β οΈ#Axios
#npm package which is very widely used (83M weekly downloads) was compromised, turning installs into
#malware π¨
This supply chain attack has a large-scale impact: many JavaScript apps nowadays uses Axios:
#SoftwareSupplyChainSecurityπ
https://thehackernews.com/2026/03/axios-supply-chain-attack-pushes-cross.html
Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account
Axios 1.14.1 and 0.30.4 injected malicious [email protected] after npm compromise on March 31, 2026, deploying cross-platform RAT malware.
How to catch GitHub Actions workflow injections before attackers do
Strengthen your repositories against actions workflow injections β one of the most common vulnerabilities.
#LiteLLM Compromised! LiteLLM - a popular Python Library used by a lot of AI tooling got compromised on PyPI, and the malicious versions are stealing everything they can find on your machine:
#SoftwareSupplyChainSecurity
π
https://www.xda-developers.com/popular-python-library-backdoor-machine/
A popular Python library just became a backdoor to your entire machine
Supply chain attacks feel like they're becoming more and more common.
#Checkmarx GitHub Actions and Open VSX extensions hacked and replaced with malware by the same TeamPCP who hacked Trivy last week.
#SoftwareSupplyChainSecurity
π
https://thehackernews.com/2026/03/teampcp-hacks-checkmarx-github-actions.html
TeamPCP Hacks Checkmarx GitHub Actions Using Stolen CI Credentials
TeamPCP compromised 2 GitHub Actions post-March 19, 2026 breach, enabling credential theft and supply chain attacks.
#Trivy, a popular open-source vulnerability scanner, was compromised - attackers hijacked 75 version tags in #GitHub Actions to deliver an infostealer.
It ran in CI pipelines, stealing creds and tokens, exfiltrating data:
#SoftwareSupplyChainSecurity
π
https://thehackernews.com/2026/03/trivy-security-scanner-github-actions.html
Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets
Trivy attack force-pushed 75 tags via GitHub Actions, exposing CI/CD secrets, enabling data theft and persistence across developer systems.
#NPM: A malicious npm package '@openclaw-ai/openclawai' is spreading a full RAT
#malware disguised as an
#OpenClaw installer. It steals browser data, macOS Keychain entries, crypto wallets, MacOS and cloud credentials:
#SoftwareSupplyChainSecurityπ
https://thehackernews.com/2026/03/malicious-npm-package-posing-as.html 
Malicious npm Package Posing as OpenClaw Installer Deploys RAT, Steals macOS Credentials
Malicious npm package '@openclaw-ai/openclawai' downloaded 178 times installs GhostLoader RAT, stealing credentials and crypto wallets.
Docker Hardened System Packages
Secure your container stack from the base image down. Docker Hardened System Packages offer multi-distro, secure-by-default components with near-zero CVEs.
#trivy: The GitHub repo of Cloud Security and Supply Chain Security vendor Aqua Security (
@aquasecteam) popular vulnerability scanner tool 'trivy' was compromised yesterday via GitHub Actions:
#SoftwareSupplyChainSecurityπ
https://github.com/aquasecurity/trivy/discussions/10265 
Trivy security incident 2026-03-01 Β· aquasecurity trivy Β· Discussion #10265
Trivy has been attacked today via GitHub Actions, along with other popular projects: https://www.stepsecurity.io/blog/hackerbot-claw-github-actions-exploitation. We believe the vulnerability came f...
Harness Artifact Registry strengthens supply chain governance
Harness makes its artifact registry generally available beyond early preview customers, with a security twist that could challenge established players such as JFrog.
#NPM: If previously attackers hijacked NPM packages to install credential-stealing and data-stealing malware, in this latest hijack of Cline CLI the attackers installed
#OpenClaw:
#SoftwareSupplyChainSecurityπ
https://thehackernews.com/2026/02/cline-cli-230-supply-chain-attack.html 
Cline CLI 2.3.0 Supply Chain Attack Installed OpenClaw on Developer Systems
Cline CLI 2.3.0 was published with a stolen npm token, installing OpenClaw in an 8-hour attack affecting ~4,000 downloads.
Sam Stepanyan 
π
Docker Blog
Beth Pariseau