Skip to main content
← All Tags

Software Supply Chain

11 articles in this category

AI NewsCybersecuritySoftware Supply Chain

Compromised dYdX npm and PyPI Packages Deliver Malware

Compromised dYdX npm and PyPI packages delivered wallet-stealing malware and a RAT via poisoned updates in a software supply chain attack, affecting over $1.5 trillion in cumulative trading volume.

Read more
AI NewsCybersecuritySoftware Supply Chain

Malicious VS Code Extensions Harvest Developer Source Code

Two VS Code AI extensions with 1.5 million installs were found to exfiltrate developer source code to servers in China.

Read more
AI NewsCybersecuritySoftware Supply Chain

Malicious PyPI Package Impersonates SymPy, Deploys XMRig Miner

A fake 'sympy-dev' package on PyPI impersonated the SymPy library, resulting in over 1,100 downloads and deployment of an XMRig cryptominer on Linux systems.

Read more
AI NewsCybersecuritySoftware Supply Chain

n8n Supply Chain Attack Abuses Community Nodes to Steal OAuth Tokens

A supply chain attack on n8n exploited trusted workflow integrations, resulting in the theft of OAuth tokens from over 20,000 downloads.

Read more
AI NewsCybersecuritySoftware Supply Chain

VS Code Forks Recommend Missing Extensions, Creating Supply Chain Risk in Open VSX

AI-powered VS Code forks recommended non-existent extensions in Open VSX, leading to over 500 installs of a placeholder extension.

Read more
AI NewsCybersecuritySoftware Supply Chain

New Shai-Hulud Strain and Fake Jackson Package Target Developers

Researchers discovered a modified Shai-Hulud npm worm and a malicious Jackson Maven package, highlighting ongoing supply chain attacks targeting developer credentials.

Read more
AI NewsCybersecuritySoftware Supply Chain

SBOMs in 2026: Acknowledging the Gap Between Theory and Practice

Despite a US government mandate and EU regulations, widespread SBOM adoption remains hampered by inaccuracies and a lack of actionable data.

Read more
AI NewsCybersecuritySoftware Supply Chain

27 Malicious npm Packages Used as Phishing Infrastructure to Steal Login Credentials

Researchers identified 27 malicious npm packages used over five months to host phishing pages, resulting in credential theft from targeted organizations.

Read more
AI NewsCybersecuritySoftware Supply Chain

Malicious npm Package 'lotusbail' Steals WhatsApp Data and Credentials

A fake WhatsApp API package on npm, downloaded over 56,000 times, intercepted messages, stole credentials, and linked attacker devices.

Read more
AI NewsCybersecuritySoftware Supply Chain

Rogue NuGet Package Mimics Tracer.Fody, Steals Crypto Wallet Data

A malicious NuGet package disguised as Tracer.Fody remained undetected for six years, stealing Stratis wallet files and passwords from over 2,000 downloads.

Read more
AI NewsCybersecuritySoftware Supply Chain

Malicious Packages Steal Developer Data via VS Code, Go, npm, and Rust

Researchers discovered malicious packages in VS Code extensions and Go, npm, and Rust ecosystems, resulting in the theft of sensitive developer data.

Read more