GigaTap articles tagged supply_chain.
- Postinstall payloads in npm supply chains and Mastra breach - Mastra npm packages were compromised through a postinstall hook that executed during install, exposing CI/CD pipelines and developer environments to remote
- Atomic Arch Shows How Orphaned AUR Packages Become Attack Paths - Atomic Arch targets abandoned AUR packages by modifying build scripts to install malicious npm or Bun dependencies during install, enabling credential thef
- TeamPCP supply chain shifts into reusable worm tradecraft - The TeamPCP campaign evolves from targeted intrusion into reusable supply-chain worming across npm and CI/CD pipelines, challenging provenance and attribut
- TeamPCP Turns Trusted Developer Channels Into Attack Paths - SANS reports TeamPCP activity across VS Code, PyPI, and npm, including a GitHub internal breach path, trojanized Microsoft SDK versions, and a large @antv
- Laravel Lang Backdoor: Check Composer Before Secrets Leak - Socket reports a compromise in third-party Laravel Lang packages, with malicious Composer autoload code able to execute and harvest cloud, CI/CD, and devel
- Packagist attack shows a blind spot in mixed PHP builds - Eight Packagist packages were reportedly modified to run a Linux binary via GitHub Releases, with malicious code placed in package.json rather than compose
- Laravel Lang attack shows how package tags can betray trust - Snyk says hundreds of historical Packagist versions for Laravel localization packages were republished with credential-stealing malware. The key failure wa
- Compromised npm packages put CI/CD secrets at risk - Microsoft says malicious @antv npm packages targeted GitHub Actions and cloud credentials through install-time execution.
- AntV npm packages hit by maintainer account compromise - Snyk reports 300+ malicious package versions across the AntV ecosystem. The useful question is whether your builds installed them and what secrets were exp
- Before You Add a Terminal Logo Tool - shinshin86/oh-my-logo looks like a harmless CLI flourish. Before putting it in shared workflows, check license clarity, install path, update signals, and f
- node-ipc on npm was tampered with — credentials were the target - A reported compromise of the popular `node-ipc` package turned a routine npm dependency into a credential-theft risk. Here is what is known, what is not, a
- SAP npm packages hit by Bun-based stealer - Snyk reports malicious SAP CAP npm releases with a Bun-based credential stealer and worm-capable npm propagation code. Observed spread was limited, but the
- node-ipc compromise puts npm trust back under stress - Socket says malicious `node-ipc` versions show obfuscated stealer/backdoor behavior. Developers should audit recent installs, block affected versions, and
- Node-ipc compromise turns installs into credential theft risk - Three malicious node-ipc versions reportedly targeted cloud secrets, SSH keys, Kubernetes configs, CI variables, and AI API keys. Treat affected installs a
- Vendor Says Daemon Tools Supply Chain Attack Contained - SecurityWeek reports the Daemon Tools vendor says it identified impacted systems, removed potentially compromised files, and validated installation package
- CPS Reached OpenSSF Gold: the practices behind the badge - CPS says it achieved OpenSSF Best Practices Gold by enforcing review gates, deep CI testing, and security-in-pipeline controls—and by pushing org-wide chan
- Elementary-data’s bad release: quick triage for Python teams - Chainguard says its customers were not impacted, but anyone who pulled elementary-data 0.23.3 from PyPI (or a related Docker Hub image) should investigate
- When a Worm Hits npm, Scripts Become the Blast Radius - A reported npm worm targeting SAP-related packages shows why blocking install-time scripts and enforcing dependency controls can stop downstream fallout.
- Malicious NuGet packages impersonate Chinese .NET libraries to deliver an infostealer - Socket reports five NuGet packages that mimic Chinese .NET UI/infrastructure libraries while shipping a .NET Reactor–protected stealer. The campaign uses u
- Malicious Ruby Gems and Go Modules Mimic Dev Tools to Steal Secrets and Tamper With CI - Socket reports a coordinated cluster of Ruby gems and Go modules published from a single GitHub account that looked like routine developer tooling, then la