sayzard11h ago

Active supply chain attack across NPM, PyPI, and Crates. io

npm, PyPI, Crates.io 등 주요 패키지 생태계에서 TrapDoor라는 암호화폐 탈취 악성코드가 포함된 34개 패키지와 384개 버전이 발견되어 활발한 공급망 공격이 진행 중이다. 공격자는 암호화폐 지갑, SSH 키, 클라우드 자격증명, GitHub 토큰 등 민감 정보를 탈취하며, 보안 연구팀 Socket은 평균 5분 27초 내에 악성 패키지를 탐지했다. 이 공격은 AI, DeFi, 보안 개발자들을 주요 타깃으로 삼고 있어 즉각적인 대응과 주의가 필요하다.

https://twitter.com/socketsecurity/status/2058565153138844043

#supplychainattack #npm #pypi #cratesio #security

Socket (@SocketSecurity) on X

🚨 BREAKING: Active supply chain attack across npm, PyPI, and Crates.​io. Socket detected TrapDoor, a crypto stealer campaign hitting 34 malicious packages and 384 versions and artifacts, with attackers repeatedly pushing new releases across ecosystems. TrapDoor targets

X (formerly Twitter)
CyberNetsecIO1d ago

📰 Packagist Supply Chain Attack Uses Clever Evasion to Infect PHP Projects with Linux Malware

🚨 PHP supply chain attack hits Packagist! 8+ packages compromised to drop Linux malware. Attackers hid malicious code in `package.json` to evade PHP security scanners. #SupplyChainAttack #PHP #Packagist #CyberSecurity

🌐 cyber[.]netsecops[.]io

🔗 https://cyber.netsecops.io/articles/coordinated-packagist-attack-infects-php-projects-with-linux-malware/?utm_source=mastodon&utm_…

Analyst2071d ago

GitHub-Hosted Malware Targets PHP Packages in Coordinated Supply Chain Attack

Malicious code was injected into eight PHP packages on Packagist, triggering a Linux binary download from GitHub Releases via JavaScript lifecycle hooks in package.json postinstall scripts. The attack was swiftly contained, with the malicious versions removed from Packagist.

https://osintsights.com/github-hosted-malware-targets-php-packages-in-coordinated-supply-chain-attack?utm_source=mastodon&utm_medium=social

#SupplyChainAttack #Github #Php #Packagist #Javascript

GitHub-Hosted Malware Targets PHP Packages in Coordinated Supply Chain Attack

Learn how GitHub-hosted malware targets PHP packages in a coordinated supply chain attack and take steps to secure your projects now with expert insights.

OSINTSights
sayzard1d ago

Ongoing Supply Chain Attack on Composer Packages

Composer의 laravel-lang/* 패키지에서 공급망 공격이 발생해 최소 50개 버전이 악성코드에 감염되었습니다. 이 악성코드는 자동 로드 시 실행되므로 감염된 버전을 설치한 경우 즉시 비밀키를 교체하고 안전한 커밋으로 고정해야 합니다. 현재 업데이트를 중단하는 것이 권장되며, 이전 커밋을 사용 중이라면 안전한 상태입니다. 이 공격은 PHP 개발자와 AI 서비스 인프라에서 사용하는 패키지 보안에 즉각적인 주의를 요구합니다.

https://twitter.com/AikidoSecurity/status/2057958510445658144

#security #supplychainattack #composer #php #malware

Aikido Security (@AikidoSecurity) on X

🚨 Ongoing supply chain attack on Composer packages! We just found multiple laravel-lang/* packages compromised on Packagist (lang, http-statuses, attributes). Payload runs at autoload time. At least 50 package versions were compromised. If you installed a compromised version,

X (formerly Twitter)
sayzard1d ago

Laravel-Lang Supply Chain Attack

Laravel-Lang 오픈소스 저장소에서 태그가 악성 커밋으로 모두 변경되는 공급망 공격이 발생했다. 이 공격은 composer를 통해 laravel-lang/http-statuses 등 패키지를 설치하거나 업데이트할 때 CI/CD 비밀정보가 공격자 서버로 유출되는 페이로드를 포함한다. 약 15분간 진행된 이 캠페인은 laravel-lang 관련 여러 저장소에 영향을 미쳤으며, StepSecurity에서 상세 분석과 대응 방법을 제공 중이다.

https://github.com/Laravel-Lang/http-statuses/issues/277

#supplychainattack #security #composer #laravel #opensource

Security: All repository tags have been rewritten to point to malicious commits · Issue #277 · Laravel-Lang/http-statuses

Summary All tags in this repository have been rewritten to point to malicious commits. Anyone running composer require laravel-lang/http-statuses or composer update against any version constraint w...

GitHub
github.com/ghostwriter2d ago

✅ Create PRs to mitigate #npm #SupplyChainAttack via #npmrc file

https://github.com/phpactor/vscode-phpactor/pull/220

https://github.com/xdebug/vscode-php-debug/pull/1125

✅ Disable extension "auto update" and "auto update check" in #VSCode

github.com/ghostwriter2d ago

🚨 A compromise affecting the community-maintained Laravel Lang project introduced remote code execution backdoors across multiple packages, including:

- Laravel-Lang/lang
- Laravel-Lang/http-statuses
- Laravel-Lang/actions
- Laravel-Lang/attributes

All tags were rewritten pointing to malicious commits

https://www.aikido.dev/blog/supply-chain-attack-targets-laravel-lang-packages-with-credential-stealer

https://github.com/Laravel-Lang/lang/issues/8295

https://github.com/Laravel-Lang/common/issues/257

https://www.stepsecurity.io/blog/laravel-lang-supply-chain-attack

https://socket.dev/blog/laravel-lang-compromise

#PHP #Laravel #SupplyChainAttack #RemoteCodeExecution #RCE #Packagist

Veri Sızıntısı Research3d ago

Grafana confirms its source code and other data were stolen in a sophisticated supply chain attack executed via the TanStack library.

#Grafana #SupplyChainAttack #Cybersecurity #DataBreach

https://verisizintisi.com/en/blog/2026-05-22-grafana-confirms-code-theft-via-tanstack-supply-chain-attack

github.com/ghostwriter3d ago

asking for at least $50,000 for the stolen data.

#GitHub #TeamPCP #NPM #SupplyChainAttack

Analyst2075d ago

Shai-Hulud Malware Targets 600 Npm Packages in Supply-Chain Attack

In a shocking supply-chain attack, malicious Shai-Hulud malware targeted a staggering 600 npm packages, with researchers uncovering nearly 640 tainted versions across 323 unique libraries in just one hour. The assault hit popular ecosystems like @antv and spread to widely-used packages, leaving a trail of poisoned code in its wake.

https://osintsights.com/shai-hulud-malware-targets-600-npm-packages-in-supply-chain-attack?utm_source=mastodon&utm_medium=social

#SupplyChainAttack #Shaihulud #Npm #MalwareOperations #EmergingThreats

Shai-Hulud Malware Targets 600 Npm Packages in Supply-Chain Attack

Learn how Shai-Hulud malware targets 600 npm packages in a supply-chain attack and protect your ecosystem now with expert insights and security measures.

OSINTSights