supply-chain 60

• Malicious npm Package Exfiltrated Files from Claude AI User Directories May 27, 2026
• SymJack Attack Weaponizes AI Coding Agents as Supply Chain Delivery Systems May 27, 2026
• Laravel-Lang Packages Poisoned to Exfiltrate CI Secrets May 25, 2026
• Megalodon Supply Chain Attack Infects 5,500+ GitHub Repositories May 25, 2026
• npm Launches Staged Publishing with 2FA Gating to Counter Supply Chain Attacks May 23, 2026
• Packagist Supply Chain Attack Injects Linux Malware Into 8 Composer Packages May 23, 2026
• Laravel-Lang PHP Packages Compromised to Deliver Cross-Platform Credential Stealer May 23, 2026
• Megalodon GitHub Attack Injects Malicious CI/CD Workflows into 5,561 Repos May 22, 2026
• Grafana Codebase Stolen via TanStack Supply Chain Attack May 22, 2026
• Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack May 20, 2026
• Unit 42: TamperedChef Clusters Deliver Stealthy Payloads via Trojanized Productivity Apps May 20, 2026
• GitHub Confirms 3,800 Internal Repos Breached via Malicious VS Code Extension May 20, 2026
• Grafana Labs Source Code Exposed via GitHub Breach Linked to TanStack npm Attack May 19, 2026
• New Shai-Hulud Wave Compromises 600+ npm Packages in Fresh Supply Chain Hit May 19, 2026
• Compromised Nx Console 18.95.0 Delivers Credential Stealer to 2.2M VS Code Users May 19, 2026
• GitHub Actions Supply Chain Attack Hijacks actions-cool/issues-helper Tags May 18, 2026
• node-ipc npm Package Compromised in Supply Chain Attack to Steal Credentials May 15, 2026
• TanStack Supply Chain Attack Compromised Two OpenAI Employee Devices, Credentials Stolen May 15, 2026
• TeamPCP Releases Shai-Hulud Worm Source Code, Invites Supply Chain Attacks with Monetary Rewards May 15, 2026
• TanStack npm Supply Chain Attack Hits Multiple AI Companies May 14, 2026
• Hugging Face Model Tokenizer Files Can Be Weaponized to Hijack Outputs and Exfiltrate Data May 12, 2026
• Official Checkmarx Jenkins AST Plugin Backdoored with Infostealer May 11, 2026
• Mini Shai-Hulud: Dissecting the SAP CAP npm Supply Chain Worm May 10, 2026
• JDownloader Website Compromised to Distribute Python RAT via Malicious Installers May 9, 2026
• Dozen Critical Vulnerabilities in vm2 Node.js Library Enable Sandbox Escape and RCE May 6, 2026
• DAEMON Tools Supply Chain Attack Hits Government and Scientific Targets May 6, 2026
• New Quasar Linux Malware Targets Software Developers with Rootkit and Backdoor May 5, 2026
• Trellix Source Code Breach Exposes Security Product Internals May 5, 2026
• DAEMON Tools Official Installers Backdoored in Supply Chain Attack May 5, 2026
• ScarCruft Compromises Gaming Platform to Deploy BirdCall Backdoor on Android and Windows May 5, 2026
• Backdoored PyTorch Lightning Package on PyPI Delivers Credential Stealer May 4, 2026
• Trellix Discloses Data Breach After Source Code Repository Hack May 4, 2026
• Trellix Confirms Source Code Breach via Unauthorized Repository Access May 1, 2026
• TeamPCP 'Mini Shai-Hulud' Supply Chain Attack Hits SAP npm Packages May 1, 2026
• PyTorch Lightning Compromised in PyPI Supply Chain Attack to Steal Credentials Apr 30, 2026
• Critical Gemini CLI Flaw Enabled Host Code Execution and Supply Chain Attacks Apr 30, 2026
• Google Patches CVSS 10 Gemini CLI RCE Enabling Supply-Chain Code Execution Apr 30, 2026
• WordPress Redirect Plugin Hid Dormant Backdoor for Five Years Across 70,000 Sites Apr 29, 2026
• SAP npm Packages Compromised in Credential-Stealing Supply Chain Attack Apr 29, 2026
• Vect 2.0 Ransomware Behaves as Wiper Due to Encryption Design Flaw Apr 29, 2026
• DPRK Threat Actors Use Claude Opus to Plant Malicious npm Packages Apr 29, 2026
• PyPI Package 'elementary-data' with 1.1M Monthly Downloads Backdoored to Steal Credentials Apr 27, 2026
• Checkmarx Confirms GitHub Repository Data Published on Dark Web After March Supply Chain Attack Apr 27, 2026
• 73 Fake VS Code Extensions on Open VSX Deliver GlassWorm v2 Infostealer Apr 27, 2026
• Unit 42 Maps npm Attack Surface: Wormable Malware, CI/CD Persistence, and Multi-Stage Chains Apr 24, 2026
• Bitwarden npm Supply Chain Attack Attributed to TeamPCP; Shai-Hulud Worm Component Identified Apr 24, 2026
• Checkmarx Supply Chain Attack Compromises Bitwarden CLI and KICS Analysis Tool Apr 23, 2026
• Vercel Expands Breach Scope: More Accounts Compromised in Context.ai-Linked Incident Apr 23, 2026
• CVE-2026-1731: Critical Bomgar RMM RCE Actively Exploited to Spread Ransomware Apr 21, 2026
• 26 Malicious Crypto Wallet Apps Found in China's Apple App Store Apr 20, 2026
• Vercel Breach Traced to Context.ai Third-Party Compromise Apr 19, 2026
• 30+ EssentialPlugin WordPress Plugins Backdoored in Supply Chain Compromise Apr 15, 2026
• OpenAI Rotates macOS Code-Signing Certs After North Korea-Linked Axios Supply Chain Attack Apr 13, 2026
• DoD Flags Anthropic as Supply-Chain Risk While Trump Officials Push Banks to Test Mythos Apr 12, 2026
• CPUID Supply Chain Attack Poisons CPU-Z and HWMonitor Downloads Apr 10, 2026
• Smart Slider 3 Pro Update System Hijacked to Deliver Backdoored WordPress and Joomla Versions Apr 9, 2026
• ClipBanker Malware Distributed via Trojanized Proxifier in Multi-Stage Attack Chain Apr 9, 2026
• Microsoft Suspends Developer Accounts for High-Profile Open Source Projects Apr 8, 2026
• Dissecting the LiteLLM Kill Chain Apr 8, 2026
• LiteLLM Supply Chain Attack — PyPI Packages Compromised Apr 8, 2026