T1195.002Compromise Software Supply Chain
T1195.002 — Compromise Software Supply Chain is a MITRE ATT&CK technique in the Initial Access tactic. Clankerusecase tracks 261 detection use cases covering it and 318 threat-intel articles citing it.
Initial Access
261Use cases
318Articles
0Sub-techniques
1Tactic
↑ Parent technique: T1195 · Supply Chain Compromise
Use cases covering this technique (261)
Trusted vendor binary / installer launching unusual children [WEEKLY] Brand-Impersonation Domain Fetch Followed by User-Context Loader Within 10 Minutes [WEEKLY] Developer interpreter / package-manager process exfiltrating tokens to public code-hosting / worker domains [WEEKLY] Developer package install spawning script-host with non-registry C2 within 5 minutes [WEEKLY] Install-Triggered Registry Publish or Git Push (Supply-Chain Worm Self-Propagation) [WEEKLY] npm-install spawned process performing cred-file fan-out plus IMDS reach [WEEKLY] npm Install-Time Lifecycle Hook Triggers Outbound Egress to Newly-Seen Domain (Shai-Hulud/Miasma/IronWorm pattern) [WEEKLY] npm/yarn/pnpm Install-Hook Spawn → Credential-Store Read or Worm-Payload Drop in node_modules [WEEKLY] Package install lifecycle hook spawns interpreter that reads developer credential stores [WEEKLY] Package-install lifecycle script harvests local credentials and beacons to a non-baselined domain [WEEKLY] Package-manager child process credential fan-out with public egress (Mini Shai-Hulud / TeamPCP worm chain) [WEEKLY] Package Manager / Dev-Tool Auto-Execution Triggers Non-Registry Egress or Credential-Store Access [WEEKLY] Package-manager install hook spawns interpreter that beacons to non-registry host within 120s [WEEKLY] Package Manager Install Hook Spawns Scripting Interpreter Then Touches Credential Files or Egresses Off-Registry [WEEKLY] Package-Manager Install -> Interpreter Child -> Non-Registry Egress Within 5 Minutes [WEEKLY] Package Manager Install Spawning Outbound Egress to Non-Registry Infrastructure Within 5 Minutes [WEEKLY] Package-manager install-time interpreter spawn with credential-file read and outbound egress within 120s [WEEKLY] Package manager lifecycle hook spawns network-fetching shell or runtime [WEEKLY] Package manager lifecycle hook spawns runtime with outbound egress to non-registry host within 5 minutes [WEEKLY] Package manager spawns network-fetching child to public code-hosting within minutes of install [WEEKLY] Script Interpreter or Package-Install Hook Egress to Free-Tier Edge SaaS Within 5 Minutes of Process Start [WEEKLY] Supply-chain repo credential theft → outbound exfil to attacker infra [WEEKLY] Vendor / Third-Party OAuth App or SP Sign-in From Unbaselined Egress Followed by Bulk SaaS Object Read Hunting 3CXDesktopApp Software Shai-Hulud 2 Exfiltration Artifact Files Windows Vulnerable 3CX Software 3CX Supply Chain Attack Network Indicators GitHub Actions Disable Security Workflow [LLM] Atomic Arch: makepkg child spawning npm install atomic-lockfile or bun install js-digest [LLM] Atomic Arch — pacman/makepkg post-install spawning npm install of atomic-lockfile [LLM] Shai-Hulud npm worm — shai-hulud-workflow.yml dropped into .github/workflows/ [LLM] TruffleHog binary spawned by npm/node — Shai-Hulud secret harvest [LLM] Shai-Hulud bundle.js — known-bad SHA256 written to disk [LLM] Miasma/Hades known-bad SHA256 execution on developer endpoint [LLM] Phantom Gyp: small binding.gyp written into node_modules during npm install [LLM] Editor/AI tool auto-execute config file dropped into project tree by package manager or git [LLM] npm/node install-time spawn downloads Bun runtime (Shai-Hulud worm pattern) [LLM] Implicit node-gyp rebuild from binding.gyp spawns suspicious build child [LLM] FireAnt Metakit.exe spawns unsigned setup.exe from update path (SPECTRALVIPER supply-chain delivery) [LLM] FireAnt Metakit updater spawning unexpected child (supply-chain compromise) [LLM] npm install pointing at non-default registry via --registry or config [LLM] npm publish / login / auth-token write from a developer endpoint [LLM] Cargo dependency manifest or download pinned to compromised onering 1.4.1 [LLM] Python interpreter downloads oven-sh Bun runtime v1.3.14 from GitHub releases at import time [LLM] pip / uv install of known-compromised Hades Campaign PyPI package versions [LLM] Malicious AI coding-agent hook configs written to repo (.claude/.gemini/.cursor/.vscode) [LLM] Miasma/Shai-Hulud typosquat PyPI package installation (rsquests, tlask, langchain-core-mcp, durabletask) [LLM] Bun or Node runtime spawned by Python package manager (Miasma stealer bootstrap) [LLM] Miasma Phantom Gyp: python.exe (gyp parser) spawning node index.js during npm install [LLM] Miasma-tainted package install: binding.gyp dropped into known-compromised npm package paths [LLM] Miasma payload SHA256 hash hit (published Phantom Gyp IOCs) [LLM] Hades/Miasma PyPI poisoned package installation (26 named packages) [LLM] Bun runtime spawned by npm/node preinstall hook (TeamPCP setup.mjs loader) [LLM] Mini Shai-Hulud payload SHA256 on disk (7c24b4d9...e627144e8b) [LLM] Vulnerable mcp-remote (CVE-2025-6514) version present on hosts [LLM] Argamal Loader Artifacts — natives2_blob.bin / Modified ffmpeg.dll IOC Sweep [LLM] Bun runtime spawned via node→shell→bun chain from npm install (Miasma dropper) [LLM] Worm-injected .github/setup.js commit with 'chore: update dependencies [skip ci]' message [LLM] Package manager runtime connecting to durabletask/axios supply-chain C2 IOCs [LLM] Downloader or shell child of npm/pip install (postinstall RAT loader) [LLM] npm/node lifecycle script fetching Bun runtime from github.com/oven-sh/bun [LLM] Malicious @bitwarden/cli payload artifacts on disk (bw_setup.js, bw1.js, Shai-Hulud markers) [LLM] npm preinstall hook executing oversized node index.js from @redhat-cloud-services package [LLM] GitHub bulk git tag force-push by single actor across multiple org repos [LLM] Nx Console v18.95.0 Malicious Payload Bootstrap via Orphan Commit (npx github:nrwl/nx#558b09d7) [LLM] Nx Console v18.95.0 Compromised VSIX / main.js / payload SHA-256 Hash Match [LLM] jqwik-engine 1.10.0 malicious JAR on disk (SHA256 / filename match) [LLM] Maven/Gradle build log file containing jqwik prompt-injection directive [LLM] TeamPCP Checkmarx KICS supply-chain stealer C2 callback (audit.checkmarx.cx / 94.154.172.43) [LLM] npm install of dependency-confusion scoped packages (moika.tech actor) [LLM] Malicious postinstall.js dropped under node_modules for actor scopes [LLM] vpmdhaj typosquat npm package install via preinstall hook (node child of npm) [LLM] Mini Shai-Hulud npm worm exfil to filev2.getsession.org [LLM] Shai-Hulud worm GitHub Action workflow file dropped under .github/workflows [LLM] postmark-mcp BCC exfil to giftshop.club [LLM] npm/yarn/pnpm postinstall hook spawning credential-harvest tooling [LLM] Trojanized axios npm package postinstall: node.exe spawned from plain-crypto-js dependency [LLM] Shai-Hulud npm postinstall reads cloud credential files (~/.aws, ~/.ssh, ~/.kube, gcloud ADC) [LLM] npm/pnpm install of trojanized codexui-android package on developer endpoint [LLM] npm/bun process writing GitHub Actions workflow files (worm secret-exfil injection) [LLM] Laravel-Lang supply chain C2/exfil to flipboxstudio.info [LLM] Laravel-Lang stealer file drop in .laravel_locale temp directory [LLM] DebugChromium.exe execution (Laravel-Lang stealer Windows artifact) [LLM] cscript/wscript executing a script from .laravel_locale temp directory [LLM] Compromised laravel-lang Composer package: helpers.php in vendor tree [LLM] cscript.exe launching .vbs from .laravel_locale temp directory [LLM] Composer install of malicious helpers.php in laravel-lang vendor package [LLM] Megalodon backdoor workflow file (SysDiag.yml / Optimize-Build.yml) written to .github/workflows/ [LLM] Compromised Nx Console VS Code extension (nrwl.angular-console v18.94.0/18.95.0/18.100.0) install on endpoint [LLM] Compromised @cap-js stealer artefact hash present on disk or in execution [LLM] Nx Console v18.95.0 compromised extension installed (May 2026 supply-chain attack) [LLM] TeamPCP Nx Console payload SHA256 hash match on developer endpoints [LLM] VS Code child process fetching payload from nrwl/nx orphan commit (Nx Console v18.95.0 dropper) [LLM] Compromised Microsoft durabletask PyPI Package Install (TeamPCP 1.4.1-1.4.3) [LLM] Installation of malicious guardrails-ai==0.10.1 PyPI package (CVE-2026-45758) [LLM] Python process executing transformers.pyz dropped from git-tanstack.com (TeamPCP) [LLM] npm install of compromised @opensearch-project/opensearch versions 3.5.3/3.6.2/3.7.0/3.8.0 [LLM] On-disk presence of malicious @opensearch-project/opensearch payload SHA256 [LLM] Postinstall script execution from compromised @opensearch-project/opensearch package [LLM] Mini Shai-Hulud npm worm payload by SHA256 [LLM] bun runtime executed on CI runner spawning python3 with sudo escalation [LLM] GitHub workflow references actions-cool/issues-helper or maintain-one-comment by tag [LLM] Compromised node-ipc.cjs bundle write (~117KB) under node_modules [LLM] Mini Shai-Hulud npm preinstall hook spawning bun runtime [LLM] Mini Shai-Hulud Claude Code SessionStart hook injection via npm install [LLM] mistralai 2.4.6 dropper: curl downloading transformers.pyz from 83.142.209.194 [LLM] mistralai 2.4.6 dropper: Python interpreter executing /tmp/transformers.pyz as detached session [LLM] Drop of /tmp/transformers.pyz on Linux endpoint [LLM] Outbound egress to node-ipc stealer infrastructure (azurestaticprovider[.]net / 37.16.75.69) [LLM] node-ipc stealer __ntw=1 environment marker in process command line [LLM] Malicious node-ipc package landed on disk under node_modules [LLM] TeamPCP Mini Shai-Hulud stealer payload hash match (SHA256/SHA1) [LLM] Mini Shai-Hulud router_init.js dropped at npm package root in node_modules [LLM] Mini Shai-Hulud npm worm payload dropped under node_modules (router_init.js / tanstack_runner.js / known SHA256) [LLM] Bun spawned with tanstack_runner.js via npm prepare lifecycle (Mini Shai-Hulud) [LLM] Mini Shai-Hulud persistence to ~/.claude/hooks and .vscode/tasks.json by node/npm/bun [LLM] Mini Shai-Hulud Wave 4 (TanStack/TeamPCP) worm payload file created in node_modules [LLM] ScarCruft sqgame supply-chain delivery domain contact (BirdCall/RokRAT) [LLM] BirdCall trojanized APK/mono.dll SHA1 match on Windows endpoints [LLM] Shai-Hulud npm preinstall: node spawns Bun runtime from bun-dl-* tmpdir [LLM] Shai-Hulud AI coding-agent persistence: .claude/settings.json + .vscode/tasks.json drops [LLM] Shai-Hulud known-bad setup.mjs / execution.js SHA256 hash match [LLM] Malicious elementary.pth dropped in Python site-packages [LLM] Install of trojaned elementary-data 0.23.3 via pip / poetry / uv [LLM] Docker / Kubernetes pull of compromised ghcr.io/elementary-data/elementary image [LLM] Bun runtime fetched from github.com/oven-sh/bun during npm install (Bitwarden CLI hijack) [LLM] Known-malicious bw_setup.js / bw1.js SHA256 dropped under @bitwarden/cli [LLM] Mini Shai-Hulud: Python subprocess spawns `_runtime/start.py` from lightning site-packages [LLM] Mini Shai-Hulud PyPI payload known SHA256 (start.py / router_runtime.js) [LLM] lightning PyPI compromise artifacts: start.py / router_runtime.js write [LLM] Python child process executing lightning _runtime/start.py bootstrapper [LLM] npm preinstall hook executes 'node setup.mjs' / 'bun execution.js' (Mini Shai-Hulud SAP supply chain) [LLM] Mini Shai-Hulud known SHA256 IOC match (setup.mjs / execution.js / runner-memory dumper) [LLM] Malicious tanstack npm postinstall hook executing postinstall.cjs [LLM] Known-bad tanstack 2.0.4-2.0.7 package tarball SHA256 file hash on disk [LLM] Mini Shai-Hulud npm preinstall chain: node setup.mjs → bun execution.js [LLM] Mini Shai-Hulud payload file drop: setup.mjs/execution.js by hash & size in node_modules [LLM] Compromised elementary-data==0.23.3 PyPI install on developer / CI host [LLM] Cyberhaven compromised Chrome extension C2 callback (cyberhavenext.pro) [LLM] Context.ai compromised Chrome extension installed on host (ID omddlmnhcofjbnbflmjginpjjblphbgk) [LLM] First-time OAuth consent granting Drive/Mail read scope to non-sanctioned third-party app [LLM] npm/PyPI dropper self-cleanup: find rm -rf of kube-health-tools in node_modules [LLM] Shai-Hulud 2.0 npm worm artifact: setup_bun.js / bun_environment.js dropped by node/npm [LLM] Read of /proc/<pid>/mem targeting GitHub Runner.Worker (TeamPCP credential dump) [LLM] TeamPCP sysmon.py systemd-user persistence on developer host [LLM] npm postinstall node setup.js dropper executing from plain-crypto-js with immediate network egress [LLM] Malicious axios or plain-crypto-js package files written to node_modules [LLM] hackerbot-claw second-stage download: curl -sSfL pipe-bash from hackmoltrepeat.com/molt [LLM] hackerbot-claw token exfiltration: curl POST with GITHUB_TOKEN to recv.hackmoltrepeat.com [LLM] npm postinstall chain installs malicious 'openclaw' global package (cline@2.3.0 supply-chain IOC) [LLM] GlassWorm Zig dropper native node addon (win.node/mac.node) written to IDE extension bin/ folder [LLM] Force-install of IDE extension via cmd.exe with --install-extension flag spawned by node host [LLM] Outbound fetch of attacker-controlled autoimport VSIX from ColossusQuailPray GitHub release [LLM] IoliteLabs VSCode extension dropper: VS Code child process reaching rraghh.com / oortt.com C2 [LLM] TeamPCP telnyx FetchAudio() — python subprocess running inline base64 exec [LLM] msbuild.exe dropped to Startup folder (TeamPCP telnyx Windows persistence) [LLM] pip install of malicious telnyx versions 4.87.1 / 4.87.2 [LLM] Compromised litellm 1.82.7 / 1.82.8 PyPI install (TeamPCP supply-chain) [LLM] Outbound C2 to sfrclak.com / 142.11.206.73:8000 (Axios npm RAT beacon) [LLM] npm/node postinstall hook spawning interpreter and reaching new C2 host (Axios-style dropper) [LLM] axios npm RAT C2 beacon to sfrclak.com / 142.11.206.73:8000 [LLM] axios RAT artifact dropped: com.apple.act.mond / wt.exe / ld.py with known SHA256 [LLM] Malicious litellm_init.pth dropped to site-packages by pip (litellm==1.82.8 install artifact) [LLM] Telnyx PyPI compromise: malicious telnyx 4.87.1 / 4.87.2 hash on disk [LLM] TeamPCP supply-chain C2 — outbound to checkmarx[.]zone / 83.142.209.11 [LLM] TeamPCP systemd backdoor — sysmon.py / sysmon.service persistence on CI runner [LLM] Compromised trivy binary (v0.69.4-v0.69.6) execution by SHA1 hash [LLM] bittensor-wallet 4.0.2 backdoor C2 domain contact (opentensor-* lookalikes) [LLM] Compromised bittensor-wallet 4.0.2 source-tarball SHA256 on disk [LLM] Compromised react-native-international-phone-number / react-native-country-select files written to node_modules [LLM] Attacker-controlled scoped npm relay packages on disk (@usebioerhold8733 / @agnoliaarisian7180) [LLM] C2 beaconing to Vercel-hosted Cloudflare-impersonating domains (cloudflareguard / cloudflareinsights) [LLM] npm postinstall SSH-backdoor chain: node spawning sudo ufw allow 22/tcp + chown ~/.ssh [LLM] Malicious typosquat npm packages installed on disk (ts-bign / big-nunber / levex-refa / lint-builder) [LLM] ForceMemo: Node.js v22.9.0 spawned by Python from user home directory [LLM] ForceMemo: Python process queries Solana mainnet RPC endpoint (blockchain dead-drop C2) [LLM] ForceMemo: init.json persistence file or i.js loader dropped by Python in user home root [LLM] GitHub Actions workflow file referencing compromised xygeni/xygeni-action@v5 or backdoored commit 4bf1d4e [LLM] Malicious litellm 1.82.7/1.82.8 wheel install drops litellm_init.pth in site-packages [LLM] VSCode/VSCodium spawning shell or curl to raw.githubusercontent.com/BlokTrooper [LLM] Glassworm stage-2/stage-3 C2 callback to 45.32.150.251 or 217.69.3.152 [LLM] GlassWorm Mar 2026 wave — compromised npm/VS Code package artifacts on disk [LLM] Cacheract memdump.py download/execution on CI runner or developer host [LLM] Installation of unauthorized cline@2.3.0 npm package on developer endpoints [LLM] Secondary payload install: 'npm install -g openclaw' postinstall hook execution [LLM] Egress to sidoraress json-bigint-extend gambling backdoor C2 infrastructure [LLM] Installation of sidoraress malicious npm packages (json-bigint-extend/jsonfb/jsonfx) [LLM] s1ngularity Nx postinstall — `gh auth token` spawned by node/npm on CI runner [LLM] AI CLI weaponized for recon — claude/gemini/q invoked under npm install lineage [LLM] s1ngularity collection artifact — `/tmp/inventory.txt` written by node/npm on runner [LLM] Install of Qix-compromised npm package@version (chalk 5.6.1, debug 4.4.2, ansi-styles 6.2.2 et al.) [LLM] Inventory: @kilocode/cli v1.0.0-v1.0.3 affected-release install on dev workstations [LLM] npm postinstall: @kilocode/cli platform-binary directory (cli-{platform}-{arch}) write [LLM] npm/yarn/pnpm postinstall: Node child egressing to non-registry public host [LLM] Scavenger npm supply chain: rundll32 executing node-gyp.dll from node_modules (CVE-2025-54313) [LLM] Scavenger loader/install.js dropped into node_modules (known SHA256 or filename match) [LLM] tj-actions/changed-files compromise: self-hosted runner egress to nikitastupin memdump gist (CVE-2025-30066) [LLM] tj-actions/changed-files compromise: memdump.py secret-exfiltration shell pattern on runner (CVE-2025-30066) [LLM] tj-actions/changed-files compromise: malicious commit SHA 0e58ed86... referenced on host (CVE-2025-30066) [LLM] Installation of credential-leaking ClawHub skills (moltyverse-email, buy-anything, prompt-log, youtube-data) [LLM] SKILL.md written to ~/.claude/skills/ or ~/.openclaw/skills/ (agent-skill install) [LLM] curl | bash or wget | sh executed by Claude/Cursor/OpenClaw agent process [LLM] AI agent process reads cloud-credential, SSH or dotenv files (skill credential theft) [LLM] Outbound connection to clawhub.ai or skills.sh from CLI agent (skill marketplace fetch) [LLM] Prompt-injection markers (base64, Unicode tags, 'ignore previous instructions') in SKILL.md content [LLM] npx invocation of known phantom package names disclosed by Aikido [LLM] File creation under npx cache for Aikido-claimed phantom package names [LLM] G_Wagon npm postinstall spawns python with stdin pipe (fileless payload exec) [LLM] G_Wagon dropper: node.exe spawns system tar.exe extracting from stdin (-x -f - -C) [LLM] Aikido campaign: jsDelivr CDN fetch of weaponised flockiali/opresc/prndn/oprnm/operni npm package [LLM] PyPI install of malicious typosquat spellcheckpy or spellcheckerpy [LLM] tj-actions/changed-files compromised commit SHA referenced in workflow YAML or git history [LLM] Nx s1ngularity-repository creation via GitHub API from developer or CI endpoint [LLM] Compromised Nx npm package version install on developer or CI host [LLM] Compromised npm package @vietmoney/react-big-calendar@0.26.2 installation (Shai-Hulud 3.0) [LLM] npm/yarn/pnpm/bun lifecycle hook spawning shell or network LOLBin [LLM] Sha1-Hulud npm Worm — Egress to bun.sh / oss.trufflehog.org / keychecker.trufflesecurity.com from npm/node context [LLM] Sha1-Hulud npm Worm — Drop of setup_bun.js / bun_environment.js / discussion.yaml by node or shell [LLM] NPM preinstall hook fetching Bun installer from bun.sh (Sha1-Hulud dropper) [LLM] rundll32.exe spawned by Node/npm loading node-gyp.dll or crashreporter.dll (CVE-2025-54313) [LLM] node-gyp.dll or crashreporter.dll created under node_modules by package-manager process [LLM] SHA1-Hulud worm payload execution via npm preinstall (setup_bun.js / bun_environment.js) [LLM] Malicious '.github/workflows/discussion.yaml' workflow file created by npm/node [LLM] TruffleHog spawned by node/npm as postinstall — Shai-Hulud credential sweep [LLM] Shai-Hulud bundle.js dropped on disk (SHA256 + filename hunt) [LLM] IndonesianFoods npm spam package install on developer/CI endpoint [LLM] IndonesianFoods auto-publish artifact (auto.js / publishScript.js) dropped in node_modules [LLM] Installation or presence of malicious postmark-mcp npm package (v1.0.16+) [LLM] Shai-Hulud bundle.js postinstall payload by known SHA256 hash [LLM] Shai-Hulud persistence artifact: shai-hulud-workflow.yml file dropped on disk [LLM] Install / lockfile mention of the 28 compromised Qix-campaign package@versions [LLM] CI/CD Linux build host outbound to gist.githubusercontent.com (tj-actions IOC pattern) [LLM] Node/npm postinstall spawning AI coding agent CLI (s1ngularity execution chain) [LLM] Tag deletion/repointing on critical GitHub Action repositories (configure-aws-credentials v4.3.0 pattern) [LLM] Internal workflows pulling aws-actions/configure-aws-credentials@v4.3.0 during the buggy-release window [LLM] CI/CD runner outbound to gist.githubusercontent.com (tj-actions CVE-2025-30066 staging fetch) [LLM] Compromised tj-actions/changed-files commit SHA referenced on host (CVE-2025-30066 IOC hunt) [LLM] Linux process opens /proc/<pid>/mem or /proc/<pid>/maps on a build/CI host (CVE-2025-8217 / CVE-2025-30066 memory dump TTP) [LLM] PyPI install footprint of num2words v0.5.15/0.5.16 (Scavenger supply-chain compromise) [LLM] rundll32.exe loading node-gyp.dll dropped by Scavenger-infected npm postinstall (CVE-2025-54313) [LLM] npm registry typosquat npnjs.com — DNS / URL click (eslint-config-prettier maintainer phishing kit) [LLM] Scavenger Loader DLL (node-gyp.dll) written inside node_modules of CVE-2025-54313 packages [LLM] Cursor IDE or VS Code spawning PowerShell/WScript from extensions folder (Solidity Language malware chain) [LLM] Solidity Language malicious Cursor/VS Code extension folder created on disk (solidityai.solidity-* and related) [LLM] Solidity Language Cursor extension known malicious SHA-256 hash present on disk or executed [LLM] Self-hosted GitHub Action runner downloads memdump.py from compromised gist (CVE-2025-30066) [LLM] Malicious tj-actions base64 payload prefix observed in process command line [LLM] Git checkout of compromised tj-actions/changed-files commit on runner host [LLM] Go typosquat module reference: github.com/boltdb-go/bolt in process or build telemetry [LLM] Installation of poisoned Ultralytics PyPI package (v8.3.41 / 8.3.42 / 8.3.45 / 8.3.46) [LLM] GitHub Actions branch-name template injection — bash brace-expansion shell signature [LLM] Browser/proxy fetch of compromised @lottiefiles/lottie-player from unpkg or jsDelivr CDN [LLM] npm/yarn/pnpm install of compromised @lottiefiles/lottie-player versions 2.0.5-2.0.7 [LLM] npm/yarn/pnpm install of himanshutester002 suspicious aliased packages (string-width-cjs et al) [LLM] node_modules/ drop of himanshutester002 supply-chain credibility-laundering packages [LLM] Polyfill.io supply-chain compromise: egress to Funnull-controlled CDN cluster [LLM] Vulnerable xz / liblzma 5.6.0 or 5.6.1 in software inventory (CVE-2024-3094) [LLM] sshd loads compromised liblzma.so.5.6.0 / 5.6.1 (CVE-2024-3094 runtime trigger) [LLM] .NET build (dotnet/MSBuild) spawns git config to harvest user.email [LLM] Vulnerable Moq 4.20.0 or Devlooped.SponsorLink NuGet package landed on endpoint [LLM] macOS Text Replacements exfiltration via `defaults read NSUserDictionaryReplacementItems`Articles citing this technique (318)
crit 400+ AUR Packages Hijacked: What the “Atomic Arch” Campaign Means for Supply-Chain Security art-14
high Malicious npm Campaign Steals SSH Keys, API Tokens, Cloud Credentials, and Wallet Secrets art-26
crit ShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-35273) to Breach Universities art-37
high Miasma and Hades Are Spreading Now: Detect Them on Developer Machines with Suspicious Files art-45
high Blinding the Watchmen: Abusing Cloud Logging Services for Defense Evasion and Visibility art-74
crit Researchers Build Self-Replicating AI Worm That Operates Entirely on Local, Open-Weight Models art-87
crit [GHSA / CRITICAL] GHSA-jpvj-wpmj-h7rv: Supply chain compromise via malicious @cap-js/openapi art-123
high Node-gyp Supply Chain Compromise: A Self-Propagating npm Worm That Hides in binding.gyp art-130
high Miasma supply chain attack: malicious code found in @redhat-cloud-services npm packages art-159
med How Relay Network Adopted AI Coding Securely and Built the Foundation for Agentic Development art-181
high GitHub breached via a malicious VS Code extension: why developer devices are the real target art-238
crit The AntV Supply Chain Campaign Expands: Microsoft's `durabletask` PyPI Package Compromised art-248
high Microsoft's durabletask package on PyPi Compromised. Mini Shai Hulud attacks again... again! art-254
crit [GHSA / CRITICAL] GHSA-wx9m-wx4f-4cmg: Malicious dropper in mistralai 2.4.6 PyPI package art-272
crit Malicious node-ipc versions published to npm in suspected maintainer account compromise art-284
crit Mini Shai-Hulud Is Back: npm Worm Hits over 160 Packages, including Mistral and Tanstack art-315
crit Security metamorphosis: a Mythos-ready architecture checklist for autonomous AI attacks art-331
high "A Mini Shai-Hulud Has Appeared": Bun-Based Stealer Hits SAP @cap-js and mbt npm Packages art-348
high Malicious Release of elementary-data PyPI Package Steals Cloud Credentials from Data Engineers art-352
med Dev Machine Guard Is Now Open Source: See What's Really Running on Your Developer Machine art-402
high CanisterWorm: How a Self-Propagating npm Worm Is Spreading Backdoors Across the Ecosystem art-429
crit Malicious Polymarket Bot Hides in Hijacked dev-protocol GitHub Org and Steals Wallet Keys art-433
crit ForceMemo: Hundreds of GitHub Python Repos Compromised via Account Takeover and Force-Push art-434
crit Glassworm Is Back: A New Wave of Invisible Unicode Attacks Hits Hundreds of Repositories art-468
med Snyk and uv, Better Together art-508
med Weaving Security into the Flow: New Snyk Studio Capabilities Power the AI Security Fabric art-528
high 20+ Popular NPM Packages Compromised (Chalk, Debug, Strip-ANSI, Color-Convert, Wrap-ANSI...) art-537
high How Harden Runner Detected the Sha1-Hulud Supply Chain Attack in CNCF's Backstage Repository art-652
med How Snyk Helps Federal Agencies Prepare for the Genesis Mission Era of AI-Driven Science art-665
med What an 'Aha' Moment with an Org Admin Token Taught One DevSecCon Speaker About AI Security art-796
med Understanding CRA Compliance: Overcoming Challenges with an Integrated Security Testing Approach art-859
med Snyk-Generated SBOMs Now Include License Details for the Open Source Libraries in Your Projects art-1059
med A developer’s best friend: Lessons learned from our canine companions about AI code security art-1170
crit The XZ backdoor CVE-2024-3094 art-1266
med Snyk's AppSec dream team art-1270
med AppSec Maturity Models art-1273