PyPI
Coverage of PyPI in the Nexus archive.
- Researchers flag TrapDoor malware campaign targeting crypto developer environments including Aptos, Sui and Solana
Researchers identified the TrapDoor malware campaign using malicious packages on npm, PyPI, and Crates.io to target crypto developer environments, including Aptos, Sui, and Solana. The campaign exploited package repositories to compromise developers working in blockchain ecosystems.
- TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO
A coordinated cross-ecosystem supply chain attack named TrapDoor has distributed credential-stealing malware through npm, PyPI, and Crates.io, involving over 34 malicious packages across 384 versions. The campaign began on May 22, 2026, with packages published in waves from a cluster of sources.
- Developer Workstations Are Now Part of the Software Supply Chain
Supply chain attackers are targeting developer workstations to steal access and secrets, including API keys and cloud credentials, with three campaigns hitting npm, PyPI, and Docker Hub in a 48-hour window. This highlights the growing risk of software supply chain attacks. The attacks targeted secrets from developer environments and CI/CD pipelines.
- OpenAI asks macOS users to update after TanStack npm supply chain attack
OpenAI is asking macOS users to update due to a supply chain attack impacting TanStack and other npm and PyPI packages tied to AI companies. The attack is part of an expanding campaign affecting several AI companies. Users are being warned to take action to protect themselves.
- OpenAI confirms security breach in TanStack supply chain attack
OpenAI experienced a security breach due to the TanStack supply chain attack, resulting in the compromise of two employees' devices and affecting hundreds of npm and PyPI packages. The company has rotated code-signing certificates as a precautionary measure. This incident highlights the potential risks associated with supply chain attacks.
- Shai Hulud attack ships signed malicious TanStack, Mistral npm packages
A new Shai-Hulud supply-chain campaign has compromised hundreds of packages on npm and PyPI, delivering credential-stealing malware targeting developers. The malicious packages include TanStack and Mistral. This campaign affects developers using these packages.
- Backdoored PyTorch Lightning package drops credential stealer
A malicious version of the PyTorch Lightning package was published on the Python Package Index, delivering a credential-stealing payload targeting browsers and cloud services. The package is designed to steal sensitive information from users. This incident highlights the importance of verifying software packages before installation.
- The never-ending supply chain attacks worm into SAP npm packages, other dev tools
A new wave of supply chain attacks has targeted SAP and Intercom npm packages, as well as the lightning PyPI package, spreading credential-stealing malware named Mini Shai-Hulud. The attacks highlight ongoing vulnerabilities in developer tools and package repositories.