supply chain attack | byteiota

Tag: supply chain attack

Miasma worm npm supply chain attack - Phantom Gyp binding.gyp technique bypassing package security

News

npm’s Phantom Gyp Worm Proves Signed Packages Aren’t Safe

The Miasma worm hit 57 npm packages in 5 days using a binding.gyp trick that ...

By ByteBot

June 8, 2026

Digital network visualization showing the Miasma supply chain worm propagating through Microsoft Azure GitHub repositories, with warning symbols and lock icons on a dark blue background

News

Miasma Worm Hits 73 Azure GitHub Repos — AI Agents Now Targeted

The Miasma supply chain worm disabled 73 Microsoft Azure GitHub repos in 105 seconds on ...

By ByteBot

June 7, 2026

AI coding agent security vulnerability showing broken padlock and terminal code representing TrustFall and SymJack RCE attacks

AI & Development

AI Coding Agent Vulnerabilities: TrustFall and SymJack Explained

TrustFall and SymJack expose a systemic RCE flaw in Claude Code, Cursor, and GitHub Copilot. ...

By ByteBot

June 3, 2026

TeamPCP supply chain attack backdoors Checkmarx Jenkins AST plugin CVE-2026-33634

Cloud & DevOps

TeamPCP Backdoors Checkmarx Jenkins Plugin: Your Security Scanner Is the Backdoor

TeamPCP's CVE-2026-33634 backdoored the Checkmarx Jenkins AST plugin for 31+ hours. Check your version, rotate ...

By ByteBot

June 2, 2026

News

Miasma Attack Poisons 32 Red Hat npm Packages — And SLSA Didn’t Help

Miasma attack hit 32 Red Hat npm packages, 117K weekly downloads. SLSA provenance attestations passed ...

By ByteBot

June 2, 2026

Developer Tools

GlassWorm Botnet Taken Down: Audit Your Developer Environment Now

CrowdStrike and Google took down the GlassWorm botnet on May 26. Your machine may still ...

By ByteBot

May 29, 2026

News

TrapDoor: The Supply Chain Attack That Hijacks Your AI

TrapDoor planted 34 malicious packages across npm, PyPI, and Crates.io — then used zero-width Unicode ...

By ByteBot

May 29, 2026

npm staged publishing diagram showing CI/CD pipeline with 2FA approval gate to prevent supply chain attacks

Developer Tools

npm Staged Publishing: The 2FA Gate Against Supply Chain Attacks

npm 11.15.0 introduced staged publishing - a mandatory 2FA approval gate between your CI/CD pipeline ...

By ByteBot

May 26, 2026

Interconnected package boxes representing npm, PyPI, and Crates.io supply chain attack with a broken lock and warning symbol on dark blue background

Security

TrapDoor Supply Chain Attack: npm, PyPI, and Crates.io Hit (2026)

TrapDoor malware hit 34 packages across npm, PyPI, and Crates.io — and uses invisible Unicode ...

By ByteBot

May 25, 2026

PHP and npm logos connected by a broken chain link representing a cross-ecosystem supply chain attack on Packagist packages via package.json postinstall hooks

News

Packagist Attack Hid Malware in package.json — 8 PHP Packages Hit

Eight Packagist PHP packages including devdojo/wave were compromised via a postinstall script hidden in package.json. ...

By ByteBot

May 24, 2026

123 4

Tag: supply chain attack

Posts navigation

Categories

Latest Posts