#supply-chain attack
#supply-chain attack

Information security

Vendor Says Daemon Tools Supply Chain Attack Contained

Information security

Gemini CLI Vulnerability Could Have Led to Code Execution, Supply Chain Attack

Information security

Government, Scientific Entities Hit via Daemon Tools Supply Chain Attack

Information security

DAEMON Tools Supply Chain Attack Compromises Official Installers with Malware

Information security

1,800 Hit in Mini Shai-Hulud Attack on SAP, Lightning, Intercom

2 days ago

Checkmarx Jenkins plugin compromised in new supply chain attack

A backdoored Checkmarx Jenkins AST plugin release compromises Jenkins instances, requiring immediate plugin replacement and full secret rotation across multiple credential types.

Vendor Says Daemon Tools Supply Chain Attack Contained

Trojanized Daemon Tools Lite installers were injected with malware, leading to information collection and backdoor deployment on selected systems.

Gemini CLI Vulnerability Could Have Led to Code Execution, Supply Chain Attack

A critical CVSS 10/10 vulnerability in Gemini CLI's -yolo mode allowed attackers to inject malicious prompts via GitHub issues, potentially enabling full supply chain compromise through credential theft and unauthorized repository access.

Government, Scientific Entities Hit via Daemon Tools Supply Chain Attack

A sophisticated supply chain attack targets organizations through malicious code in Daemon Tools software, affecting multiple countries and sectors.

DAEMON Tools Supply Chain Attack Compromises Official Installers with Malware

A supply chain attack on DAEMON Tools has compromised installers to deliver malicious payloads, affecting users globally since April 2026.

1,800 Hit in Mini Shai-Hulud Attack on SAP, Lightning, Intercom

Over 1,800 developers were impacted by the Mini Shai-Hulud supply chain attack affecting multiple package ecosystems.

more#supply-chain-attack

5 days ago

Ransomware Group Takes Credit for Trellix Hack

RansomHouse claimed responsibility for a Trellix breach involving leaked access to internal services and dashboards, while Trellix reported no evidence of source code exploitation.

Claude Code OAuth Tokens Can Be Stolen Through Stealthy MCP Hijacking

Attackers can steal OAuth tokens from Claude Code through man-in-the-middle attacks by modifying configuration files and intercepting MCP traffic, gaining access to all connected tools and services.

Supply-chain attacks take aim at your AI coding agents

North Korean APTs exploit AI coding agents by creating malicious software packages and using slopsquatting techniques to target hallucinated dependencies.

ScarCruft Hacks Gaming Platform to Deploy BirdCall Malware on Android and Windows

A North Korea-aligned hacking group compromised a gaming platform to target ethnic Koreans in China using a backdoor called BirdCall.

N. Korean Hackers Spread 1,700 Malicious Packages Across npm, PyPI, Go, Rust

Contagious Interview campaign targets Go, Rust, and PHP ecosystems with malicious packages that function as malware loaders.

North Korean Hackers Target High-Profile Node.js Maintainers

North Korean hackers are targeting Node.js maintainers using social engineering tactics similar to those used in previous campaigns.

fromwww.cybersecuritydive.com

Axios open-source library targeted in sophisticated supply chain attack

A North Korean threat actor compromised the axios library, introducing a malicious dependency that deploys a backdoor across multiple operating systems.

fromNextgov.com

North Korea-linked hackers suspected in Axios open-source hijack, Google analysts say

North Korea-aligned hackers compromised the Axios JavaScript library, risking many developers' systems through a sophisticated supply chain attack.

Supply-chain attacks take aim at your AI coding agents

North Korean APTs exploit AI coding agents by creating malicious software packages and using slopsquatting techniques to target hallucinated dependencies.

ScarCruft Hacks Gaming Platform to Deploy BirdCall Malware on Android and Windows

A North Korea-aligned hacking group compromised a gaming platform to target ethnic Koreans in China using a backdoor called BirdCall.

N. Korean Hackers Spread 1,700 Malicious Packages Across npm, PyPI, Go, Rust

Contagious Interview campaign targets Go, Rust, and PHP ecosystems with malicious packages that function as malware loaders.

North Korean Hackers Target High-Profile Node.js Maintainers

North Korean hackers are targeting Node.js maintainers using social engineering tactics similar to those used in previous campaigns.

fromwww.cybersecuritydive.com

Axios open-source library targeted in sophisticated supply chain attack

A North Korean threat actor compromised the axios library, introducing a malicious dependency that deploys a backdoor across multiple operating systems.

fromNextgov.com

North Korea-linked hackers suspected in Axios open-source hijack, Google analysts say

North Korea-aligned hackers compromised the Axios JavaScript library, risking many developers' systems through a sophisticated supply chain attack.

Information security

Kaspersky suspects Chinese hackers planted a backdoor into Daemon Tools in 'widespread' attack | TechCrunch

Information security

Trellix Source Code Repository Breached

Information security

SAP npm Packages Compromised by "Mini Shai-Hulud" Credential-Stealing Malware

Information security

Checkmarx Confirms GitHub Repository Data Posted on Dark Web After March 23 Attack

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

A targeted social engineering campaign by North Korean actors led to a supply chain compromise of the Axios npm package.

Google Attributes Axios npm Supply Chain Attack to North Korean Group UNC1069

Google attributes the Axios npm package compromise to North Korean threat actor UNC1069, highlighting the risks of supply chain attacks.

Kaspersky suspects Chinese hackers planted a backdoor into Daemon Tools in 'widespread' attack | TechCrunch

A backdoor in Daemon Tools has been identified, allowing hackers to target thousands of Windows computers and plant additional malware.

Trellix Source Code Repository Breached

Trellix experienced a breach of its source code repository but found no evidence of exploitation or impact on its source code distribution process.

SAP npm Packages Compromised by "Mini Shai-Hulud" Credential-Stealing Malware

A new supply chain attack campaign targets SAP-related npm packages with credential-stealing malware, affecting multiple versions and compromising developer environments.

Checkmarx Confirms GitHub Repository Data Posted on Dark Web After March 23 Attack

Checkmarx's investigation reveals a cybercriminal group published data from its GitHub repository on the dark web following a supply chain attack.

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

A targeted social engineering campaign by North Korean actors led to a supply chain compromise of the Axios npm package.

Google Attributes Axios npm Supply Chain Attack to North Korean Group UNC1069

Google attributes the Axios npm package compromise to North Korean threat actor UNC1069, highlighting the risks of supply chain attacks.

Popular Daemon Tools utility exploited in supply chain attack

Daemon Tools' official website is distributing trojanized installers, enabling a supply chain attack with remote control capabilities since April 8th.

fromDeveloper Tech News

Open-source registries hit by 'Mini Shai-Hulud' supply chain attacks

The 'Mini Shai-Hulud' worm targets developer credentials across multiple ecosystems, exploiting vulnerabilities in popular packages to steal sensitive information.

SAP NPM Packages Targeted in Supply Chain Attack

Four SAP NPM packages were compromised with malicious code, targeting cloud application workflows and stealing sensitive credentials.

Critical Gemini CLI Flaw Enabled Host Code Execution, Supply Chain Attacks

A critical vulnerability in Gemini CLI allows remote code execution, enabling attackers to exploit CI/CD pipelines for supply chain attacks.

Checkmarx Confirms Data Stolen in Supply Chain Attack

Checkmarx confirmed data theft from its KICS project due to a supply chain attack linked to TeamPCP and Lapsus$.

Ongoing supply-chain attack targets security, dev tools

Checkmarx's GitHub repository was compromised, leading to a data leak by the Lapsus$ extortion group.

Checkmarx Confirms Data Stolen in Supply Chain Attack

Checkmarx confirmed data theft from its KICS project due to a supply chain attack linked to TeamPCP and Lapsus$.

Ongoing supply-chain attack targets security, dev tools

Checkmarx's GitHub repository was compromised, leading to a data leak by the Lapsus$ extortion group.

more#checkmarx

#axios

fromAzure DevOps Blog

DevOps

Axios npm Supply Chain Compromise - Guidance for Azure Pipelines Customers - Azure DevOps Blog

Axios npm hack used fake Teams error fix to hijack maintainer account

A social engineering attack linked to North Korean hackers compromised Axios maintainers, leading to a supply chain attack with malicious npm package versions.

Node JS

Axios NPM Package Breached in North Korean Supply Chain Attack

fromAxios

Node JS

North Korean hackers implicated in major supply chain attack

A compromised maintainer account for the Axios npm package led to the publication of malicious software versions targeting various operating systems.

Node JS

Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account

Axios experienced a supply chain attack due to malicious dependencies in two npm package versions.

DevOps

fromAzure DevOps Blog

Axios npm Supply Chain Compromise - Guidance for Azure Pipelines Customers - Azure DevOps Blog

Malicious versions of Axios were published to npm, affecting CI/CD environments that installed them, but Azure Pipelines itself remains uncompromised.

Axios npm hack used fake Teams error fix to hijack maintainer account

A social engineering attack linked to North Korean hackers compromised Axios maintainers, leading to a supply chain attack with malicious npm package versions.

Axios NPM Package Breached in North Korean Supply Chain Attack

Malicious Axios NPM library versions were distributed in a supply chain attack by North Korean hackers, affecting millions of users.

fromAxios

North Korean hackers implicated in major supply chain attack

A compromised maintainer account for the Axios npm package led to the publication of malicious software versions targeting various operating systems.

Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account

Axios experienced a supply chain attack due to malicious dependencies in two npm package versions.

Bitwarden NPM Package Hit in Supply Chain Attack

The Bitwarden CLI NPM package was compromised, enabling credential theft through a malicious payload targeting various cloud services and GitHub repositories.

Information security

Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign

Bitwarden CLI was compromised in the Checkmarx supply chain campaign, with malicious code stealing sensitive data from users.

Bitwarden NPM Package Hit in Supply Chain Attack

The Bitwarden CLI NPM package was compromised, enabling credential theft through a malicious payload targeting various cloud services and GitHub repositories.

Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign

Bitwarden CLI was compromised in the Checkmarx supply chain campaign, with malicious code stealing sensitive data from users.

Malicious pgserve, automagik developer tools found in npm registry

Malicious npm packages aim to steal sensitive data and credentials, potentially leading to complete organizational takeovers.

Speagle Malware Hijacks Cobra DocGuard to Steal Data via Compromised Servers

Speagle malware hijacks Cobra DocGuard infrastructure to harvest and exfiltrate sensitive data while masking communications as legitimate server traffic.

Information security

Evelyn Stealer Malware Abuses VS Code Extensions to Steal Developer Credentials and Crypto

Malicious pgserve, automagik developer tools found in npm registry

Malicious npm packages aim to steal sensitive data and credentials, potentially leading to complete organizational takeovers.

Speagle Malware Hijacks Cobra DocGuard to Steal Data via Compromised Servers

Speagle malware hijacks Cobra DocGuard infrastructure to harvest and exfiltrate sensitive data while masking communications as legitimate server traffic.

Information security

Evelyn Stealer Malware Abuses VS Code Extensions to Steal Developer Credentials and Crypto

Another npm supply chain worm hits dev environments

A new npm supply-chain attack targets developer workflows, compromising multiple packages and stealing sensitive data, with similarities to previous CanisterWorm infections.

fromInfoQ

Axios npm Package Compromised in Supply Chain Attack

A significant supply chain attack on Axios introduced a Remote Access Trojan via hijacked maintainer accounts, affecting numerous developer environments.

Hackers compromise Axios npm package to drop cross-platform malware

Hackers compromised the Axios npm account to distribute remote access trojans across multiple operating systems.

Top npm package backdoored to drop dirty RAT on dev machines

A widely used npm library, axios, was compromised to deliver malware through a maintainer's hijacked account.

Information security

Shai-Hulud 2.0's impact appears vast as NPM ecosystem struggles to cope

Another npm supply chain worm hits dev environments

A new npm supply-chain attack targets developer workflows, compromising multiple packages and stealing sensitive data, with similarities to previous CanisterWorm infections.

fromInfoQ

Axios npm Package Compromised in Supply Chain Attack

A significant supply chain attack on Axios introduced a Remote Access Trojan via hijacked maintainer accounts, affecting numerous developer environments.

Hackers compromise Axios npm package to drop cross-platform malware

Hackers compromised the Axios npm account to distribute remote access trojans across multiple operating systems.

Top npm package backdoored to drop dirty RAT on dev machines

A widely used npm library, axios, was compromised to deliver malware through a maintainer's hijacked account.

Information security

Shai-Hulud 2.0's impact appears vast as NPM ecosystem struggles to cope

Malicious WordPress Plugins with Backdoors Compromise Thousands of Websites

Malicious WordPress plugins with backdoors compromised thousands of websites, demonstrating a supply-chain attack and leading to their permanent removal.

fromTNW | Apps

30+ WordPress plugins bought on Flippa and backdoored in supply chain attack

A significant WordPress plugin compromise involved a backdoor planted in over 30 plugins, exposing a critical vulnerability in plugin ownership transfer and update mechanisms.

Someone planted backdoors in dozens of WordPress plugins used in thousands of websites | TechCrunch

Dozens of WordPress plugins were compromised by a backdoor, distributing malicious code after a change in ownership of the plugin maker.

fromTechRepublic

3 weeks ago

Malicious WordPress Plugins with Backdoors Compromise Thousands of Websites

Malicious WordPress plugins with backdoors compromised thousands of websites, demonstrating a supply-chain attack and leading to their permanent removal.

fromTNW | Apps

30+ WordPress plugins bought on Flippa and backdoored in supply chain attack

A significant WordPress plugin compromise involved a backdoor planted in over 30 plugins, exposing a critical vulnerability in plugin ownership transfer and update mechanisms.

Someone planted backdoors in dozens of WordPress plugins used in thousands of websites | TechCrunch

Dozens of WordPress plugins were compromised by a backdoor, distributing malicious code after a change in ownership of the plugin maker.

OpenAI Impacted by North Korea-Linked Axios Supply Chain Hack

OpenAI was affected by a supply chain attack involving malicious Axios packages attributed to North Korean hackers.

OpenAI Revokes macOS App Certificate After Malicious Axios Supply Chain Incident

OpenAI's macOS apps were affected by a supply chain attack, but no user data or internal systems were compromised.

OpenAI Impacted by North Korea-Linked Axios Supply Chain Hack

OpenAI was affected by a supply chain attack involving malicious Axios packages attributed to North Korean hackers.

OpenAI Revokes macOS App Certificate After Malicious Axios Supply Chain Incident

OpenAI's macOS apps were affected by a supply chain attack, but no user data or internal systems were compromised.

Meta Pauses Work With Mercor After LiteLLM-Linked Data Breach - TechRepublic

Meta has paused work with Mercor due to a security breach linked to the LiteLLM supply chain attack.

Guardarian Users Targeted With Malicious Strapi NPM Packages

A supply chain attack targeting the Strapi ecosystem involved 36 malicious NPM packages delivering various harmful payloads.

AI Startup Mercor, Which Works With Open AI and Anthropic, Confirms Data Breach

Mercor, an AI startup, experienced a data breach involving 4 terabytes of stolen data linked to a supply chain attack by hacking groups.

fromWIRED

4 months ago

Information security

The Worst Hacks of 2025

fromSecuritymagazine

AI Startup Mercor, Which Works With Open AI and Anthropic, Confirms Data Breach

Mercor, an AI startup, experienced a data breach involving 4 terabytes of stolen data linked to a supply chain attack by hacking groups.

fromWIRED

4 months ago

Information security

The Worst Hacks of 2025

more#data-breach

Telnyx Targeted in Growing TeamPCP Supply Chain Attack

The WAV file is a valid audio file. It passes MIME-type checks. But the audio frame data contains a base64-encoded payload. Decode the frames, take the first 8 bytes as the XOR key, XOR the rest, and you have your executable or Python script.

Python

Artificial intelligence

Context Hub vulnerable to supply chain attacks, says tester

Using non-authoritative information sources in AI tools can lead to significant risks and predictable consequences.

From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI

TeamPCP hacking group expanded its attacks to multiple platforms, exploiting vulnerabilities and compromising credentials for malicious purposes.

LiteLLM infected with credential-stealing code via Trivy

LiteLLM versions v1.82.7 and v1.82.8 were removed from PyPI due to a supply chain attack injecting credential-stealing code.

Widely used Trivy scanner compromised in ongoing supply-chain attack

Aqua Security's Trivy vulnerability scanner has been compromised, affecting developers and organizations using it.

Information security

Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets

fromArs Technica

Widely used Trivy scanner compromised in ongoing supply-chain attack

Aqua Security's Trivy vulnerability scanner has been compromised, affecting developers and organizations using it.

Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets

Trivy, an open-source vulnerability scanner, was compromised twice in a month, delivering malware that stole sensitive CI/CD secrets.

Malicious npm Package Posing as OpenClaw Installer Deploys RAT, Steals macOS Credentials

A malicious npm package impersonating OpenClaw deploys a remote access trojan and steals sensitive data including credentials, crypto wallets, SSH keys, and browser data from infected systems.

Cloned AI Tool Sites Distribute Malware in 'InstallFix' Campaign

InstallFix campaign uses cloned webpages and malvertising to distribute information-stealing malware through fake installation pages for popular development tools.

Fake Next.js job interview tests backdoor developer's devices

The Microsoft Defender team says that the attacker created fake web app projects built with Next.js and disguised them as coding projects to share with developers during job interviews or technical assessments. The researchers initially identified a repository hosted on the Bitbucket cloud-based Git-based code hosting and collaboration service. However, they discovered multiple repositories that shared code structure, loader logic, and naming patterns.

Information security

Next.js jobseekers targeted with malicious 'interview' repos

Hackers distribute malicious Next.js repositories that execute in-memory JavaScript on developers' machines through multiple attack vectors during normal development workflows.

Compromised npm package silently installs OpenClaw on developer machines

Researchers have discovered that a compromised npm publish token pushed an update for the widely-used Cline command line interface (CLI) containing a malicious postinstall script. That script installs the wildly popular, but increasingly condemned, agentic application OpenClaw on the unsuspecting user's machine. This can be extremely dangerous, as OpenClaw has broad system access and deep integrations with messaging platforms including WhatsApp, Telegram, Slack, Discord, iMessage, Teams, and others.

Information security

#notepad

Information security

Notepad++ declares new update process 'unexploitable'

Information security

Notepad++ says Chinese government hackers hijacked its software updates for months | TechCrunch

Information security

Notepad++ patches update chain after targeted compromise

Information security

Vulnerability in Notepad++ updater exploited for malware

Information security

Notepad++ declares new update process 'unexploitable'

Information security

Notepad++ says Chinese government hackers hijacked its software updates for months | TechCrunch

Information security

Notepad++ patches update chain after targeted compromise

Information security

Vulnerability in Notepad++ updater exploited for malware

First Malicious Outlook Add-In Found Stealing 4,000+ Microsoft Credentials

A malicious Outlook add-in hijacked an abandoned add-in's domain, served a fake Microsoft login, and stole over 4,000 credentials in a supply chain takeover.

VS Code Configs Expose GitHub Codespaces to Attacks

It allows developers to test code, review pull requests, and more, but also exposes them to attacks via repository-defined configuration files, Orca says. "Codespaces is essentially VS Code running in the cloud, backed by Ubuntu containers, with built-in GitHub authentication and repository integration. This means any VS Code feature that touches execution, secrets, or extensions can potentially be abused when attackers control the repository content," the cybersecurity firm notes.

Information security

Fake Python Spellchecker Packages on PyPI Delivered Hidden Remote Access Trojan

Two malicious PyPI packages disguised as spellcheckers delivered a Python RAT via a base64 payload hidden in a Basque dictionary file.