#supply-chain-attack

#supply-chain-attack

The WAV file is a valid audio file. It passes MIME-type checks. But the audio frame data contains a base64-encoded payload. Decode the frames, take the first 8 bytes as the XOR key, XOR the rest, and you have your executable or Python script.

The Microsoft Defender team says that the attacker created fake web app projects built with Next.js and disguised them as coding projects to share with developers during job interviews or technical assessments. The researchers initially identified a repository hosted on the Bitbucket cloud-based Git-based code hosting and collaboration service. However, they discovered multiple repositories that shared code structure, loader logic, and naming patterns.

Multiple repositories followed repeatable naming conventions and project 'family' patterns, enabling targeted searches for additional related repositories that were not directly referenced in observed telemetry but exhibited the same execution and staging behavior.

Researchers have discovered that a compromised npm publish token pushed an update for the widely-used Cline command line interface (CLI) containing a malicious postinstall script. That script installs the wildly popular, but increasingly condemned, agentic application OpenClaw on the unsuspecting user's machine. This can be extremely dangerous, as OpenClaw has broad system access and deep integrations with messaging platforms including WhatsApp, Telegram, Slack, Discord, iMessage, Teams, and others.

It allows developers to test code, review pull requests, and more, but also exposes them to attacks via repository-defined configuration files, Orca says. "Codespaces is essentially VS Code running in the cloud, backed by Ubuntu containers, with built-in GitHub authentication and repository integration. This means any VS Code feature that touches execution, secrets, or extensions can potentially be abused when attackers control the repository content," the cybersecurity firm notes.

"The attack involved [an] infrastructure-level compromise that allowed malicious actors to intercept and redirect update traffic destined for notepad-plus-plus.org," developer Don Ho said. "The compromise occurred at the hosting provider level rather than through vulnerabilities in Notepad++ code itself." The exact mechanism through which this was realized is currently being investigated, Ho added.

On January 30, 2026, four established Open VSX extensions published by the oorzc author had malicious versions published to Open VSX that embed the GlassWorm malware loader, These extensions had previously been presented as legitimate developer utilities (some first published more than two years ago) and collectively accumulated over 22,000 Open VSX downloads prior to the malicious releases.

The second wave of the Shai-Hulud supply chain attack has spilled over to the Maven ecosystem after compromising more than 830 packages in the npm registry. The Socket Research Team said it identified a Maven Central package named org.mvnpm:posthog-node:4.18.1 that embeds the same two components associated with Sha1-Hulud: the "setup_bun.js" loader and the main payload "bun_environment.js." "This means the PostHog project has compromised releases in both the JavaScript/npm and Java/Maven ecosystems, driven by the same Shai Hulud v2 payload,"

"Airstalk misuses the AirWatch API for mobile device management (MDM), which is now called Workspace ONE Unified Endpoint Management," security researchers Kristopher Russo and Chema Garcia said in an analysis. "It uses the API to establish a covert command-and-control (C2) channel, primarily through the AirWatch feature to manage custom device attributes and file uploads."

As the U.S. federal government ground to a halt at 12:01 a.m. EDT on October 1, 2025, a cybercriminal group calling itself the Crimson Collective chose that precise moment to publicly disclose one of the most significant supply chain compromises in recent memory. The breach of Red Hat's consulting division, affecting approximately 800 organizations, including critical defense contractors and government agencies, represents more than just another data breach; it demonstrates a sophisticated understanding of how to weaponize American politics for maximum strategic impact.

Chinese AI firm DeepSeek revealed it spent only $294,000 training its R1 model far below the hundreds of millions claimed by U.S. rivals. Using 512 Nvidia H800 accelerators, the company trained R1 in just 80 hours. The release of R1 earlier this year rattled tech markets, even denting Nvidia's valuation. DeepSeek also acknowledged limited use of A100s and defended model distillation, stressing it makes AI more accessible despite U.S. accusations of copying OpenAI's work.