Skip to main content

Supply Chain Attacks

Dimly lit software development workspace with rows of computer workstations and coding materials.

Miasma Worm Exposes GitHub Repositories in Supply Chain Attack

A sneaky Miasma worm has infiltrated 73 Microsoft GitHub repositories, putting countless projects at risk in a self-replicating supply chain attack. This malicious campaign is a stark reminder of the rapidly evolving threats lurking in the shadows of our digital supply chains.

Analyst 207
GitHub repository page on laptop screen with error message and blurred software development workspace background.

Miasma Worm Targets Microsoft GitHub Repositories in Supply Chain Attack

GitHub has taken swift action, disabling access to 73 Microsoft repositories across four organizations after a sneaky supply chain attack by the Miasma Worm compromised code on the platform. The disruption was triggered when the malware targeted Microsoft's GitHub repositories, prompting site-wide warnings and restricted access.

Analyst 207
Laptop screen displays rogue login prompt with generic logo and username field.

Polyfill Compromise Targets Major Websites with Rogue Login Prompts

Major websites, including Toshiba and Muji, have been compromised by a rogue login prompt scam through polyfill.io, tricking visitors into entering sensitive information. If you encountered the fake sign-in screen, be sure to cancel and change your password to protect your account.

Analyst 207
Windows computer workstation with browser open, surrounded by technical books and office supplies.

Hola Browser Compromised to Deliver Cryptominer in Supply Chain Attack

Hola's CEO, Avi Raz Cohen, assured users that the company has taken swift action to prevent future breaches, rebuilding its distribution pipeline and implementing robust security measures. The move comes after a supply chain attack compromised the Hola Browser, secretly delivering a cryptominer to unsuspecting users.

Analyst 207
Rows of computer servers and storage units in a dimly-lit server room with a single server in the foreground.

Container Escapes Fuel Supply Chain Attacks on Cloud Infrastructures

Containers can quickly become a gateway to your entire cloud infrastructure if vulnerable to attacks, with hackers exploiting flaws like CVE-2019-5736, CVE-2022-0492, and CVE-2024-21626 to break free from isolated environments and wreak havoc on your host system. There are five key entry points for container attacks, including vulnerabilities, misconfigurations, and supply chain threats.

Analyst 207
Software development workspace with laptop and papers, subtle coding environment in background.

Red Hat npm Packages Compromised in Supply-Chain Attack

A recent supply-chain attack compromised 32 Red Hat npm packages, affecting 117,000 weekly downloads, after attackers backdoored 96 package versions under the @redhat-cloud-services namespace. The breach occurred when a Red Hat employee's GitHub account was compromised, allowing malicious commits to be pushed.

Analyst 207
Developer workstation with open laptop showing code, surrounded by empty coffee cups and scattered notes, hinting at a…

Miasma Supply Chain Attack Targets Red Hat npm Packages

A new supply-chain campaign, codenamed Miasma, has compromised multiple Red Hat npm packages to steal sensitive credentials and deliver a self-propagating worm, putting developer machines at risk. This sneaky attack uses clever tactics like install-time execution and encrypted exfiltration to harvest secrets and spread its reach.

Analyst 207
Developer workstation with laptop, terminal, and smartphone in a brightly-lit home office setting.

OpenAI Codex Tokens Exfiltrated in Malicious npm Supply Chain Attack

For a month, a malicious npm package called codexui-android secretly stole OpenAI Codex authentication tokens from over 29,000 weekly users, sending them to an attacker-controlled server. The package, masquerading as a remote web UI for OpenAI Codex, had gained user trust through active development before being compromised.

Analyst 207
Developer workstation with laptop and monitor displaying code, surrounded by notes and empty coffee cups, in a modern…

TrapDoor Attack Spreads Credential-Stealing Malware Across Software Ecosystems

A massive supply chain attack, dubbed TrapDoor, has been spreading credential-stealing malware across three major language ecosystems, infecting over 34 malicious packages and 384 versions. The coordinated campaign began on May 22, 2026, and continues to target developers with cleverly named packages related to cryptocurrency, DeFi, Solana, and AI.

Analyst 207
Laptop and development tools sit on a cluttered workspace surrounded by generic technology equipment.

GitHub-Hosted Malware Targets PHP Packages in Coordinated Supply Chain Attack

Malicious code was injected into eight PHP packages on Packagist, triggering a Linux binary download from GitHub Releases via JavaScript lifecycle hooks in package.json postinstall scripts. The attack was swiftly contained, with the malicious versions removed from Packagist.

Analyst 207
Laptop screen showing GitHub repository page with cityscape background and subtle CI/CD hints.

GitHub Repos Targeted in 5,500+ Malicious Commits

A shocking new campaign, dubbed Megalodon, has injected malware into over 5,500 GitHub repositories, putting sensitive credentials and tokens at risk of being stolen. This alarming attack highlights the growing threat of supply chain attacks, with experts warning that this could be just the beginning.

Analyst 207
Dimly lit workspace with scattered screens and keyboards, featuring empty and blurred computer terminals.

GitHub Megalodon Attack Targets Repos with Malicious CI/CD Workflows

In a shocking six-hour blitz on May 18, 2026, attackers unleashed a massive supply-chain campaign dubbed "Megalodon," pushing 5,718 malicious commits to 5,561 GitHub repositories. The sneaky assault mimicked routine CI maintenance, using fake author names and convincing commit messages to deceive victims.

Analyst 207
Blurred computer screen surrounded by development materials in a bright, neutral workspace.

Grafana Breach Exposed by TanStack Supply Chain Attack

Grafana Labs revealed that a supply chain attack led to an unauthorized download of its codebase, exposing a vulnerability that allowed attackers to gain access to its GitHub repositories through a missed workflow token. The breach was detected on May 11, with the company swiftly rotating tokens, but unfortunately, one was overlooked.

Analyst 207
Blurred developer workstation with laptop, smartphone, and tablet nearby.

GitHub Breach Exposes 3,800 Repos to TanStack Supply-Chain Attack

A single malicious Visual Studio Code extension, Nx Console version 18.95.0, was enough to spark a GitHub breach that exposed 3,800 internal repositories to a TanStack supply-chain attack. The poisoned extension was live on marketplaces for just 54 minutes, but long enough to steal credentials from a developer's machine.

Analyst 207
Developer workstation with laptop and terminal screens near npm package repository, indicating a software development…

Grafana Breach Exposes Missed Security Step After TanStack Attack

A single misstep in Grafana's security protocol allowed attackers to gain access to its GitHub repositories, following a supply-chain incident involving malicious TanStack packages. A missed GitHub workflow token proved to be the key that enabled the breach.

Analyst 207
Cluttered coding workspace surrounds a laptop with a blurred webpage.

Typosquatting Evolves Into Supply Chain Threat

Typosquatting has morphed into a sinister supply chain threat, with attackers now embedding malicious lookalike domains within legitimate third-party scripts to intercept sensitive data. This alarming evolution has led to devastating attacks, such as the Trust Wallet compromise, where 2,500 wallets were drained in just 48 hours.

Analyst 207
Coding environment with lines of code on screen, surrounded by notes and diagrams.

Shai-Hulud Malware Targets 600 Npm Packages in Supply-Chain Attack

In a shocking supply-chain attack, malicious Shai-Hulud malware targeted a staggering 600 npm packages, with researchers uncovering nearly 640 tainted versions across 323 unique libraries in just one hour. The assault hit popular ecosystems like @antv and spread to widely-used packages, leaving a trail of poisoned code in its wake.

Analyst 207
Code editor interface with open plugin panel, generic computer screen and daylight in background.

Nx Console Extension Exploited to Steal Developer Credentials

A malicious version of the popular Nx Console Extension was published to the VS Code Marketplace, compromising over 2.2 million installations and putting developer credentials at risk. Within seconds of opening a workspace, the extension silently fetched and executed a hidden payload, allowing attackers to steal sensitive information.

Analyst 207
Software development workspace with a computer screen displaying a blurred graph, surrounded by cables and development tools.

Mini Shai-Hulud Campaign Targets npm Ecosystem with Malicious AntV Packages

A large-scale attack has infected hundreds of popular npm packages, including widely-used data visualization and React components, with malicious updates, putting a vast number of projects and applications at risk. The attackers published 639 malicious versions across 323 unique packages in a fast-moving supply chain operation.

Analyst 207
Blurred computer terminal surrounded by development notes and empty coffee cups in a brightly-lit coding environment.

GitHub Actions Supply Chain Attack Exfiltrates CI/CD Credentials

A sneaky supply chain attack on GitHub Actions has led to the theft of CI/CD credentials, with hackers using a clever trick to redirect tags to fake commits that hide malicious code. By masquerading as legitimate commits, attackers were able to execute arbitrary code and evade pull request reviews.

Analyst 207
Developer workspace with laptop, terminal, and blurred background of software development area, featuring a subtle network…

TanStack Mulls Invitation-Only Pull Requests After Supply Chain Breach

The TanStack project is weighing a drastic measure to protect its code: switching to invitation-only pull requests, after a sneaky Shai-Hulud worm exploited a GitHub Actions misconfiguration to contaminate a shared cache. This supply chain breach has raised red flags about the integrity of downstream code.

Analyst 207
Empty developer workstation with laptop and peripherals on a neutral background.

Developer Workstations Expose Software Supply Chain to Credential Theft

In a shocking 48-hour span, three separate cyber attacks hit major platforms, targeting sensitive secrets like API keys and cloud credentials from developer workstations and CI/CD pipelines. This new wave of supply chain threats reveals a disturbing trend: attackers are now focusing on harvesting credentials to compromise your entire software development process.

Analyst 207
A laptop on a simple desk in a corporate office with a blurred background of cubicles and a hint of a coding workspace on…

TanStack Supply Chain Attack Targets OpenAI, Forces macOS Updates

OpenAI sprang into action after detecting a sneaky supply chain attack targeting TanStack, quickly investigating and containing the threat to protect its systems. The attack impacted just two employee devices, with limited internal code repositories and credential material compromised.

Analyst 207
Developer workstation with npm package management software on laptop screen, surrounded by clutter, with cityscape visible…

OpenAI Disrupted in TanStack npm Supply Chain Breach

Malicious packages have rocked the TanStack npm supply chain, with 84 tainted versions of 42 @tanstack/* packages published, drawing OpenAI into the crisis and prompting urgent action to secure its systems. The AI company has confirmed that attackers compromised two employee devices, stealing credentials and forcing a reset across multiple desktop products.

Analyst 207