#supply-chain-attack
18 articles
This archive collects 24 articles tagged supply-chain-attack published between April 13, 2026 and May 14, 2026, giving security teams a focused view of how this topic has appeared across ZCyberNews coverage. Observed actor references include GlassWorm, TeamPCP, and APT37, presented only where the underlying article metadata supports the attribution. The affected-scope signals emphasize technology, software development, and cybersecurity across Global, China, and South korea, helping readers compare exposure patterns without adding claims beyond the archive data. Severity coverage includes 7 critical, and 17 high reports.
HIGHOpenAI Breached in TanStack Supply Chain Attack
OpenAI says two employees' devices were compromised in the TeamPCP Mini Shai-Hulud campaign, forcing rotation of code-signing certificates across macOS, Windows, iOS, and Android.
HIGHOceanLotus APT Uses PyPI Packages to Deliver ZiChatBot Malware
Kaspersky attributes a PyPI supply chain campaign to OceanLotus APT, using fake wheel packages to drop ZiChatBot malware that abuses Zulip chat APIs for C2 on Windows and Linux.
HIGHQuasar Linux RAT Targets Developers for Supply Chain Attacks
A new Linux implant codenamed QLNX steals developer credentials, keystrokes, and clipboard data. Targets DevOps environments for software supply chain compromise.
HIGHZiChatBot Malware Spreads via PyPI Packages Using Zulip C2
Three PyPI packages deliver ZiChatBot malware on Windows and Linux using Zulip chat APIs for stealthy C2 — Kaspersky identifies 12+ victim organizations globally.
HIGHAPT37 Targets Ethnic Koreans in China With Android BirdCall Malware
ESET says APT37 compromised Sqgame card game platform to deliver BirdCall backdoor to Android devices, stealing SMS, call logs, and private keys from ethnic Koreans in Yanbian.
HIGHTrellix Source Code Breach Exposes Security Product Internals
Attackers stole source code from Trellix, exposing detection logic and control locations in its security products. The breach amplifies supply chain risks for enterprise customers.
HIGHPoisoned Ruby Gems, Go Modules Hijack CI/CD Pipelines
BufferZoneCorp account published malicious Ruby gems and Go modules that steal credentials, tamper with GitHub Actions, and establish SSH persistence in CI pipelines.
CRITICALMini Shai-Hulud Attack Hijacks SAP, Lightning, Intercom Packages
Attackers compromised SAP, Lightning, and Intercom npm packages in a supply chain attack affecting 1,800 victims; packages had 10M monthly downloads.
HIGHAI Browser Extensions Steal Emails, Passwords via Prompt Injection
Unit 42 finds 30+ malicious AI browser extensions exfiltrating email content, credentials, and API keys via prompt injection and DOM scraping. Affects Chrome, Edge users.
CRITICALSAP npm Packages Hijacked in Credential-Stealing Supply Chain Attack
Attackers compromised multiple SAP-related npm packages to deploy credential-stealing malware, targeting SAP BTP and cloud app credentials. Campaign dubbed mini Shai-Hulud.
HIGH73 Fake VS Code Extensions Deliver GlassWorm v2 Info-Stealer
Researchers found 73 cloned VS Code extensions on Open VSX, with 6 confirmed malicious, delivering the GlassWorm v2 info-stealer.
HIGHCheckmarx Confirms GitHub Data Leak After March 23 Supply Chain Attack
Checkmarx confirmed a cybercriminal group published GitHub repository data on the dark web, traced to a March 23 supply chain attack.
HIGHFast16 Malware Resurfaces in Supply Chain Attacks Abusing Trusted
Fast16 malware resurfaces in new supply chain attacks, abusing remote monitoring tools and browser extensions to steal credentials. Campaign targets enterprise environments.
HIGHGlassWorm Malware Returns via 73 OpenVSX Sleeper Extensions
A new GlassWorm campaign deploys 73 sleeper extensions on OpenVSX that activate malicious behavior post-update, targeting VS Code users in dev environments.
CRITICALTeamPCP Partners with Vect Ransomware in Supply Chain Attacks
Unit 42 reports TeamPCP has partnered with Vect ransomware group to target security software vendors in multi-stage supply chain attacks, compromising trusted update mechanisms.
CRITICALBitwarden CLI Compromised in Checkmarx Supply Chain Attack
JFrog and Socket found malicious code in @bitwarden/[email protected] — the same campaign that hijacked Checkmarx npm packages.
CRITICALBitwarden CLI npm Package Hijacked to Steal Developer Credentials
Attackers published a malicious @bitwarden/cli npm package that steals credentials and spreads to other projects.
CRITICALWordPress Supply Chain Attack Infects 30+ Plugins Planted Malicous Backdoor
A malicious buyer used the Flippa marketplace to acquire a plugin developer, injecting a backdoor into over 30 WordPress plugins with hundreds of thousands of installations to deploy hidden SEO spam.
Stay Updated
Get the latest cybersecurity news delivered to your inbox.