A summary of how source maps bundled in the Claude Code npm package made over 510k lines of TypeScript visible, and how a branch-name command injection in OpenAI Codex could have allowed theft of GitHub tokens.
Cloudflare added a two-stage GNN+LLM cascade to its client-side malicious script detection, reducing false positives per unique script from 1.39% to 0.007% and opening the formerly paid Advanced features to self-serve customers.
A fake dependency plain-crypto-js was injected into axios 1.14.1 and 0.30.4 to install a RAT dropper via a postinstall hook. Complete attack chain from maintainer account compromise to C2 communication and self-deletion.
On March 27, 2026, telnyx Python SDK v4.87.1/4.87.2 was contaminated with PyPI. TeamPCP collects authentication information for OpenAI, Anthropic, AWS, and GCP by hiding payloads in WAV files. 742K downloads per month.
After supply-chain attacks against tj-actions and Trivy, GitHub published a plan to reduce the attack surface of CI/CD pipelines through dependency locking, scoped secrets, and Layer 7 egress firewalls.
LiteLLM 1.82.7 and 1.82.8 were poisoned on PyPI for about 46 minutes. TeamPCP stole a PyPI token through Trivy's CI/CD and injected malware that collects more than 50 credential types, including SSH keys, AWS, Kubernetes, and Docker secrets.
GlassWorm has expanded to 72 Open VSX extensions, 151 GitHub repositories, and 88 npm packages, while a new supply-chain technique now abuses extensionDependencies as a delivery channel.
A prompt-injection attack in a GitHub issue title tricked an AI triage bot into stealing npm tokens, which were then used to publish a malicious package in a five-step supply-chain attack chain.
North Korean Famous Chollima has released 26 npm packages as an extension of the Contagious Interview campaign. Hiding C2 with zero-width Unicode characters in a Pastebin essay and deploying a 9-module RAT via 31 Vercel deployments.
Covers Cisco SD-WAN authentication bypass and UAT-8616's three-year campaign, NuGet/npm supply chain attacks, and Claude Code/Desktop Extensions/Mexico government breach.
Trend Micro analyzed a new AMOS distribution method that targets AI agent workflows. A malicious SKILL.md on OpenClaw plants fake CLI install instructions and uses AI as the intermediary to manipulate people.
Socket reports an active campaign using 19 malicious npm packages. It targets AI development environments such as Claude, Cursor, and VS Code, stealing SSH keys, npm tokens, and API keys, and then propagates via a worm.
