Supply-Chain
OptinMonster CDN Supply-Chain Attack: Tampered SDK Backdoors WordPress Admins
Attackers stole an Awesome Motive CDN key and laced the OptinMonster, TrustPulse, and PushEngage SDKs with code that creates rogue admins and plants a web shell — on up to 1.2M fully-patched sites.
Klue OAuth Breach Feeds 'Icarus' Salesforce Data-Theft Spree
A dormant legacy credential at market-intelligence vendor Klue let the new Icarus extortion crew steal customer OAuth tokens and bulk-export Salesforce CRM data from Huntress, Recorded Future, Tanium, Jamf, and more.
Pickle in the Middle: Vertex AI SDK Bucket-Squatting Bug Enabled Cross-Tenant RCE
Unit 42's 'Pickle in the Middle' shows how a predictable staging-bucket name in the Vertex AI Python SDK let an attacker hijack model uploads and run code cross-tenant. Patched in google-cloud-aiplatform 1.148.0.
Mastra npm Scope Hijacked: 144 AI-Framework Packages Backdoored with the easy-day-js Stealer
An attacker hijacked a former contributor's npm account to republish ~144 @mastra packages — including @mastra/core (918K weekly downloads) — each pulling in easy-day-js, a dayjs typosquat that drops a cross-platform crypto/infostealer at install time.
eBPF Cuts Both Ways: The Kernel Rootkit Is Now Standard Issue in 2026's Supply-Chain Malware
In two weeks, IronWorm and the atomic-lockfile AUR compromise both shipped an eBPF kernel rootkit as just another payload module. The observability primitive your stack is built on is now the malware's stealth layer — and most detection assumptions are structurally defeated.
Proto6: Six protobuf.js Flaws Turn Trusted Schemas Into RCE and DoS Across gRPC, Cloud, and AI Stacks
Cyera's Proto6 research discloses six CVEs in protobuf.js, including a prototype-pollution-to-RCE chain, in a library pulled 50M+ times a week across gRPC, Google Cloud SDKs, vector databases, and CI/CD.
400+ AUR Packages Compromised: atomic-lockfile npm Payload Drops Credential Stealer With eBPF Rootkit
Over 400 Arch User Repository packages were modified to pull a malicious npm package that deploys a developer-focused credential stealer with optional root-only eBPF rootkit capabilities.
An AI Agent Found 21 Zero-Days in FFmpeg for $1,000 — and Your Container Images Are in Scope
depthfirst's autonomous agent found 21 zero-days in FFmpeg for about $1,000, including a 23-year-old stack overflow. Nine carry CVEs (CVE-2026-39210 through CVE-2026-39218). FFmpeg is bundled everywhere — patch upstream and your embedded copies.
Claude Code's GitHub Action: One Malicious Issue Could Hijack Any Public Repo
A permission bypass chained with prompt injection in Anthropic's Claude Code GitHub Action let a single crafted issue make the agent leak CI secrets and OIDC request tokens — a clean path to poisoning the action's own supply chain. Patched in v1.0.94.
IronWorm: A Rust-Built npm Worm With an eBPF Rootkit and Tor C2
JFrog dissected IronWorm, a self-replicating npm supply-chain worm written in Rust that hides behind an eBPF kernel rootkit, beacons over Tor, and steals 86 env vars and 20+ credential files. 36 packages hit before it was caught.
Red Hat Cloud Services npm Packages Hijacked in 'Miasma' Shai-Hulud Worm
A Mini Shai-Hulud wave dubbed 'Miasma' poisoned ~30 @redhat-cloud-services npm packages on June 1 via a compromised CI/CD pipeline, dropping a Bun-based credential stealer with a destructive dead-man switch.
codexui-android: npm Package Silently Exfiltrated OpenAI Codex Auth Tokens for a Month
A 29K-weekly-download npm package advertised as a remote web UI for OpenAI Codex has been quietly exfiltrating ~/.codex/auth.json — including non-expiring refresh tokens — to a fake Sentry endpoint since v0.1.82.
Malicious NuGet Package Impersonates Sicoob Banking SDK, Exfiltrates mTLS Certificates Through Sentry
A trojanized NuGet package posing as the official Sicoob C# SDK reads PFX certificates off disk and ships them, plus the password, to an attacker-controlled Sentry endpoint — abusing a trusted telemetry service as its exfiltration channel.
JINX-0164: Fake Recruiters, a macOS RAT, and a Pivot Into Code Distribution Pipelines
Wiz details JINX-0164, a financially motivated actor that uses LinkedIn recruiter lures to drop the AUDIOFIX macOS RAT, then moves from developer laptops into code distribution and CI/CD infrastructure.
Gitea CVE-2026-27771: Container Registry Hands Out Private Images Without Authentication, 30,000 Instances Exposed
A four-year-old flaw in Gitea's OCI container registry lets anyone on the internet pull images marked private. 30,000+ deployments are exposed, Forgejo inherits the bug, and the only real fix is upgrading to 1.26.2 or forcing sign-in for all content.
TrapDoor: Cross-Ecosystem Supply Chain Attack Plants Credential Stealers and AI-Assistant Backdoors
A coordinated campaign across npm, PyPI, and Crates.io seeded 34+ malicious packages that steal developer secrets and plant hidden instructions to weaponize AI coding assistants.
Megalodon: 5,561 GitHub Repos Backdoored With Malicious CI/CD Workflows in Six Hours
An automated campaign tied to TeamPCP pushed 5,718 malicious commits to 5,561 GitHub repositories in a six-hour window, planting CI/CD workflows that exfiltrate cloud credentials and OIDC tokens at scale.
Laravel-Lang Supply Chain Attack: 233 Package Versions Backdoored to Steal Cloud and CI/CD Secrets
Attackers repointed git tags across four Laravel-Lang Composer packages to a malicious fork, backdooring 233 versions with a credential stealer that drains cloud, CI/CD, and developer secrets.
actions-cool/issues-helper Compromised: Every Tag Repointed to a Credential-Stealing Imposter Commit
An attacker repointed all 53 tags of the popular actions-cool/issues-helper GitHub Action to a single imposter commit that scrapes live CI/CD secrets out of runner process memory.
Nx Console VS Code Extension Compromised: Orphan-Commit Stealer Hits a 2.2M-Install Developer Tool
A compromised Nx Console 18.95.0 extension pulled a 498 KB stealer from an orphan commit in the official nrwl/nx repo, harvesting GitHub, npm, AWS and Vault secrets — and shipped tooling to forge signed npm provenance.