Skip to main content

Supply Chain Attacks

Dimly lit software development workspace with cluttered desk and turned-off laptop and monitor.

Malicious Node-IPC Versions Expose Developer Secrets to Stealer Backdoor

Three versions of the popular Node IPC package have been compromised with a stealthy backdoor that can steal sensitive developer secrets, sparking urgent concerns about supply-chain security. The malicious versions, published under a fake account, contain heavily obfuscated code that springs into action when the package is loaded at runtime.

Analyst 207
Cluttered software development workstation with laptop, monitor, and papers in an office environment.

OpenAI Breach Exposes Code-Signing Certificates in TanStack Supply Chain Attack

OpenAI revealed that two employee devices were compromised in a recent TanStack supply-chain attack, but fortunately, customer data, production systems, and intellectual property remained safe. The breach was limited to a small set of internal source code repositories and credentials.

Analyst 207
Electronics manufacturing facility with rows of workstations and equipment.

Foxconn Cyberattack Exposes Supply Chain Risks

A massive cyberattack on Foxconn has exposed the dark underbelly of supply chain risks, with hackers claiming to have stolen a staggering 11 million files - including confidential data from tech giants like Intel, Apple, and Nvidia. This breach highlights the long-term architectural risks that ransomware attacks can pose to global supply chains.

Analyst 207
Software development workspace with laptop, tools, and notes, set against a blurred cityscape with natural light.

Malware Infects Hundreds of Open-Source Packages in Supply-Chain Attack

A massive supply-chain attack, dubbed "mini Shai-Hulud," has infected hundreds of open-source packages with credential-stealing malware, putting millions of developers and users at risk. The malicious code has been embedded in widely-used libraries and projects, including TanStack's React Router, which alone has over 12 million weekly downloads.

Analyst 207
Laptop screen displays blurred tech company account interface on neutral background.

RubyGems Disrupts Signups Amid Malicious Package Surge

RubyGems has temporarily halted new account registrations amid a significant surge in malicious packages, with security experts warning of a major attack on the platform. The move comes as Mend.io, the organization responsible for securing RubyGems, works to contain the incident.

Analyst 207
Developer workstation with laptop, coding environment, notes, and coffee cups, with daylight and cityscape in background.

Malware Targets TanStack npm Packages in Supply Chain Attack

Malware attackers have infiltrated the TanStack npm packages, modifying 84 artifacts in a supply chain attack that could compromise major developer ecosystems. The malicious code, aimed at stealing credentials, was published across 42 packages on May 11, with some, like @tanstack/react-router, downloaded over 12 million times weekly.

Analyst 207
Laptop workstation with blank screen, surrounded by papers and notes in a neutral-colored room.

TanStack npm packages compromised in cache-poisoning attack

Malicious attackers have launched a lightning-fast cache-poisoning attack on TanStack npm packages, flooding the supply chain with 84 tainted versions loaded with credential theft and disk-wiping code. This six-minute blitz highlights the vulnerability of software supply chains to swift and devastating strikes.

Analyst 207
Dimly lit development workspace with laptop and empty GitHub repositories or terminal windows.

Shai Hulud Campaign Targets Developers with Malicious npm Packages

Malicious actors have unleashed a barrage of 84 tainted versions of popular software packages, cleverly disguising them with legitimate credentials to deceive developers. The Shai Hulud campaign, linked to the TeamPCP threat group, has been wreaking havoc on the software supply chain since September.

Analyst 207
Cluttered tech workspace with laptop and development tools on a desk.

Mini Shai-Hulud Worm Targets Multiple AI, Dev Packages

Meet the Mini Shai-Hulud worm, a sneaky new malware that's infiltrating AI and development packages through a clever supply-chain attack. This malicious code can steal sensitive data from cloud providers, cryptocurrency wallets, and even popular dev tools like GitHub Actions.

Analyst 207
Jenkins plugin page on a computer screen shows a warning message with a blurred software development workspace background.

Checkmarx Plugin Compromised with Infostealer in Supply-Chain Attack

A rogue version of Checkmarx's Jenkins Application Security Testing plugin was compromised by the TeamPCP hacker group, who left a taunting message in the about section, claiming another supply-chain attack success. The group has been linked to a string of similar breaches, delivering credential-stealing malware.

Analyst 207
Software development team works at a continuous-integration workstation with laptop and monitor displaying a plugin…

Checkmarx Plugin Sabotaged in Fresh TeamPCP Intrusion

Checkmarx issued a warning on May 9, 2026, that a tampered version of its Jenkins AST plugin had been released on the Jenkins Marketplace, posing a risk to continuous-integration pipelines. The company quickly responded by urging customers to update to a trusted version, 2.0.13-829.vc72453fa_1c16, to safeguard their systems.

Analyst 207
Software development workstation with subtle signs of compromise.

Daemon Tools Software Trojanized in Supply Chain Attack

Malware was discovered hidden in certain Daemon Tools Lite installers, prompting developer Disc Soft to issue a clean build and confirm a supply chain attack had compromised their system. A malware-free version was released within 12 hours of notification.

Analyst 207
Concerned employees in a software development environment examine a computer screen and discuss an issue amidst rows of…

DAEMON Tools Breach Exposes Thousands to Malware

A recent breach at DAEMON Tools exposed thousands to malware, prompting an immediate response from the company to secure its infrastructure and release a clean build of its software. Version 12.6 of DAEMON Tools Lite has been confirmed safe, and users of paid versions can continue using their software as usual.

Analyst 207
Cluttered office desk with laptop and papers, surrounded by software boxes and manuals.

Kaspersky Uncovers Trojanized DAEMON Tools in Targeted Supply-Chain Attack

If you installed DAEMON Tools between April 8 and now, your system may be compromised - Kaspersky researchers warn that a highly sophisticated supply-chain attack has been delivering a backdoor to thousands of systems via trojanized installers. Check your machines for unusual activity and take action ASAP to protect your organization.

Analyst 207
Software installation on a laptop in an office setting with a hint of logistics background.

Kaspersky Uncovers DAEMON Tools Supply Chain Attack

Kaspersky researchers have uncovered a sneaky supply chain attack that used compromised DAEMON Tools installers, downloaded directly from the official website, to deliver a malicious payload - and what's even scarier is that these installers were digitally signed by the very developers of DAEMON Tools themselves.

Analyst 207
Computer workstation in a brightly-lit Korean game center with patrons and traditional games.

ScarCruft APT Exploits Yanbian Gaming Platform for Intelligence Gathering

Meet ScarCruft, a notorious North Korea-aligned espionage group that's been caught exploiting a popular gaming platform in China to gather intel on its users. The group trojanized a site serving traditional Yanbian-themed games, compromising both Windows and Android software.

Analyst 207
Laptop workstation with PyTorch Lightning package terminal open, displaying code on a neutral background.

Malicious PyTorch Lightning Package Exploits Supply Chain to Steal Credentials

A malicious version of the popular PyTorch Lightning package, downloaded over 11 million times, was found to contain a stealthy backdoor that steals credentials by silently executing a heavily obfuscated JavaScript payload. The compromised package, version 2.6.3, triggers the malicious routine automatically when imported, putting users at risk.

Analyst 207
Cluttered software development workspace with laptop and monitor displaying GitHub page.

Malicious Ruby Gems, Go Modules Exploit CI Pipelines for Credential Theft

Malicious actors are targeting developers and CI pipelines with fake Ruby Gems and Go Modules, masquerading as familiar libraries to steal credentials. The campaign, linked to the GitHub account BufferZoneCorp, poses a significant threat to software supply chains.

Analyst 207
PyTorch Lightning Targeted in PyPI Supply Chain Credential Heist

PyTorch Lightning Targeted in PyPI Supply Chain Credential Heist

Malicious actors have struck PyTorch Lightning with a supply chain attack, publishing two tainted package versions that automatically steal credentials when imported. The attack involves a sneaky _runtime directory with a downloader and obfuscated JavaScript payload.

Analyst 207
Software development workstation with code editor and blurred tools, hinting at supply chain logistics in background.

SAP npm Packages Compromised in Supply-Chain Attack

Security researchers have uncovered a supply-chain attack that compromised four official SAP npm packages, allowing attackers to extract sensitive secrets from CI runner memory. The affected packages, which support SAP's Cloud Applications, have been deprecated on NPM and users are urged to update to secure versions.

Analyst 207
Laptop with blank screen surrounded by npm packages and JavaScript code in a brightly-lit software development environment.

Malware Targets SAP npm Packages in Supply Chain Attack

A new supply-chain attack campaign, dubbed mini Shai-Hulud, is targeting SAP-related npm packages, delivering credential-stealing malware that threatens JavaScript and cloud applications. This sneaky attack puts sensitive data at risk, and experts are warning of a potentially massive impact.

Analyst 207
Cluttered developer workstation with laptop, monitors, and notes in a bright office setting.

Supply-Chain Attack Targets Security, Dev Tools with Credential Theft

Malicious hackers are exploiting the very tools developers rely on, including security scanners and password managers, to steal sensitive credentials and gain unauthorized access. This latest supply-chain attack has already hit major players like Checkmarx, compromising their GitHub repository and potentially putting customer data at risk.

Analyst 207
Cluttered developer workstation with laptop and monitor in a home office setting.

PyPI Package elementary-data Compromised to Steal Developer Data

A malicious release of the popular elementary-data package on PyPI, which has over 1.1 million monthly downloads, allowed an attacker to steal developer data through a sneaky backdoor. This widely-used open-source tool for data observability in dbt pipelines became a prime target for the secrets-stealing campaign.

Analyst 207
Cluttered developer workstation with laptop, notes, and coffee cups, blurred cityscape in background.

npm Ecosystem Faces Rising Threat from Sophisticated Malware Campaigns

The npm ecosystem's security has reached a critical turning point, with sophisticated malware campaigns on the rise and a new baseline of threats emerging since September 2025. Malicious actors are now exploiting developer trust, transforming nuisance attacks into high-consequence supply-chain threats.

Analyst 207