extension supply chain
-
WordPress redirect plugin hid dormant backdoor for years
A WordPress redirect plugin installed on more than 70,000 sites hid a dormant backdoor for years, according to a technical analysis by Anchor. The issue involved a hidden update path and a tampered build from an external server.
-
North Korean hackers use AI to hide npm malware in Web3 supply chain
North Korean-linked hackers are using AI-generated code and layered npm packages to spread malware that steals cryptocurrency wallets and developer data, according to a technical analysis from ReversingLabs. The campaign has also expanded beyond npm to other platforms.
-
Researchers flag 73 fake VS Code extensions tied to GlassWorm campaign
Researchers flagged 73 fake Visual Studio Code extensions on Open VSX tied to the GlassWorm campaign. Six were confirmed malicious, while the rest were sleeper packages designed to build trust before delivering malware.
-
Malicious npm packages spread self-propagating worm through stolen developer tokens
Researchers found a self-propagating npm supply chain worm in April 2026 that stole developer secrets, reused npm tokens to publish poisoned packages and also included PyPI propagation logic.
-
WordPress plugin suite hacked to push malware to thousands of sites
More than 30 WordPress plugins in the EssentialPlugin package were compromised with malicious code, affecting hundreds of thousands of installations. The malware could push spam pages and redirects, and WordPress.org issued a forced update.
-
OpenAI revokes Mac app certificate after Axios supply chain incident
OpenAI said a GitHub Actions workflow used to sign its Mac apps downloaded a malicious Axios package on March 31. The company is revoking the certificate, but said it found no evidence of data or system compromise.
-
Smart Slider update hijacked to push malicious WordPress and Joomla versions
Hackers hijacked the Smart Slider 3 Pro update system for WordPress and Joomla, pushing a malicious version that could create hidden admin accounts, install backdoors and steal credentials, according to the vendor and a technical analysis.
-
Google links Axios npm compromise to suspected North Korean group
Google has linked the Axios npm supply chain compromise to a suspected North Korean group after attackers pushed trojanized package versions that could deliver malware to Windows, macOS and Linux systems.
-
CanisterWorm self propagates in npm after Trivy supply chain compromise
A self propagating worm called CanisterWorm followed a Trivy supply chain compromise to infect 47 npm packages. The worm uses an ICP canister dead drop and stolen npm tokens to publish malicious package versions.
-
Critical Langflow RCE CVE-2026-33017 Exploited Within 20 Hours of Disclosure
A critical unauthenticated RCE in Langflow, CVE-2026-33017 (CVSS 9.3), was disclosed on March 17, 2026 and exploited within 20 hours. Users should apply patches, rotate secrets and restrict network access to public instances.
