All news with #supply chain compromise tag

🔍 Security researchers at ReversingLabs uncovered a malicious npm campaign, dubbed the 'Ghost campaign', that uses fabricated installation logs to conceal downloader behavior. Malicious packages impersonate legitimate installs—displaying fake dependency downloads, progress bars and random delays—and prompt users for their sudo password under false pretenses. That credential is then used to fetch and execute a final-stage remote access trojan capable of stealing crypto wallets and sensitive data; researchers advise verifying package authors, monitoring install scripts and avoiding sudo prompts during installs.

🛡️Security researchers at ReversingLabs have uncovered a set of malicious npm packages published by user mikilanjillo that phish for sudo credentials and deploy a multi-stage downloader to steal cryptocurrency wallets and other sensitive data. The packages display fake npm install logs and inject delays to mask their actions, then prompt for elevated privileges to retrieve a remote payload via Telegram. The final stage installs a remote access trojan capable of harvesting browser credentials, wallets, SSH keys, and developer tokens.

🔒 Two GitHub Actions maintained by Checkmarx — ast-github-action and kics-github-action — were compromised by the credential-stealing operation TeamPCP. The malware harvests CI and cloud credentials and exfiltrates encrypted archives named tpcp.tar.gz to a vendor-typosquat domain. Actors also create a fallback repository (docs-tpcp) using stolen GITHUB_TOKENs and have trojanized Open VSX extensions. Organizations are advised to rotate secrets, audit runner logs, and pin Actions to full commit SHAs.

🧨 The TeamPCP group is deploying a geopolitically targeted wiper that seeks out Iranian systems and either destroys host data or implants a persistent backdoor on Kubernetes nodes. Aikido researchers link the campaign to the earlier CanisterWorm and Trivy supply-chain incidents, noting identical C2 infrastructure and the same /tmp/pglog drop path. When Iran indicators (timezone/locale) and Kubernetes are detected, the malware creates a privileged DaemonSet named Host-provisioner-iran that mounts the host root and runs Alpine containers called "kamikaze" to delete top-level directories and force a reboot. If Kubernetes is present but the host is not identified as Iranian, it deploys host-provisioner-std to write a Python backdoor and install it as a systemd service; variants also propagate via SSH or unauthenticated Docker APIs.

🔔 The TeamPCP threat actor extended its Trivy supply‑chain attack by pushing malicious Docker images and hijacking Aqua Security's GitHub organization, tampering with multiple repositories. Security researchers and Socket identified Docker Hub images tagged 0.69.5 and 0.69.6 that lack corresponding GitHub releases and contain indicators of compromise linked to the TeamPCP Cloud stealer. Aqua said incomplete token rotation after an earlier incident allowed attackers to reuse credentials, and the company published safe Trivy releases while engaging Sygnia to investigate and remediate.

🚨 A financially motivated group known as TeamPCP deployed a self‑propagating worm called CanisterWorm that spreads through poorly secured cloud control planes and conditionally executes a destructive wiper on systems set to Iran’s timezone or Farsi locale. The actors leveraged exposed Docker APIs, misconfigured Kubernetes clusters, Redis servers and the React2Shell vector, and inserted credential‑stealing code into official Trivy releases via compromised GitHub Actions. Researchers observed the group using ICP canisters to host payloads and noted the malicious builds were active only intermittently, leaving uncertainty about the extent of successful data destruction.

🛡️ Researchers have identified additional compromised Docker images tied to the Trivy supply‑chain incident after attackers injected credential‑stealing malware into official releases and GitHub Actions. New Docker tags 0.69.5 and 0.69.6 were uploaded on March 22 without matching GitHub releases and contain IOCs linked to the TeamPCP infostealer. Aqua Security confirmed repository tampering and advised teams to treat CI/CD scans as potentially compromised while noting its commercial products appear unaffected.

🔒 This week’s recap highlights a major supply-chain compromise of Trivy, where attackers injected credential‑stealing malware into official releases and GitHub Actions, producing a self‑propagating worm called CanisterWorm that affected thousands of CI/CD workflows. Law enforcement dismantled several massive IoT botnets built from routers, cameras and DVRs, while high‑severity flaws — including a critical Langflow RCE and a Cisco FMC 0‑day exploited by Interlock ransomware — were weaponized within hours of disclosure.

🚨 Researchers uncovered trojanized Trivy images on Docker Hub after a supply-chain compromise that pushed malicious releases to developer environments. The last known clean release is 0.69.3; tags 0.69.4–0.69.6 were removed after analysis linked several images to the TeamPCP infostealer. The incident also affected related GitHub Actions and spawned downstream npm compromises and repository defacements.

🛡️ The Trivy vulnerability scanner was compromised in a supply-chain attack that injected an infostealer into official releases and GitHub Actions. Researchers attribute the campaign to TeamPCP, which trojanized the trivy binary (v0.69.4) and replaced GitHub Action entrypoints, affecting many trivy-action tags. The malware harvested a broad range of credentials, exfiltrated data to a typosquatted C2, and deployed persistence on infected hosts. Organizations using affected versions should assume full compromise and rotate secrets immediately.

🛡️ The actors behind the Trivy supply-chain compromise are now suspected of seeding a self-propagating worm called CanisterWorm, which uses an ICP canister (Internet Computer blockchain smart contract) as a decentralized dead drop for command-and-control. The chain abuses an npm postinstall hook to drop a Python backdoor and establishes persistence via a masquerading systemd user service that restarts automatically. A new variant harvests local npm tokens during postinstall and launches an automated propagation routine, turning compromised developers and CI pipelines into unwitting distributors.

⚠ The widely used Trivy vulnerability scanner and its official GitHub Actions were backdoored after attackers injected a credential‑stealing payload into official releases, the trivy-action and setup-trivy components, and published binaries. The malware harvests pipeline secrets by reading process memory and searching filesystems for SSH keys, cloud credentials, Kubernetes tokens, Docker configs, and wallets, exfiltrating encrypted data to a typosquatted domain or, failing that, by creating a public repository named tpcp-docs. Researchers say the intrusion followed an earlier compromise and incomplete credential rotation that let attackers regain access via insecure GitHub Actions; victims should rotate secrets immediately and pin Actions to full commit SHAs. Known safe versions include Trivy v0.69.3, trivy-action tag 0.35.0, and setup-trivy 0.2.6.

🔒 The Trivy open-source scanner and its GitHub Actions integrations (aquasecurity/trivy-action and aquasecurity/setup-trivy) were compromised in March 2026 when an attacker force-pushed 75 version tags to point to malicious commits. The injected Python infostealer harvests CI/CD secrets from runners, attempts exfiltration to an attacker-controlled domain, and can stage stolen data using captured PATs if network exfiltration fails. Vendors advise immediate secret rotation, blocking the malicious domain/IP, and pinning Actions to full commit SHAs.

🔍 Enterprises now sit directly in adversaries' collection paths: they may not be primary targets but their shared telecom, cloud, MSP, and identity dependencies are being exploited upstream. Commercial spyware like Predator and state‑aligned groups documented in Singapore's February 2026 telco breaches show how device and backbone compromises create persistent, upstream access. CISOs must assume provider compromise, demand attestation, harden session and identity layers, and shift detection to low‑noise, long‑duration intelligence operations.

🔍 CrowdStrike linked a spike in script-execution detections to a compromised GitHub Action, aquasecurity/trivy-action, used widely in CI/CD pipelines. An attacker force‑repointed 76 of 77 release tags to commits that prepended a ~105‑line credential stealer to the legitimate entrypoint, enabling secret harvesting on both GitHub-hosted and self‑hosted runners. Harvested data was encrypted with AES-256-CBC and a hardcoded 4096‑bit RSA key, then exfiltrated via a typosquatted domain and, as a fallback, by creating public GitHub releases under victim accounts; the malicious code then invoked the original scanner to hide its activity.

🔒 Speagle is a newly identified malware that subverts the client and infrastructure of the legitimate document protection product Cobra DocGuard to harvest and exfiltrate sensitive information while masquerading as normal client-server traffic. Researchers at Symantec and Carbon Black (Broadcom) say the 32-bit .NET binary verifies the DocGuard installation, collects system and browser artefacts, and uses a compromised Cobra server for command-and-control and data theft. Tracked as Runningcrab, the activity appears narrowly targeted to environments running the security software and may stem from a supply-chain compromise; attribution remains unknown.

🛡️ Bitrefill says a cyberattack in early March was likely carried out by North Korea’s Lazarus/BlueNoroff cluster, citing reused IPs, emails, malware, and on-chain tracing as linking indicators. The company traced the intrusion to a compromised employee laptop and stolen legacy credentials that exposed a snapshot containing production secrets and some cryptocurrency wallets. Bitrefill reports about 18,500 exposed purchase records (including 1,000 with names), believes losses were limited and will be covered from capital, and is strengthening security controls and monitoring.

🚨 In mid-November security researcher Paul McCarty flagged a vast spam campaign in the npm registry that injected tens of thousands of useless modules named after Indonesian dishes. The packages — about 86,000 at discovery — often appeared legitimate, used chains of dependencies, and some contained self-replication to publish more modules and even tied into the TEA blockchain to harvest tokens. The campaign created dependency bloat, reputational risk, and the potential for future supply-chain abuse; Kaspersky recommends developer awareness training and container/dependency scanning with tools such as KASAP and specialized runtime protection.

🎮 Acronis TRU found hundreds of GitHub repositories posing as "free" game cheats that deliver the Vidar 2.0 infostealer, warning the true number of malicious repos could be in the thousands. Campaigns begin in game-focused Discord and Reddit communities and use PS2EXE-compiled PowerShell loaders to evade basic detections. Loaders add Windows Defender exclusions, fetch secondary payload URLs from Pastebin linking to GitHub-hosted binaries, and deploy a Themida-packed Vidar executable that establishes persistence via scheduled tasks. The payload then harvests credentials, tokens and files and exfiltrates them through C2 infrastructure masked by Telegram bots and Steam dead-drop resolvers.

🛡️ Rapid7 and Microsoft researchers have documented a ClickFix operation that compromised over 250 WordPress sites to distribute fileless infostealers using counterfeit Cloudflare CAPTCHA prompts. The injected JavaScript hides from administrators and coerces visitors into pasting obfuscated commands that launch an in-memory DoubleDonut loader, which injects payloads into legitimate Windows processes. Observed payloads include a new Vidar variant and two previously undocumented stealers—Impure Stealer (.NET) and VodkaStealer (C++)—both using advanced encoding, encryption and sandbox-detection checks. Site owners are urged to restrict public admin access, tighten credentials and apply the published IOCs and YARA rules.