All news with #supply chain compromise tag

🪲 The GlassWorm supply‑chain campaign has resurfaced, compromising 433 packages, repositories, and extensions across GitHub, npm, and VSCode/OpenVSX. Researchers from Aikido, Socket, Step Security and the OpenSourceMalware community link the activity to a single actor using the same Solana address, identical payloads, and shared infrastructure. Malicious commits employ invisible Unicode to hide obfuscated JavaScript that polls the Solana blockchain for memos and downloads a Node.js runtime to execute an information stealer; developers should search for the marker lzcdrtfxyqiplpd and inspect for persistence artefacts.

🧬 Security researchers say a GlassWorm offshoot, tracked as ForceMemo, uses stolen GitHub tokens to inject obfuscated malware into hundreds of Python repositories by appending code to entry files like setup.py, main.py, and app.py. Attackers steal tokens via malicious VS Code and Cursor extensions, then rebase and force-push rewritten commits to preserve author metadata and hide traces. The appended payload uses a Solana transaction memo to fetch additional payloads and includes locale checks that skip execution on Russian-language systems. Downstream users who pip install or run compromised projects risk executing encrypted JavaScript that can steal cryptocurrency and sensitive data.

🔒 This weekly recap spotlights multiple high‑urgency incidents, including two actively exploited Chrome zero‑days—an out‑of‑bounds write in Skia (CVE‑2026‑3909) and an implementation flaw in V8 (CVE‑2026‑3910)—patched in Chrome 146.0.7680.75/76. It also documents large router botnets such as SocksEscort and KadNap that flash custom firmware to maintain persistence and operate as proxy services. Supply‑chain abuse reappears with UNC6426, which used stolen nx npm keys and abused GitHub→AWS OIDC trust to gain admin access and exfiltrate S3 data within 72 hours. Prioritize patching actively exploited flaws, audit OIDC/S3 trusts and router persistence, and monitor for emerging supply‑chain and AI‑agent risks.

🐛 Researchers at Socket say attackers are abusing dependency relationships in the Open VSX registry to deliver a loader linked to GlassWorm. Since Jan 31, 2026, Socket identified at least 72 malicious listings that pose as developer utilities and later add dependencies to fetch payload extensions. By using VS Code features like extensionPack and extensionDependencies, threat actors turn trusted-looking extensions into transitive delivery vehicles during updates. Mitigations include auditing extension dependencies, monitoring updates, and restricting installs to trusted publishers.

🛡️ The AppsFlyer Web SDK was temporarily hijacked to deliver obfuscated JavaScript that intercepts cryptocurrency wallet inputs and replaces them with attacker-controlled addresses, diverting funds. Profero researchers identified the malicious payload being served from websdk.appsflyer.com between March 9 and March 11. AppsFlyer says the mobile SDK was not affected, the incident has been contained, and an investigation with external forensics is ongoing.

🔒 Cybersecurity researchers have identified a significant escalation in the GlassWorm campaign, which has abused at least 72 extensions in the Open VSX registry to target developers, Socket reports. The actor leverages extensionPack and extensionDependencies to turn benign-looking extensions into transitive delivery vehicles that install malicious packages after trust is established. The malicious listings impersonated common developer tools and used heavier obfuscation, invisible Unicode characters, Solana transactions as dead drops, and rotating wallets to evade detection. Open VSX has removed the flagged extensions while vendors and researchers continue their analysis.

🛡️ Endor Labs has identified 88 additional malicious npm packages tied to the PhantomRaven supply-chain campaign, published between November 2025 and February 2026, with 81 still live and two active C2 servers. The operation uses Remote Dynamic Dependencies (RDD) to fetch credential-stealing payloads from attacker-controlled URLs during npm install. The payload harvests developer and CI/CD credentials and exfiltrates data via HTTP and WebSocket channels, while attackers rotate accounts, domains, and package metadata to evade takedowns.

🔍 GitLab research outlines a North Korean campaign that impersonated recruiters in the 'Contagious Interview' scheme and resulted in the banning of 131 attributed accounts. Many GitLab projects served as obfuscated loaders for malware such as BeaverTail and Ottercookie, with payloads hosted outside repositories. Operators used consumer VPNs, VPSs and laptop farms and shifted to invite-only projects, NPM dependency abuse, sandbox detection and AI-generated personas to scale fake IT worker and freelance scams.

🔒 Microsoft Defender Experts describe the Contagious Interview campaign, a long-running social engineering operation that delivers malware through staged developer recruitment processes. Threat actors pose as recruiters and persuade victims to clone and execute NPM packages or to trust repository tasks in Visual Studio Code that then fetch backdoors such as Invisible Ferret and FlexibleFerret. The operation targets developer endpoints, source-control credentials, and CI/CD access by weaponizing trusted hiring workflows. Microsoft recommends isolating coding tests, pre-reviewing recruiter repositories, restricting runtimes, protecting secrets, and hunting for editor-to-shell execution chains.

🔒 Endor Labs identified a new PhantomRaven npm campaign wave that published 88 malicious packages across 50 disposable accounts, many using slopsquatting to mimic popular projects and names suggested by LLMs. The packages use Remote Dynamic Dependencies in package.json so malware is fetched from attacker-hosted URLs at install time, exfiltrating .gitconfig, .npmrc, environment variables and CI/CD tokens to C2 servers. Researchers note consistent EC2-hosted 'artifact' domains without TLS, an almost unchanged payload across waves, and 81 packages still available; developers should verify publishers and avoid unvetted AI suggestions.

🔐 Google reports that UNC6426 leveraged keys stolen in the August 2025 compromise of the nx npm package to fully breach a customer's cloud environment in under 72 hours. A trojanized postinstall executed a credential stealer named QUIETVAULT, which harvested a developer's GitHub token and other secrets. The actor abused GitHub-to-AWS OIDC trust to create an Administrator role, exfiltrated S3 data, and performed destructive actions including making internal repos public.

🛡️ Cybersecurity researchers uncovered five malicious Rust crates on crates.io that posed as time utilities while exfiltrating .env files to attacker infrastructure. The packages—chrono_anchor, dnp3times, time_calibrator, time_calibrators, and time-sync—were published in late February and early March 2026 and used a lookalike domain to collect secrets. Affected users should assume possible compromise: rotate keys, audit CI workflows, and limit outbound access from build systems.

🔒 KadNap is a newly observed botnet that compromises primarily ASUS routers and other edge devices to assemble a distributed proxy network. Since August 2025 it has grown to roughly 14,000 nodes and uses a modified Kademlia Distributed Hash Table (DHT) protocol to conceal command-and-control infrastructure and complicate takedowns. Infections begin when a malicious script (aic.sh) is fetched from 212.104.141.140, which installs an ELF binary named kad and establishes persistence via a cron job that runs every 55 minutes. Researchers at Black Lotus Labs link KadNap to the Doppelganger/Faceless proxy service that sells access to infected devices, and Lumen has blocked related traffic on its network while preparing indicators of compromise.

⚠️ JFrog researchers discovered a malicious npm package published as "@openclaw-ai/openclawai" that impersonates an OpenClaw installer and executes a multi-stage infection chain delivering a remote access trojan. During installation a postinstall script places a binary on the PATH, which runs an obfuscated setup that simulates a legitimate CLI installer and prompts for administrator credentials. The second-stage payload, internally named GhostLoader, installs persistently, harvests credentials, browser data, wallets, SSH keys and Apple Keychain entries, and exposes a SOCKS5 proxy for remote operators.

🔒 Ericsson Inc.'s U.S. subsidiary disclosed that attackers stole personal data for an undisclosed number of employees and customers after a breach at a third‑party service provider detected on April 28, 2025. The provider's investigation found files were accessed between April 17 and April 22, 2025, and a review completed on February 23, 2026 identified exposed personal information. Ericsson says it has not seen evidence of misuse and is offering free IDX identity protection and monitoring to affected individuals, with enrollment open through June 9, 2026.

🚨 JFrog researchers found a malicious npm package, @openclaw-ai/openclawai, uploaded on March 3, 2026 and downloaded 178 times, that masquerades as an OpenClaw installer to deploy a remote access trojan and harvest sensitive macOS data. It uses a postinstall hook and a global reinstallation to expose a CLI entry point, and the staged GhostLoader payload is delivered encrypted from a C2 server and run as a detached background process. The installer displays a polished fake CLI and an iCloud Keychain prompt to capture system passwords and prompts users for Full Disk Access to unlock Apple Notes, iMessage, Safari history and Mail. Collected files — Keychain databases, browser cookies, crypto wallets, SSH and cloud credentials — are archived and exfiltrated via direct upload, the Telegram Bot API and GoFile.io, while the RAT maintains persistence, clipboard monitoring and browser session cloning.

🔒 The Trump Administration published a national cyber strategy on March 6, 2026, presenting a broad framework to strengthen US digital defenses, counter foreign adversaries and accelerate technological innovation. The plan centers on six policy pillars, covering offensive and defensive operations, streamlined cybersecurity and data regulation, federal network modernization, critical infrastructure and supply chain protection, leadership in emerging technologies and workforce expansion. It stresses proactive use of the full range of government tools — including offensive cyber operations, law enforcement and economic sanctions — alongside deeper public–private coordination. Industry leaders welcomed the priorities but warned implementation will depend on funding, contracting vehicles and clear operational authorities.

🔒 Two Google Chrome extensions were modified following apparent ownership transfers, allowing attackers to remotely deliver JavaScript payloads, inject code, and harvest sensitive data from users. The affected extensions — QuickLens (~7,000 users) and ShotBird (~800 users) — changed owners in early 2026 and began polling C2 servers for runtime payloads. The update to QuickLens stripped security headers to bypass cross-origin protections, while ShotBird used a fake Chrome-update lure to pivot from browser compromise to host-level execution. Users should remove these extensions, audit browsers, and enterprises should treat extensions as supply-chain risk.

⚠️ Researchers at Huntress found that Microsoft Bing’s AI-enhanced search suggested malicious GitHub repositories posing as installers for OpenClaw, instructing users to run commands that deployed information-stealing and proxy malware. The fake repos were tied to newly created GitHub accounts and mimicked legitimate projects to appear trustworthy. Windows and macOS installers delivered Rust-based loaders, the Atomic Stealer family, Vidar, and a GhostSocks backconnect proxy. Huntress reported the repositories to GitHub and recommends using official project portals and bookmarked download sources rather than search results.

🧭 When organizations rely on whitelists to protect high-value blockchain assets, those lists become a playbook for determined attackers. Nation-state groups targeted entities such as Bybit ($1.5B), WazirX ($235M), and Radiant ($53M), compromising whitelisted vendors and counterparties to drain funds. Treat every whitelisted address as potentially compromised and enforce strict verification, segmentation, and least-privilege controls.