Supply Chain

Red Hat Cloud Services npm Packages Hijacked to Steal Developer Secrets in Sophisticated Supply Chain Attack

Attackers compromised the official Redhat cloud services npm namespace on June 1, 2026, injecting a sophisticated credential-harvesting worm into 95 …

Malicious Packages on npm, PyPI, and Crates.io Steal Crypto Wallets, SSH Keys, and Cloud Credentials

Security researchers at Socket have uncovered an active supply chain attack that poisoned 34 packages and more than 384 versions across three major …

GitHub's Own Codebase Was Breached — A Poisoned VS Code Extension Was All It Took

The world's largest code-hosting platform just became the victim of its own ecosystem. On May 20, 2026, GitHub confirmed that a threat actor exf…

Microsoft's durabletask Hit by TeamPCP — Your Cloud Keys Were the Target

TeamPCP has quietly poisoned yet another trusted developer package — and this time the target was sitting inside Microsoft's own toolchain. Three…

TanStack Packages Hit by Sophisticated Supply Chain Attack

A self-propagating worm has torn through the TanStack JavaScript ecosystem, publishing 84 malicious versions across 42 widely used npm packages in a …

JDownloader Website Hacked — Malicious Installers Served to Windows and Linux Users

JDownloader, one of the most widely used free download managers with millions of users across Windows, macOS, and Linux, had its official website com…

Lightning PyPI Package Compromised in Supply Chain Attack

If you're building, training, or shipping AI models with PyTorch Lightning, check your installed version immediately — two freshly published rele…

Cyber Kendra

Search Suggest