All news with #supply chain compromise tag

🔒 A new Android remote access trojan (RAT) leverages the AI hosting platform Hugging Face to store and deliver malicious APK payloads, researchers at Bitdefender report. The campaign distributes a dropper app called TrustBastion that uses fake update dialogs to trick users into downloading an updater which redirects to repositories hosting polymorphic RAT APKs. Operators made frequent commits and shifted repositories to avoid takedowns, while the malware requests Accessibility and screen-recording permissions to capture credentials and relay data to command-and-control servers.

🔐 The maintainer of Notepad++ disclosed that state-sponsored actors compromised the app’s update delivery by hijacking infrastructure at the hosting-provider level, redirecting update traffic to malicious servers. The flaw affected the WinGUp updater’s verification logic, enabling intercepted traffic to fetch poisoned executables. In response, the site has been migrated to a new host and investigations are ongoing.

⚠ MicroWorld Technologies confirmed unknown attackers compromised the update infrastructure for its eScan antivirus and pushed a malicious update that deployed a multi-stage downloader to enterprise and consumer endpoints. The rogue update replaced the legitimate reload.exe with a binary signed by a fake or invalid signature; it executes three Base64-encoded PowerShell stages, includes an AMSI bypass and prevents automatic remediation. Kaspersky and Morphisec report hundreds of attempted infections mainly in India and neighboring countries. MicroWorld isolated affected update servers for hours and released a remediation package; impacted customers should contact the vendor for the fix.

🛡️ On January 30, 2026, threat actors used a compromised developer account to publish malicious updates to four Open VSX extensions, embedding the GlassWorm loader. The extensions — previously legitimate utilities with over 22,000 combined downloads — were removed after discovery. The loader decrypts and execute payloads at runtime, employing EtherHiding and Solana memos for C2 rotation. It targets macOS credentials and cryptocurrency wallets.

🛡️ Linwei Ding, a former Google engineer, was convicted by a federal jury on multiple counts of economic espionage and theft of trade secrets after allegedly taking more than 2,000 confidential documents tied to Google's AI infrastructure and chip designs. Prosecutors say the material included details on Google's TPU and GPU architectures, Cluster Management System software, and custom SmartNICs used in AI supercomputers. Authorities allege the theft occurred between May 2022 and April 2023 and that Ding copied files to personal accounts and founded a China-based startup while still employed by Google. He faces significant federal prison terms if sentenced.

🔒 Marquis Software Solutions says a ransomware attack in August 2025 that disrupted systems serving dozens of U.S. banks and credit unions was enabled by a breach at SonicWall's cloud backup service. Rather than exploiting an unpatched firewall, attackers used configuration data taken from backup files accessed after unauthorized access to the MySonicWall portal, according to Marquis and a third-party investigation. Marquis is evaluating options including seeking recoupment of response costs for itself and affected customers. SonicWall has acknowledged the MySonicWall breach and said a Mandiant probe linked the incident to state-sponsored actors.

🔎 This week's ThreatsDay bulletin highlights quiet but meaningful shifts where familiar tools and trusted platforms are repurposed to breach access, steal data, or launder funds. Law enforcement seized the RAMP forum while threat actors pivot to alternatives, creating operational churn and new exposures. Guidance from CISA on post‑quantum cryptography and urgent patches for Linux and Dormakaba systems underscore near‑term priorities amid rising phishing, supply‑chain, and ransomware activity.

⚠️ MicroWorld Technologies, maker of eScan, confirmed a breach of a regional update server that delivered an unauthorized, later-analyzed malicious update to a subset of customers during a two-hour window on January 20, 2026. The company says it isolated and rebuilt the affected infrastructure, rotated credentials, and issued a remediation tool. Security firm Morphisec published a technical analysis linking a modified Reload.exe to multi-stage malware and a backdoor named CONSCTLX.exe, and the vendors dispute who reported the incident first.

⚠️ A malicious Visual Studio Code extension impersonating Moltbot, published as 'ClawdBot Agent - AI Coding Assistant' (clawdbot.clawdbot-agent), was distributed on the official Marketplace and has since been removed by Microsoft. The add-on auto-executes on IDE launch, fetches a remote config.json and installs a binary that deploys an ConnectWise ScreenConnect client connecting to attacker infrastructure. It includes DLL sideload and batch-script fallbacks and hard-coded payload URLs. Researchers warn exposed Moltbot instances and insecure defaults increase the risk of credential theft and remote compromise.

⚠ Aikido researchers discovered two malicious PyPI packages, spellcheckerpy and spellcheckpy, that posed as spellcheckers but contained a Base64-encoded downloader and a Python remote access trojan (RAT). The payload was hidden inside the Basque dictionary archive resources/eu.json.gz and decoded when the package’s test_file() extraction was invoked. Early releases only decoded the payload; spellcheckpy v1.2.0 (published Jan 21, 2026) introduced an obfuscated trigger that executes the payload, and the packages were downloaded just over 1,000 times before removal.

🔓 npm and yarn contain vulnerabilities, dubbed PackageGate, that Koi Security researcher Oren Yomtov says can bypass defenses introduced after the Shai-Hulud campaign by allowing lifecycle scripts to run and lockfile integrity to be evaded. pnpm, vlt and Bun have addressed the issues; npm and yarn have not applied comparable fixes. GitHub and npm maintain some behaviors are intentional—particularly that installing git dependencies with a prepare script will trigger installs—which Yomtov disputes. Developers are advised to prefer patched managers, follow the post-Shai-Hulud guidance, and keep tooling current.

🛡️ Morphisec Threat Labs has identified a critical supply-chain compromise of MicroWorld Technologies’ eScan antivirus discovered on 20 January 2026, in which malicious updates were delivered via the vendor's legitimate update infrastructure. The trojanized 32-bit executable, allegedly signed with a compromised certificate, deployed a downloader and a 64-bit backdoor, established persistence and implemented anti-remediation controls to block further updates. Morphisec reported blocking the activity on protected systems and urged immediate investigative and remediation actions for affected organizations.

⚠️ Koi Security researchers uncovered two malicious Microsoft Visual Studio Code extensions marketed as AI coding assistants that also exfiltrate developer files to China-based servers. The extensions — ChatGPT - 中文版 (whensunset.chatgpt-china, 1,340,869 installs) and ChatGPT - ChatMoss（CodeMoss） (zhukunpeng.chat-moss, 151,751 installs) — function normally while encoding every opened file and edits in Base64 and sending them to aihao123[.]cn. The campaign, dubbed MaliciousCorgi, includes remote-triggered bulk exfiltration and a hidden zero-pixel iframe that loads Chinese analytics SDKs to fingerprint users. Remove suspicious extensions, audit workspaces, and follow supply-chain hardening guidance.

⚠️ Researchers from Koi found two malicious AI-style extensions on the VSCode Marketplace — ChatGPT – 中文版 and ChatMoss — that together have 1.5 million installs and silently transmit developer files to China-based servers. The extensions implement three distinct data-collection methods: real-time file reads and Base64 exfiltration via hidden webviews, a server-controlled file-harvest command that can steal up to 50 files, and a zero-pixel iframe that loads commercial analytics SDKs for fingerprinting and behavioral tracking. At publication both extensions were still available and Microsoft had not responded to inquiries.

⚠️ CISA added four vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog after evidence of active exploitation, including a high-severity PHP remote file inclusion in Zimbra (CVE-2025-68645) and an authentication bypass in Versa Concerto (CVE-2025-34026). One entry describes a supply-chain compromise that trojanized eslint-config-prettier and six related npm packages to deliver a malicious DLL. Federal agencies are required to remediate under BOD 22-01 by February 12, 2026.

🔍 A malicious PyPI package named sympy-dev was found impersonating SymPy, copying the legitimate project's description to trick users; it has been downloaded over 1,100 times since its January 17, 2026 publication. Socket's analysis shows select symbolic-math routines were modified to retrieve a remote JSON configuration and download an ELF payload that launches an XMRig miner. The backdoor executes the ELF binary directly in memory via memfd_create and /proc/self/fd to reduce on-disk artifacts and only triggers when specific polynomial functions are invoked to remain stealthy.

🔍 Recorded Future's Insikt Group attributes a widespread North Korean campaign, dubbed PurpleBravo, with targeting of 3,136 individual IP addresses via fraudulent job interviews that prompted candidates to run malicious code. The activity, observed from August 2024 to September 2025, affected 20 organizations across AI, crypto, finance, IT services, marketing, and software development in Europe, South Asia, the Middle East, and Central America. Security firms including Jamf Threat Labs reported abuse of VS Code projects, malicious GitHub repos and fake LinkedIn personas to deliver malware such as BeaverTail and a Go-based backdoor, increasing supply-chain and corporate-device risks.

⚠️ Threat actors tied to DPRK-backed Contagious Interview are weaponizing Visual Studio Code project configurations to execute malicious payloads when developers open and trust cloned repositories. Jamf Threat Labs observed attackers embedding commands in tasks.json that spawn shell processes to fetch and run obfuscated JavaScript via Node.js, establishing a persistent backdoor that can survive closing the IDE. Users should vet unfamiliar repos, inspect task and package files, and avoid running npm install without review.

🔒 The European Commission has proposed an update to the Cybersecurity Act, published on 20 January, to address shortcomings in the original regulation. The package aims to streamline the European cybersecurity certification framework, introduce a trusted ICT supply chain security framework across 18 critical sectors, and require certification schemes to be developed within 12 months by default. It also expands ENISA's powers to lead incident support, vet suppliers, and pilot skill attestation.

🔒 The EU Commission has proposed a legal mechanism to ban network-equipment vendors it considers high-risk, a move widely seen as targeting Chinese firms such as Huawei and ZTE though the draft does not name specific companies. The plan would let Brussels require member states to replace prohibited technology in critical infrastructure within three years. It would also strengthen ENISA with additional staff and funding to coordinate EU-wide cybersecurity and ransomware defenses.