Supply Chain Attacks

Miasma Worm Exposes GitHub Repositories in Supply Chain Attack
A sneaky Miasma worm has infiltrated 73 Microsoft GitHub repositories, putting countless projects at risk in a self-replicating supply chain attack. This malicious campaign is a stark reminder of the rapidly evolving threats lurking in the shadows of our digital supply chains.

Miasma Worm Targets Microsoft GitHub Repositories in Supply Chain Attack
GitHub has taken swift action, disabling access to 73 Microsoft repositories across four organizations after a sneaky supply chain attack by the Miasma Worm compromised code on the platform. The disruption was triggered when the malware targeted Microsoft's GitHub repositories, prompting site-wide warnings and restricted access.

Polyfill Compromise Targets Major Websites with Rogue Login Prompts
Major websites, including Toshiba and Muji, have been compromised by a rogue login prompt scam through polyfill.io, tricking visitors into entering sensitive information. If you encountered the fake sign-in screen, be sure to cancel and change your password to protect your account.

Hola Browser Compromised to Deliver Cryptominer in Supply Chain Attack
Hola's CEO, Avi Raz Cohen, assured users that the company has taken swift action to prevent future breaches, rebuilding its distribution pipeline and implementing robust security measures. The move comes after a supply chain attack compromised the Hola Browser, secretly delivering a cryptominer to unsuspecting users.

Container Escapes Fuel Supply Chain Attacks on Cloud Infrastructures
Containers can quickly become a gateway to your entire cloud infrastructure if vulnerable to attacks, with hackers exploiting flaws like CVE-2019-5736, CVE-2022-0492, and CVE-2024-21626 to break free from isolated environments and wreak havoc on your host system. There are five key entry points for container attacks, including vulnerabilities, misconfigurations, and supply chain threats.

Red Hat npm Packages Compromised in Supply-Chain Attack
A recent supply-chain attack compromised 32 Red Hat npm packages, affecting 117,000 weekly downloads, after attackers backdoored 96 package versions under the @redhat-cloud-services namespace. The breach occurred when a Red Hat employee's GitHub account was compromised, allowing malicious commits to be pushed.

Miasma Supply Chain Attack Targets Red Hat npm Packages
A new supply-chain campaign, codenamed Miasma, has compromised multiple Red Hat npm packages to steal sensitive credentials and deliver a self-propagating worm, putting developer machines at risk. This sneaky attack uses clever tactics like install-time execution and encrypted exfiltration to harvest secrets and spread its reach.

OpenAI Codex Tokens Exfiltrated in Malicious npm Supply Chain Attack
For a month, a malicious npm package called codexui-android secretly stole OpenAI Codex authentication tokens from over 29,000 weekly users, sending them to an attacker-controlled server. The package, masquerading as a remote web UI for OpenAI Codex, had gained user trust through active development before being compromised.

TrapDoor Attack Spreads Credential-Stealing Malware Across Software Ecosystems
A massive supply chain attack, dubbed TrapDoor, has been spreading credential-stealing malware across three major language ecosystems, infecting over 34 malicious packages and 384 versions. The coordinated campaign began on May 22, 2026, and continues to target developers with cleverly named packages related to cryptocurrency, DeFi, Solana, and AI.

GitHub-Hosted Malware Targets PHP Packages in Coordinated Supply Chain Attack
Malicious code was injected into eight PHP packages on Packagist, triggering a Linux binary download from GitHub Releases via JavaScript lifecycle hooks in package.json postinstall scripts. The attack was swiftly contained, with the malicious versions removed from Packagist.

GitHub Repos Targeted in 5,500+ Malicious Commits
A shocking new campaign, dubbed Megalodon, has injected malware into over 5,500 GitHub repositories, putting sensitive credentials and tokens at risk of being stolen. This alarming attack highlights the growing threat of supply chain attacks, with experts warning that this could be just the beginning.

GitHub Megalodon Attack Targets Repos with Malicious CI/CD Workflows
In a shocking six-hour blitz on May 18, 2026, attackers unleashed a massive supply-chain campaign dubbed "Megalodon," pushing 5,718 malicious commits to 5,561 GitHub repositories. The sneaky assault mimicked routine CI maintenance, using fake author names and convincing commit messages to deceive victims.

Grafana Breach Exposed by TanStack Supply Chain Attack
Grafana Labs revealed that a supply chain attack led to an unauthorized download of its codebase, exposing a vulnerability that allowed attackers to gain access to its GitHub repositories through a missed workflow token. The breach was detected on May 11, with the company swiftly rotating tokens, but unfortunately, one was overlooked.

GitHub Breach Exposes 3,800 Repos to TanStack Supply-Chain Attack
A single malicious Visual Studio Code extension, Nx Console version 18.95.0, was enough to spark a GitHub breach that exposed 3,800 internal repositories to a TanStack supply-chain attack. The poisoned extension was live on marketplaces for just 54 minutes, but long enough to steal credentials from a developer's machine.

Grafana Breach Exposes Missed Security Step After TanStack Attack
A single misstep in Grafana's security protocol allowed attackers to gain access to its GitHub repositories, following a supply-chain incident involving malicious TanStack packages. A missed GitHub workflow token proved to be the key that enabled the breach.

Typosquatting Evolves Into Supply Chain Threat
Typosquatting has morphed into a sinister supply chain threat, with attackers now embedding malicious lookalike domains within legitimate third-party scripts to intercept sensitive data. This alarming evolution has led to devastating attacks, such as the Trust Wallet compromise, where 2,500 wallets were drained in just 48 hours.

Shai-Hulud Malware Targets 600 Npm Packages in Supply-Chain Attack
In a shocking supply-chain attack, malicious Shai-Hulud malware targeted a staggering 600 npm packages, with researchers uncovering nearly 640 tainted versions across 323 unique libraries in just one hour. The assault hit popular ecosystems like @antv and spread to widely-used packages, leaving a trail of poisoned code in its wake.

Nx Console Extension Exploited to Steal Developer Credentials
A malicious version of the popular Nx Console Extension was published to the VS Code Marketplace, compromising over 2.2 million installations and putting developer credentials at risk. Within seconds of opening a workspace, the extension silently fetched and executed a hidden payload, allowing attackers to steal sensitive information.

Mini Shai-Hulud Campaign Targets npm Ecosystem with Malicious AntV Packages
A large-scale attack has infected hundreds of popular npm packages, including widely-used data visualization and React components, with malicious updates, putting a vast number of projects and applications at risk. The attackers published 639 malicious versions across 323 unique packages in a fast-moving supply chain operation.

GitHub Actions Supply Chain Attack Exfiltrates CI/CD Credentials
A sneaky supply chain attack on GitHub Actions has led to the theft of CI/CD credentials, with hackers using a clever trick to redirect tags to fake commits that hide malicious code. By masquerading as legitimate commits, attackers were able to execute arbitrary code and evade pull request reviews.

TanStack Mulls Invitation-Only Pull Requests After Supply Chain Breach
The TanStack project is weighing a drastic measure to protect its code: switching to invitation-only pull requests, after a sneaky Shai-Hulud worm exploited a GitHub Actions misconfiguration to contaminate a shared cache. This supply chain breach has raised red flags about the integrity of downstream code.

Developer Workstations Expose Software Supply Chain to Credential Theft
In a shocking 48-hour span, three separate cyber attacks hit major platforms, targeting sensitive secrets like API keys and cloud credentials from developer workstations and CI/CD pipelines. This new wave of supply chain threats reveals a disturbing trend: attackers are now focusing on harvesting credentials to compromise your entire software development process.

TanStack Supply Chain Attack Targets OpenAI, Forces macOS Updates
OpenAI sprang into action after detecting a sneaky supply chain attack targeting TanStack, quickly investigating and containing the threat to protect its systems. The attack impacted just two employee devices, with limited internal code repositories and credential material compromised.

OpenAI Disrupted in TanStack npm Supply Chain Breach
Malicious packages have rocked the TanStack npm supply chain, with 84 tainted versions of 42 @tanstack/* packages published, drawing OpenAI into the crisis and prompting urgent action to secure its systems. The AI company has confirmed that attackers compromised two employee devices, stealing credentials and forcing a reset across multiple desktop products.