Supply Chain Attacks

Malicious Node-IPC Versions Expose Developer Secrets to Stealer Backdoor
Three versions of the popular Node IPC package have been compromised with a stealthy backdoor that can steal sensitive developer secrets, sparking urgent concerns about supply-chain security. The malicious versions, published under a fake account, contain heavily obfuscated code that springs into action when the package is loaded at runtime.

OpenAI Breach Exposes Code-Signing Certificates in TanStack Supply Chain Attack
OpenAI revealed that two employee devices were compromised in a recent TanStack supply-chain attack, but fortunately, customer data, production systems, and intellectual property remained safe. The breach was limited to a small set of internal source code repositories and credentials.

Foxconn Cyberattack Exposes Supply Chain Risks
A massive cyberattack on Foxconn has exposed the dark underbelly of supply chain risks, with hackers claiming to have stolen a staggering 11 million files - including confidential data from tech giants like Intel, Apple, and Nvidia. This breach highlights the long-term architectural risks that ransomware attacks can pose to global supply chains.

Malware Infects Hundreds of Open-Source Packages in Supply-Chain Attack
A massive supply-chain attack, dubbed "mini Shai-Hulud," has infected hundreds of open-source packages with credential-stealing malware, putting millions of developers and users at risk. The malicious code has been embedded in widely-used libraries and projects, including TanStack's React Router, which alone has over 12 million weekly downloads.

RubyGems Disrupts Signups Amid Malicious Package Surge
RubyGems has temporarily halted new account registrations amid a significant surge in malicious packages, with security experts warning of a major attack on the platform. The move comes as Mend.io, the organization responsible for securing RubyGems, works to contain the incident.

Malware Targets TanStack npm Packages in Supply Chain Attack
Malware attackers have infiltrated the TanStack npm packages, modifying 84 artifacts in a supply chain attack that could compromise major developer ecosystems. The malicious code, aimed at stealing credentials, was published across 42 packages on May 11, with some, like @tanstack/react-router, downloaded over 12 million times weekly.

TanStack npm packages compromised in cache-poisoning attack
Malicious attackers have launched a lightning-fast cache-poisoning attack on TanStack npm packages, flooding the supply chain with 84 tainted versions loaded with credential theft and disk-wiping code. This six-minute blitz highlights the vulnerability of software supply chains to swift and devastating strikes.

Shai Hulud Campaign Targets Developers with Malicious npm Packages
Malicious actors have unleashed a barrage of 84 tainted versions of popular software packages, cleverly disguising them with legitimate credentials to deceive developers. The Shai Hulud campaign, linked to the TeamPCP threat group, has been wreaking havoc on the software supply chain since September.

Mini Shai-Hulud Worm Targets Multiple AI, Dev Packages
Meet the Mini Shai-Hulud worm, a sneaky new malware that's infiltrating AI and development packages through a clever supply-chain attack. This malicious code can steal sensitive data from cloud providers, cryptocurrency wallets, and even popular dev tools like GitHub Actions.

Checkmarx Plugin Compromised with Infostealer in Supply-Chain Attack
A rogue version of Checkmarx's Jenkins Application Security Testing plugin was compromised by the TeamPCP hacker group, who left a taunting message in the about section, claiming another supply-chain attack success. The group has been linked to a string of similar breaches, delivering credential-stealing malware.

Checkmarx Plugin Sabotaged in Fresh TeamPCP Intrusion
Checkmarx issued a warning on May 9, 2026, that a tampered version of its Jenkins AST plugin had been released on the Jenkins Marketplace, posing a risk to continuous-integration pipelines. The company quickly responded by urging customers to update to a trusted version, 2.0.13-829.vc72453fa_1c16, to safeguard their systems.

Daemon Tools Software Trojanized in Supply Chain Attack
Malware was discovered hidden in certain Daemon Tools Lite installers, prompting developer Disc Soft to issue a clean build and confirm a supply chain attack had compromised their system. A malware-free version was released within 12 hours of notification.

DAEMON Tools Breach Exposes Thousands to Malware
A recent breach at DAEMON Tools exposed thousands to malware, prompting an immediate response from the company to secure its infrastructure and release a clean build of its software. Version 12.6 of DAEMON Tools Lite has been confirmed safe, and users of paid versions can continue using their software as usual.

Kaspersky Uncovers Trojanized DAEMON Tools in Targeted Supply-Chain Attack
If you installed DAEMON Tools between April 8 and now, your system may be compromised - Kaspersky researchers warn that a highly sophisticated supply-chain attack has been delivering a backdoor to thousands of systems via trojanized installers. Check your machines for unusual activity and take action ASAP to protect your organization.

Kaspersky Uncovers DAEMON Tools Supply Chain Attack
Kaspersky researchers have uncovered a sneaky supply chain attack that used compromised DAEMON Tools installers, downloaded directly from the official website, to deliver a malicious payload - and what's even scarier is that these installers were digitally signed by the very developers of DAEMON Tools themselves.

ScarCruft APT Exploits Yanbian Gaming Platform for Intelligence Gathering
Meet ScarCruft, a notorious North Korea-aligned espionage group that's been caught exploiting a popular gaming platform in China to gather intel on its users. The group trojanized a site serving traditional Yanbian-themed games, compromising both Windows and Android software.

Malicious PyTorch Lightning Package Exploits Supply Chain to Steal Credentials
A malicious version of the popular PyTorch Lightning package, downloaded over 11 million times, was found to contain a stealthy backdoor that steals credentials by silently executing a heavily obfuscated JavaScript payload. The compromised package, version 2.6.3, triggers the malicious routine automatically when imported, putting users at risk.

Malicious Ruby Gems, Go Modules Exploit CI Pipelines for Credential Theft
Malicious actors are targeting developers and CI pipelines with fake Ruby Gems and Go Modules, masquerading as familiar libraries to steal credentials. The campaign, linked to the GitHub account BufferZoneCorp, poses a significant threat to software supply chains.

PyTorch Lightning Targeted in PyPI Supply Chain Credential Heist
Malicious actors have struck PyTorch Lightning with a supply chain attack, publishing two tainted package versions that automatically steal credentials when imported. The attack involves a sneaky _runtime directory with a downloader and obfuscated JavaScript payload.

SAP npm Packages Compromised in Supply-Chain Attack
Security researchers have uncovered a supply-chain attack that compromised four official SAP npm packages, allowing attackers to extract sensitive secrets from CI runner memory. The affected packages, which support SAP's Cloud Applications, have been deprecated on NPM and users are urged to update to secure versions.

Malware Targets SAP npm Packages in Supply Chain Attack
A new supply-chain attack campaign, dubbed mini Shai-Hulud, is targeting SAP-related npm packages, delivering credential-stealing malware that threatens JavaScript and cloud applications. This sneaky attack puts sensitive data at risk, and experts are warning of a potentially massive impact.

Supply-Chain Attack Targets Security, Dev Tools with Credential Theft
Malicious hackers are exploiting the very tools developers rely on, including security scanners and password managers, to steal sensitive credentials and gain unauthorized access. This latest supply-chain attack has already hit major players like Checkmarx, compromising their GitHub repository and potentially putting customer data at risk.

PyPI Package elementary-data Compromised to Steal Developer Data
A malicious release of the popular elementary-data package on PyPI, which has over 1.1 million monthly downloads, allowed an attacker to steal developer data through a sneaky backdoor. This widely-used open-source tool for data observability in dbt pipelines became a prime target for the secrets-stealing campaign.

npm Ecosystem Faces Rising Threat from Sophisticated Malware Campaigns
The npm ecosystem's security has reached a critical turning point, with sophisticated malware campaigns on the rise and a new baseline of threats emerging since September 2025. Malicious actors are now exploiting developer trust, transforming nuisance attacks into high-consequence supply-chain threats.