm keys and abused GitHub→AWS OIDC trust to gain admin access and exfiltrate S3 data within 72 hours. Prioritize patching actively exploited flaws, audit OIDC/S3 trusts and router persistence, and monitor for emerging supply‑chain and AI‑agent risks.

🐛 Researchers at Socket say attackers are abusing dependency relationships in the Open VSX registry to deliver a loader linked to GlassWorm. Since Jan 31, 2026, Socket identified at least 72 malicious listings that pose as developer utilities and later add dependencies to fetch payload extensions. By using VS Code features like extensionPack and extensionDependencies, threat actors turn trusted-looking extensions into transitive delivery vehicles during updates. Mitigations include auditing extension dependencies, monitoring updates, and restricting installs to trusted publishers.

🛡️ The AppsFlyer Web SDK was temporarily hijacked to deliver obfuscated JavaScript that intercepts cryptocurrency wallet inputs and replaces them with attacker-controlled addresses, diverting funds. Profero researchers identified the malicious payload being served from websdk.appsflyer.com between March 9 and March 11. AppsFlyer says the mobile SDK was not affected, the incident has been contained, and an investigation with external forensics is ongoing.

🔒 Cybersecurity researchers have identified a significant escalation in the GlassWorm campaign, which has abused at least 72 extensions in the Open VSX registry to target developers, Socket reports. The actor leverages extensionPack and extensionDependencies to turn benign-looking extensions into transitive delivery vehicles that install malicious packages after trust is established. The malicious listings impersonated common developer tools and used heavier obfuscation, invisible Unicode characters, Solana transactions as dead drops, and rotating wallets to evade detection. Open VSX has removed the flagged extensions while vendors and researchers continue their analysis.

🛡️ Endor Labs has identified 88 additional malicious npm packages tied to the PhantomRaven supply-chain campaign, published between November 2025 and February 2026, with 81 still live and two active C2 servers. The operation uses Remote Dynamic Dependencies (RDD) to fetch credential-stealing payloads from attacker-controlled URLs during npm install. The payload harvests developer and CI/CD credentials and exfiltrates data via HTTP and WebSocket channels, while attackers rotate accounts, domains, and package metadata to evade takedowns.

🔍 GitLab research outlines a North Korean campaign that impersonated recruiters in the 'Contagious Interview' scheme and resulted in the banning of 131 attributed accounts. Many GitLab projects served as obfuscated loaders for malware such as BeaverTail and Ottercookie, with payloads hosted outside repositories. Operators used consumer VPNs, VPSs and laptop farms and shifted to invite-only projects, NPM dependency abuse, sandbox detection and AI-generated personas to scale fake IT worker and freelance scams.

🔒 Microsoft Defender Experts describe the Contagious Interview campaign, a long-running social engineering operation that delivers malware through staged developer recruitment processes. Threat actors pose as recruiters and persuade victims to clone and execute NPM packages or to trust repository tasks in Visual Studio Code that then fetch backdoors such as Invisible Ferret and FlexibleFerret. The operation targets developer endpoints, source-control credentials, and CI/CD access by weaponizing trusted hiring workflows. Microsoft recommends isolating coding tests, pre-reviewing recruiter repositories, restricting runtimes, protecting secrets, and hunting for editor-to-shell execution chains.

🔒 Endor Labs identified a new PhantomRaven npm campaign wave that published 88 malicious packages across 50 disposable accounts, many using slopsquatting to mimic popular projects and names suggested by LLMs. The packages use Remote Dynamic Dependencies in package.json so malware is fetched from attacker-hosted URLs at install time, exfiltrating .gitconfig, .npmrc, environment variables and CI/CD tokens to C2 servers. Researchers note consistent EC2-hosted 'artifact' domains without TLS, an almost unchanged payload across waves, and 81 packages still available; developers should verify publishers and avoid unvetted AI suggestions.

🔐 Google reports that UNC6426 leveraged keys stolen in the August 2025 compromise of the nx npm package to fully breach a customer's cloud environment in under 72 hours. A trojanized postinstall executed a credential stealer named QUIETVAULT, which harvested a developer's GitHub token and other secrets. The actor abused GitHub-to-AWS OIDC trust to create an Administrator role, exfiltrated S3 data, and performed destructive actions including making internal repos public.