supply-chain
(8 articles)
April 10, 2026
GlassWorm Campaign Targets Developer IDEs via Zig Dropper
The GlassWorm campaign uses a Zig-compiled dropper to infect developer IDEs. Learn how it works, what's at risk, and how to protect your dev environment.
April 9, 2026
Smart Slider 3 Pro Hijacked to Push Backdoored Updates
Smart Slider 3 Pro version 3.5.1.35 was hijacked to push malicious WordPress and Joomla updates with hidden admin accounts and multi-layer backdoors.
April 5, 2026
36 Malicious npm Packages Exploited Redis and PostgreSQL to Deploy Persistent Implants
36 rogue npm packages abused Redis and PostgreSQL connections to plant persistent backdoors. Here is what happened and how to protect your supply chain.
April 1, 2026
Claude Code Source Leaked via npm Packaging Error, Anthropic Confirms
Anthropic confirms Claude Code source was exposed via an npm packaging error. Here's what happened and how developers can protect their own packages.
March 27, 2026
Fake VS Code Alerts on GitHub Spread Malware to Developers
A coordinated campaign is flooding GitHub Discussions with fake VS Code security alerts, tricking developers into downloading malware via Google Drive links.
March 24, 2026
Ghost Campaign Uses 7 npm Packages to Steal Crypto Wallets and Credentials
A stealthy npm supply chain attack uses 7 malicious packages to harvest crypto wallet keys and credentials. Here's what developers need to know.
March 23, 2026
North Korean Hackers Abuse VS Code Auto-Run Tasks to Deploy StoatWaffle Malware
North Korean threat actors are exploiting VS Code auto-run tasks to silently deploy StoatWaffle malware. Here's what happened and how to protect your dev environment.
March 20, 2026
Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets
Attackers hijacked 75 tags in Trivy's GitHub Actions repo to steal CI/CD secrets. Here's what happened and how to protect your pipelines.