supply chain attack
-
Compromised Nx Console VS Code extension targeted developers in supply chain breach
A compromised Nx Console VS Code extension spread credential-stealing malware to developers after being published on the Microsoft marketplace. The incident affected more than 2.2 million installations and prompted update and credential-rotation warnings.
-
GitHub Actions supply chain attack compromises issue helper tool
A supply chain attack has compromised the GitHub Actions workflow actions-cool/issues-helper, with malicious tags used to steal CI/CD credentials from runners and send them to an attacker-controlled server.
-
DAEMON Tools installers trojanized in supply chain attack, Kaspersky says
DAEMON Tools installers were trojanized in a supply chain attack that affected versions released since April 8, 2026, Kaspersky said. The compromise reached users in more than 100 countries and delivered targeted malware to a small set of hosts.
-
ScarCruft pushes Android BirdCall spyware through game platform
APT37 has been distributing an Android version of its BirdCall backdoor through a gaming platform supply chain attack, according to ESET. The spyware can gather contacts, messages, device data, screenshots and files.
-
PyPI Lightning package hit by credential-stealing malware
Python package Lightning was compromised on PyPI, with two malicious releases published on April 30, 2026. Security researchers said the code targeted developer credentials and could spread through package ecosystems.
-
SAP-related npm packages hit by credential-stealing supply chain attack
SAP-related npm packages were compromised in an April 29 supply chain attack that inserted credential-stealing malware into four releases, affecting developer, GitHub, npm, cloud, and Kubernetes secrets, according to a technical analysis from Aikido Security.
-
Checkmarx says LAPSUS$ leaked data from stolen GitHub repository
Checkmarx said LAPSUS$ leaked 96GB of data stolen from its private GitHub repository after a March 23 compromise linked to a supply chain attack. The company said it has not found customer information so far.
-
SEC asks court to dismiss lawsuit against SolarWinds and its CISO
The SEC moved to voluntarily dismiss its enforcement action against SolarWinds and CISO Timothy G. Brown on Nov. 20, 2025. The agency had accused the company of overstating cybersecurity practices and failing to disclose risks related to the 2020 supply‑chain compromise, but many allegations were previously dismissed by a federal court.
-
Palo Alto Networks says Salesforce data exposed in breach tied to Salesloft Drift supply-chain attack
Palo Alto Networks disclosed a data breach linked to a broader Salesloft Drift supply-chain attack that exposed customer data in its Salesforce CRM. The incident involved OAuth token abuse, mass exfiltration of Salesforce records, and credential harvesting, prompting token revocation, Drift disablement, and guidance for customers to review logs and rotate secrets.
-
North Korea-Linked Malicious npm Packages Expose Developers to Security Risks
Cybersecurity researchers have uncovered a new wave of malicious npm packages linked to North Korean threat actors, raising significant concerns for software developers. The covert operation targets job seekers and developers, exposing them to sophisticated supply chain attacks designed to steal sensitive information and compromise systems.
