All news

supply-chain-attack

(6 articles)

June 1, 2026

Red Hat npm Packages Backdoored to Steal Dev Credentials

30+ Red Hat npm packages under @redhat-cloud-services were backdoored with Miasma malware to steal AWS keys, SSH keys, and CI/CD tokens. Here's what you need to know.

May 25, 2026

TrapDoor Supply Chain Attack Hits npm, PyPI, CratesIO

TrapDoor malware spreads credential-stealing payloads across npm, PyPI, and CratesIO. Learn how the supply chain attack works and how to protect your projects.

npm Supply-Chain Worm Steals Auth Tokens Fast

April 22, 2026

npm Supply-Chain Worm Steals Auth Tokens Fast

A self-spreading npm supply chain attack is stealing developer tokens, API keys, and cloud credentials. See which packages are affected and how to protect yourself.

Smart Slider 3 Pro Backdoor via Nextend Server Breach

April 10, 2026

Smart Slider 3 Pro Backdoor via Nextend Server Breach

Attackers distributed a backdoored Smart Slider 3 Pro update through compromised Nextend servers. Here's what WordPress site owners need to check now.

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

April 3, 2026

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

Threat actor UNC1069 targeted an Axios maintainer via social engineering, compromising the npm package in a dangerous supply chain attack.

TeamPCP Backdoors LiteLLM Versions 1.82.7-1.82.8 via Trivy CI/CD Compromise

March 24, 2026

TeamPCP Backdoors LiteLLM Versions 1.82.7-1.82.8 via Trivy CI/CD Compromise

Threat actor TeamPCP compromised LiteLLM versions 1.82.7-1.82.8 by poisoning Trivy in a CI/CD supply chain attack. Here is what developers need to know.