§Topic · Supply Chain Attacks
Supply Chain Attacks
Compromised packages, typosquatting campaigns, malicious dependencies, and software supply chain incidents on npm, PyPI, Go, and Rust.
All dispatches
Loading
§Topic · Supply Chain Attacks
Compromised packages, typosquatting campaigns, malicious dependencies, and software supply chain incidents on npm, PyPI, Go, and Rust.
All dispatchesFour @asyncapi npm packages were compromised to distribute a multi-stage botnet loader with credential-stealing payloads.
AsyncAPI packages were trojanized after attacker stole an npm publishing token via GitHub Actions, risking developer and CI compromise.
Miasma v3 delivered via trojanized AsyncAPI packages creates persistent backdoors on developer machines and build servers.
Compromise of Injective Labs' GitHub published @injectivelabs/[email protected] npm package that exfiltrates crypto wallet keys and seeds.
Malicious jscrambler npm v8.14.0 runs a preinstall hook that drops a cross-platform Rust infostealer during package install.
OAuth token theft in Klue supply chain enables access to Salesforce data; investigation ongoing.
Supply chain compromise injected backdoor code into official Pro plugin releases; warns on software supply chain risk.
VPN seizure and supply-chain risk underscore need for stronger third-party controls.
Poisoned VS Code extension led to internal repo access; reinforces dev-tool supply-chain risk.
Get these articles delivered to your inbox.
Subscribe free