TrapDoor Attack Spreads Credential-Stealing Malware Across Software Ecosystems

A massive supply chain attack, dubbed TrapDoor, has been spreading credential-stealing malware across three major language ecosystems, infecting over 34 malicious packages and 384 versions. The coordinated campaign began on May 22, 2026, and continues to target developers with cleverly named packages…

https://osintsights.com/trapdoor-attack-spreads-credential-stealing-malware-across-software-ecosystems?utm_source=mastodon&utm_medium=social

#SupplyChain #CredentialstealingMalware #Trapdoor #MalwareOperations #EmergingThreats

GitHub Repos Targeted in 5,500+ Malicious Commits

A shocking new campaign, dubbed Megalodon, has injected malware into over 5,500 GitHub repositories, putting sensitive credentials and tokens at risk of being stolen. This alarming attack highlights the growing threat of supply chain attacks, with experts warning that this could be just the beginning.

https://osintsights.com/github-repos-targeted-in-5500-malicious-commits?utm_source=mastodon&utm_medium=social

#SupplyChain #MaliciousCommits #CredentialstealingMalware #CicdPipeline #Megalodon

Malware Infects Hundreds of Open-Source Packages in Supply-Chain Attack

A massive supply-chain attack, dubbed "mini Shai-Hulud," has infected hundreds of open-source packages with credential-stealing malware, putting millions of developers and users at risk. The malicious code has been embedded in widely-used libraries and projects, including TanStack's React Router, which alone has over 12…

https://osintsights.com/malware-infects-hundreds-of-open-source-packages-in-supply-chain-attack?utm_source=mastodon&utm_medium=social

#SupplyChain #OpenSource #Malware #CredentialstealingMalware #MiniShaihulud

Malware Targets TanStack npm Packages in Supply Chain Attack

Malware attackers have infiltrated the TanStack npm packages, modifying 84 artifacts in a supply chain attack that could compromise major developer ecosystems. The malicious code, aimed at stealing credentials, was published across 42 packages on May 11, with some, like @tanstack/react-router, downloaded over 12 million times…

https://osintsights.com/malware-targets-tanstack-npm-packages-in-supply-chain-attack?utm_source=mastodon&utm_medium=social

#SupplyChainAttack #Tanstack #Npm #MalwareOperations #CredentialstealingMalware

Malware Targets SAP npm Packages in Supply Chain Attack

A new supply-chain attack campaign, dubbed mini Shai-Hulud, is targeting SAP-related npm packages, delivering credential-stealing malware that threatens JavaScript and cloud applications. This sneaky attack puts sensitive data at risk, and experts are warning of a potentially massive impact.

https://osintsights.com/malware-targets-sap-npm-packages-in-supply-chain-attack?utm_source=mastodon&utm_medium=social

#SupplyChainAttack #MalwareOperations #Sap #NpmPackages #CredentialstealingMalware