software supply chain attack
Coverage of software supply chain attack in the Nexus archive.
- GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure
CrowdStrike, Google, and the Shadowserver Foundation disrupted all command-and-control channels of GlassWorm, a malware campaign targeting software developers via malicious packages and extensions since early 2025. The takedown disrupted a persistent supply chain attack infrastructure.
- A hacker group is poisoning open source code at an unprecedented scale
A hacker group called TeamPCP has breached GitHub through a poisoned VSCode extension installed by a developer, compromising approximately 3,800-4,000 repositories containing GitHub's internal source code. The attack represents an escalation in software supply chain attacks, with TeamPCP now conducting such breaches on a near-weekly basis and extorting victims. The group is attempting to sell GitHub's source code and internal organization data on BreachForums.
- Poisoned Ruby Gems and Go Modules Exploit CI Pipelines for Credential Theft
A new software supply chain attack campaign uses sleeper packages to push malicious payloads, enabling credential theft, GitHub Actions tampering, and SSH persistence. The attack is attributed to the GitHub account 'BufferZoneCorp,' which published malicious Ruby gems and Go modules.
- PyTorch Lightning Compromised in PyPI Supply Chain Attack to Steal Credentials
Threat actors compromised the PyTorch Lightning Python package, publishing malicious versions 2.6.2 and 2.6.3 on April 30, 2026, to steal credentials. Security firms Aikido Security, Socket, and StepSecurity reported the attack, which is part of an ongoing supply chain campaign.