< ciso
brief />
Tag Banner

All news with #supply chain compromise tag

576 articles · page 3 of 29

GitHub to disable automatic npm install scripts by default

🔒 GitHub will change npm v12 defaults in July to block automatic execution of dependency install scripts unless a project explicitly allows them. The change prevents preinstall, install and postinstall scripts — including implicit node-gyp rebuilds — from running by default, narrowing a common supply chain attack vector. Experts generally praised the move as overdue but warned it only reduces, not eliminates, supply chain risk and will push attackers to other methods.
read more →

Miasma worm source code briefly leaked on GitHub

🛡️ The Miasma credential-stealing worm, an evolution of the Shai-Hulud toolkit, was briefly published on GitHub after threat actors uploaded it to multiple compromised accounts. The framework steals developer build and cloud credentials, compromises package registries and repositories, and propagates autonomously without C2 by abusing GitHub. Researchers note destructive 'dead-man switch' behavior and a build pipeline that randomizes payloads to evade detection, increasing supply-chain risk.
read more →

GitHub tightens npm defaults to reduce supply-chain risk

🔒 GitHub will change npm behavior in the upcoming v12 release to block several automatic actions during npm install that have enabled supply-chain attacks. Preinstall, install, and postinstall scripts from dependencies, native builds via node-gyp, and prepare scripts from Git, local file, and linked dependencies will require explicit approval before running. Git and remote URL dependencies will also be disabled by default unless permitted, and developers are advised to test with npm 11.16.0 to surface breaking warnings before upgrading.
read more →

NFCShare Android malware spreads via fake app updates

🛡️ New variants of the NFCShare Android malware are being distributed as fake updates for legitimate banking apps hosted on GitHub, targeting customers across Europe. The campaign tricks victims into performing an NFC ‘verification’ that captures card data and a 4-digit PIN via Android’s IsoDep interface, then exfiltrates it to a C2 server over WebSocket. D3Lab, which first documented NFCShare in January 2026, notes the malware uses malformed APK packaging to hinder automated analysis and that repositories have hosted dozens of spoofed banking APKs for Italian and Spanish banks.
read more →

Weekly cyber recap: supply chain worm and hacks

⚠️ Last week saw a range of high-impact incidents, from the Miasma worm compromising 73 Microsoft GitHub repositories to targeted mailbox espionage and an Instagram account compromise via an AI support tool. Vendors patched active Android flaws, researchers flagged malicious npm packages and a compromised Hola Browser installer, and U.S. agencies disrupted transnational investment fraud. Multiple threat clusters, including China-linked espionage groups and financially motivated actors, broadened their geographic scope and tactics, while many critical CVEs remain urgent for defenders to patch.
read more →

VS Code introduces two‑hour extension update delay

🔒 Microsoft will delay automatic extension updates in Visual Studio Code by two hours to reduce exposure to potentially compromised releases. The feature, available in VS Code 1.123, allows immediate manual updates via the "Update" button and shows reasons and scheduled times for pending updates. Trusted publishers such as Microsoft, GitHub, and OpenAI are exempt and continue to update immediately. The change follows similar cooldown controls added across package managers to curb software supply chain threats.
read more →

Miasma worm compromises 73 Microsoft GitHub repos

🛡️ Microsoft's GitHub organizations — including Azure, Azure-Samples, Microsoft, and MicrosoftDocs — were hit by the self-replicating Miasma supply chain campaign that affected 73 repositories, prompting GitHub to disable access. The incident notably re-compromised the durabletask package previously infected by TeamPCP, suggesting lingering credential exposure. Miasma, a variant of the Mini Shai-Hulud worm, has mutated rapidly and pushed malicious payloads both to registries and directly to GitHub source repos, leveraging AI coding tools and developer workflows to execute payloads. Security firms warn the campaign exploits trust in maintainers and signing rather than platform vulnerabilities, allowing widespread propagation across the open-source ecosystem.
read more →

Suspicious polyfill login prompts hit major Japanese sites

🔐 Toshiba and Muji warned visitors about unexpected sign-in pop-ups generated by the external service polyfill.io, advising users to cancel and change passwords if they entered credentials. The prompts were caused by remnants of a 2024 incident when the polyfill domain served malicious scripts after changing hands; the domain began responding again in late May 2026 with HTTP 401 requests. Both companies suspended the service and removed the offending code, and other Japanese sites were also affected.
read more →

Claude Code MCP configuration enables token theft

🔒 Researchers disclosed an attack chain against Anthropic’s command-line coding assistant, Claude Code, that abuses the Model Context Protocol (MCP). A malicious npm post-install hook can rewrite the local ~/.claude.json configuration to redirect authenticated MCP traffic to attacker infrastructure, allowing interception of stored OAuth bearer tokens. Anthropic has been notified but has not issued a patch; defenders are advised to monitor the configuration file, treat npm post-install hooks as high risk, and rotate OAuth tokens tied to Claude Code integrations.
read more →

Microsoft warns on AI-enabled malware risks

🔒 Microsoft’s Detection and Response Team (DART) warns that AI adoption has introduced new attack surfaces, with threat actors weaponizing AI tools in social engineering and supply chains. A highlighted campaign, ‘JustAskJacky’, disguised a malicious AI assistant that installed a Java backdoor and persistence tasks. Experts urge organisations to assess nonstandard AI apps, enforce security reviews, and make AI risk a board-level priority.
read more →

Large npm supply‑chain compromise targets Red Hat scope

🛡️ Microsoft Threat Intelligence disclosed a widespread npm supply‑chain attack that trojanized 32 packages across the @redhat-cloud-services scope via a compromised CI/CD pipeline. The malicious packages used an npm preinstall hook to run an obfuscated 4.29 MB dropper that downloads the Bun runtime and executes credential‑stealing and propagation payloads across Linux, macOS, and Windows. The campaign, labelled “Miasma: The Spreading Blight,” harvested secrets from GitHub Actions runners, cloud provider CLIs, SSH keys, browsers, and vaults, and attempted to republish poisoned packages and inject code into victim repositories.
read more →

Malicious npm Package Targets OpenAI Codex Users

🛡️ Researchers discovered a malicious npm package named codexui-android that impersonated an OpenAI Codex UI and exfiltrated developer authentication tokens. The package was published to npm with malicious code absent from the project's public GitHub repository, highlighting risks in artifact distribution. Security experts warn this pattern exploits trust in legitimate-looking developer tooling and reveals blind spots in software supply chain controls.
read more →

Weekly recap: PAN-OS, Gogs, GlassWorm takedown

🔔 This week's briefing highlights active exploitation of a PAN-OS GlobalProtect authentication bypass (CVE-2026-0257), a critical unauthenticated RCE in Gogs, and the coordinated takedown of GlassWorm C2 infrastructure. Other notable items include a long-standing Linux LPE (CIFSwitch) patched upstream, CERT-In urging rapid patching timelines, and several AI-enabled and supply-chain aided campaigns increasing attacker speed and reach.
read more →

Malicious NuGet package steals Sicoob banking credentials

🔍 Security researchers found a malicious NuGet package named Sicoob.Sdk that impersonated a C# SDK for Brazil's Sicoob banking APIs and exfiltrated client IDs and PFX certificates. Versions 2.0.0–2.0.4 encoded PFX files and sent them, along with PFX passwords and client IDs, to a hardcoded third‑party Sentry endpoint while also capturing raw Boleto API responses. The package has been blocked by NuGet after responsible disclosure, and organizations are urged to rotate affected credentials and audit logs.
read more →

ThreatsDay bulletin: emerging cloud, supply chain risks

📰 This ThreatsDay roundup highlights widespread C2 infrastructure, supply-chain trojanization, exploitation trends, and emerging AI security features. It covers a large regional C2 footprint in the Middle East, an AKS privilege escalation fix, a DAEMON Tools supply-chain compromise added to CISA's KEV, and Apple’s PQC code disclosures. The bulletin also details law firm targeting by SRG, fake installers spreading a Deno RAT, PureLogs phishing, and a spike in DACH cyberattacks.
read more →

Supply Chain Intrusions Target Developer Tooling

🔒 CISA is addressing multiple software supply chain intrusions that target developer ecosystems, specifically CI/CD pipelines, code extensions, and workflows. A malicious Nx Console VS Code extension (version 18.95.0) exploited a prior compromise of Nx developer systems to access a GitHub employee’s device, leading to unauthorized access and exfiltration of internal repositories and assignment of CVE-2026-48027. The “Megalodon” campaign injected malicious GitHub Action workflows to harvest CI/CD secrets, cloud credentials, and tokens. CISA urges organizations to detect and remediate potential compromises and implement recommended best practices for package repositories and CI/CD security.
read more →

MacOS Supply-Chain Attacks Target Crypto Developers

🔍 Wiz has attributed a cluster named Jinx-0164 to a campaign targeting cryptocurrency firms with custom macOS malware, recruiter-themed lures and supply-chain tampering. The actor relies on LinkedIn-based social engineering and lookalike meeting domains to deliver a Python stealer/remote access tool called Audiofix, which poses as an audio driver and harvests keys, credentials and wallet data. They also abuse stolen GitHub tokens to inject backdoors into CI/CD repositories, causing builds to propagate the malware across development environments.
read more →

ESET APT Activity Report Q4 2025–Q1 2026

📄 ESET summarizes notable APT activity observed between October 2025 and March 2026, highlighting China-, Iran-, North Korea-, and Russia-aligned operations alongside unattributed clusters. The report illustrates geopolitical drivers behind campaigns, describes new tooling and supply-chain compromises such as a trojanized axios package, and notes destructive incidents impacting critical infrastructure. ESET confirms protections by its products and notes the report reflects a subset of its Threat Intelligence.
read more →

Malicious npm package stole files from AI tool

🛡️ Researchers uncovered a malicious npm package named mouse5212-super-formatter that exfiltrates files from the /mnt/user-data directory used by Anthropic's Claude AI. OX Security describes the campaign, codenamed Malware-Slop, as a postinstall script that authenticates to GitHub using environment or hard-coded tokens, creates or targets a repository, and uploads local files to an attacker-controlled account. The package has been downloaded hundreds of times, and the linked GitHub account—created shortly before the package appeared—has since disappeared. Analysts noted the actor leaked a private token, suggesting poor OPSEC and possibly AI-assisted malware creation.
read more →

Coordinated Takedown Disrupts GlassWorm C2 Channels

🛡️ CrowdStrike, together with Google and the Shadowserver Foundation, announced the simultaneous disruption of all command-and-control channels used by GlassWorm, a persistent campaign that has targeted software developers since early 2025. The operators trojanized VS Code extensions and poisoned npm and Python packages to deliver a data-theft framework capable of credential harvesting and system profiling. Multiple resilient C2 resolution layers were used — Solana memo fields, BitTorrent DHT, Google Calendar events, and commercial VPS hosts — all of which were neutralized in the coordinated action. CrowdStrike attributes the activity to likely Russia-based cybercriminals and warns about the severe risk posed by supply chain compromises to developer ecosystems.
read more →