Skip to content
The Nexus
DossierENTITY

software supply chain attack

Coverage of software supply chain attack in the Nexus archive.

Earliest in view: Apr 30 · 16:31 UTCMost recent: May 27 · 11:48 UTC
Co-mentioned in this coverage
Recent coverage
  • SECURITYMay 27 · 11:48 UTCTHE HACKER NEWS
    GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure

    CrowdStrike, Google, and the Shadowserver Foundation disrupted all command-and-control channels of GlassWorm, a malware campaign targeting software developers via malicious packages and extensions since early 2025. The takedown disrupted a persistent supply chain attack infrastructure.

  • SECURITYMay 22 · 10:30 UTCARS TECHNICA
    A hacker group is poisoning open source code at an unprecedented scale

    A hacker group called TeamPCP has breached GitHub through a poisoned VSCode extension installed by a developer, compromising approximately 3,800-4,000 repositories containing GitHub's internal source code. The attack represents an escalation in software supply chain attacks, with TeamPCP now conducting such breaches on a near-weekly basis and extorting victims. The group is attempting to sell GitHub's source code and internal organization data on BreachForums.

  • SECURITYMay 1 · 09:43 UTCTHE HACKER NEWS
    Poisoned Ruby Gems and Go Modules Exploit CI Pipelines for Credential Theft

    A new software supply chain attack campaign uses sleeper packages to push malicious payloads, enabling credential theft, GitHub Actions tampering, and SSH persistence. The attack is attributed to the GitHub account 'BufferZoneCorp,' which published malicious Ruby gems and Go modules.

  • SECURITYApr 30 · 16:31 UTCTHE HACKER NEWS
    PyTorch Lightning Compromised in PyPI Supply Chain Attack to Steal Credentials

    Threat actors compromised the PyTorch Lightning Python package, publishing malicious versions 2.6.2 and 2.6.3 on April 30, 2026, to steal credentials. Security firms Aikido Security, Socket, and StepSecurity reported the attack, which is part of an ongoing supply chain campaign.

software supply chain attack · Dossier · The Nexus