Supply-Chain

Ghost Campaign Uses Seven Malicious npm Packages to Steal Crypto Wallets and Credentials

Cybersecurity researchers have uncovered a new threat campaign targeting developers through malicious npm packages designed to steal cryptocurrency wallets and sensitive system data. The operation, tracked as the Ghost campaign by ReversingLabs, highlights the growing risks within open-source ecosystems where attackers exploit developer trust. Malicious Packages Masquerading as Legitimate Tools The campaign involves several npm packages published under […]

Ghost Campaign Uses Seven Malicious npm Packages to Steal Crypto Wallets and Credentials Read More »

TeamPCP Compromises Checkmarx GitHub Actions Using Stolen CI Credentials

Security researchers have reported that the cloud-native cybercriminal group TeamPCP has expanded its supply chain operations by targeting Checkmarx GitHub Actions workflows. This latest activity follows their notorious compromise of the Trivy vulnerability scanner and associated GitHub Actions. The compromised workflows include: How the Attack Works According to cloud security firm Sysdig, the attackers used a

TeamPCP Compromises Checkmarx GitHub Actions Using Stolen CI Credentials Read More »

North Korean Hackers Exploit VS Code Auto Run Tasks to Deploy StoatWaffle Malware

Cybersecurity experts have identified a sophisticated campaign by North Korean threat actors, tracked as WaterPlum, deploying a modular malware family known as StoatWaffle through malicious Microsoft Visual Studio Code (VS Code) projects. The campaign, dubbed Contagious Interview, targets developers and cryptocurrency professionals with social engineering tactics. Auto-Execution via VS Code Tasks The attackers leverage the tasks.json file

North Korean Hackers Exploit VS Code Auto Run Tasks to Deploy StoatWaffle Malware Read More »

Trivy Hack Spreads Infostealer via Docker and Triggers Worm Alongside Kubernetes Wiper

A major cybersecurity incident involving the widely used Trivy vulnerability scanner has expanded significantly, with malicious components spreading across Docker environments and cloud-native infrastructures. Security researchers have confirmed that compromised versions of Trivy were distributed via Docker Hub, exposing developers and organizations to serious threats. This incident highlights the growing impact of software supply chain

Trivy Hack Spreads Infostealer via Docker and Triggers Worm Alongside Kubernetes Wiper Read More »

Trivy Supply Chain Attack Spreads CanisterWorm Across 47 npm Packages

A large-scale supply chain attack targeting the widely used Trivy security scanner has escalated into a self-propagating malware campaign, infecting at least 47 npm packages with a newly identified worm known as CanisterWorm. Security researchers report that the attackers are likely continuing their operations beyond the initial compromise, expanding the infection across multiple software ecosystems

Trivy Supply Chain Attack Spreads CanisterWorm Across 47 npm Packages Read More »

Trivy GitHub Actions Compromised, 75 Tags Hijacked to Steal CI CD Secrets

A major supply chain security incident has affected the widely used open-source vulnerability scanner Trivy, maintained by Aqua Security. Attackers compromised its GitHub Actions ecosystem and manipulated version tags to distribute malware designed to steal sensitive CI/CD secrets. The attack targeted repositories including aquasecurity/trivy-action and aquasecurity/setup-trivy, which are commonly used in CI/CD pipelines to scan

Trivy GitHub Actions Compromised, 75 Tags Hijacked to Steal CI CD Secrets Read More »

GlassWorm Attack Uses Stolen GitHub Tokens to Inject Malware Into Python Repositories

Security researchers have uncovered a new phase of the GlassWorm malware campaign, where attackers are abusing stolen GitHub tokens to inject malicious code into hundreds of Python repositories. The attack targets widely used Python projects and can infect developers who download or execute code from compromised repositories. According to research from supply chain security firm StepSecurity,

GlassWorm Attack Uses Stolen GitHub Tokens to Inject Malware Into Python Repositories Read More »

GlassWorm Supply Chain Attack Exploits 72 Open VSX Extensions to Target Developers

Cybersecurity researchers have uncovered a significant escalation in the GlassWorm malware campaign, which now leverages Open VSX extensions to compromise developer environments. The campaign abuses extension relationships to turn initially benign-looking packages into malicious delivery vehicles, targeting developers across multiple platforms. How GlassWorm Works Instead of embedding malicious code directly in every extension, the threat actor now uses extensionPack and extensionDependencies to trigger

GlassWorm Supply Chain Attack Exploits 72 Open VSX Extensions to Target Developers Read More »

Amazon_web_services

UNC6426 Uses nx npm Supply Chain Attack to Obtain AWS Admin Access Within 72 Hours

Cybersecurity investigators have revealed that a threat actor identified as UNC6426 successfully breached a company’s cloud infrastructure within 72 hours by abusing credentials stolen during a software supply chain compromise involving the Nx npm package. According to findings published in the Google Cloud Threat Horizons Report H1 2026, the attacker initially obtained a developer’s GitHub token. This credential enabled

UNC6426 Uses nx npm Supply Chain Attack to Obtain AWS Admin Access Within 72 Hours Read More »

Five Malicious

Five Malicious Rust Crates and AI Bot Abuse CI CD Pipelines to Steal Developer Secrets

Security researchers have uncovered a group of malicious packages written in the Rust programming language that were uploaded to the official Rust package registry crates.io. These packages were disguised as utilities designed to manage or synchronize system time but were actually created to steal sensitive developer data. The five malicious crates identified are: According to researchers from Socket, the

Five Malicious Rust Crates and AI Bot Abuse CI CD Pipelines to Steal Developer Secrets Read More »