Technical notes on security incidents, vulnerabilities, and supply chain threats, written for quick triage and review.
CISA added Cisco Catalyst SD-WAN CVE-2026-20182 to KEV on 2026-05-14. Cisco lists fixed releases across 20.9, 20.12, 20.15, 20.18, and 26.1 trains; CISA ED 26-03 provides concrete artifact selectors for rogue peering, root SSH, downgrades, and log clearing.
CISA added Drupal Core CVE-2026-9082 to KEV on 2026-05-22. The exploitable surface is PostgreSQL-backed Drupal Core in affected 8.9.x, 10.x, and 11.x ranges; this article provides composer, settings, and telemetry scripts for exposure and closure.
CISA added Langflow CVE-2025-34291 to KEV on 2026-05-21. The issue combines permissive CORS and credentialed refresh-token behavior; this article provides dependency, container, HTTP telemetry, and token-abuse audit scripts.
CISA added Microsoft Defender CVE-2026-41091 to KEV on 2026-05-20. MSRC marks exploitation detected and gives the exact fixed Malware Protection Engine version 1.1.26040.8.
CISA added Microsoft Defender CVE-2026-45498 to KEV on 2026-05-20. MSRC marks exploitation detected and gives the exact fixed Defender Antimalware Platform version 4.18.26040.7.
CISA added Exchange Server CVE-2026-42897 to KEV on 2026-05-15. MSRC marks exploitation detected and points to Exchange Emergency Mitigation Service mitigation ID M2 rather than a normal update table.
CISA added Trend Micro Apex One CVE-2026-34926 to KEV on 2026-05-21. Trend Micro reports at least one in-the-wild attempt and fixed builds 17079, 18012, and 14.0.20731; this article provides build-export and agent-deployment audit scripts.
GitHub Action tags for actions-cool/issues-helper and actions-cool/maintain-one-comment were moved to imposter commits that scraped GitHub Actions runner memory and exfiltrated CI/CD secrets.
The npm package art-template was compromised in versions 4.13.5 and 4.13.6 to inject remote browser-side JavaScript that redirected users into a Coruna-like iOS Safari exploit delivery chain.
Laravel-Lang packages were compromised through rewritten Composer tags that loaded a PHP backdoor through Composer autoload and exposed developer, CI/CD, cloud, and application secrets.
Megalodon added malicious GitHub Actions workflows to thousands of public repositories to collect environment variables, cloud credentials, source-control secrets, and runner tokens.
A campaign inserted malicious package.json postinstall hooks into Packagist-linked GitHub repositories, causing npm install workflows to download and execute a GitHub Releases binary as /tmp/.sshd.
The Go module github.com/shopsprint/decimal typosquatted github.com/shopspring/decimal and used an init-time DNS TXT command loop in v1.3.3.
TrapDoor is an active cross-registry supply-chain campaign using npm postinstall hooks, PyPI import-time execution, and Rust build scripts to steal developer, cloud, SSH, and crypto wallet secrets.
Mini Shai-Hulud is a highly sophisticated, self-propagating software supply chain worm targeting npm and PyPI ecosystems. Attributed to the TeamPCP threat actor group, it exploits CI/CD pipelines to harvest credentials and forge SLSA Build Level 3 provenance signatures.
On May 19, 2026, the official Microsoft durabletask Python SDK was compromised on PyPI. Threat actors used hijacked publishing credentials to directly upload malicious versions containing a cloud credential-harvesting payload.
On May 18, 2026, the official Nx Console VS Code extension was compromised when attackers used an OAuth token stolen in the TanStack compromise to publish malicious version v18.95.0, resulting in the theft of 3,800 internal GitHub repositories.
On May 14, 2026, the highly popular Node.js library node-ipc was compromised in a major supply chain attack. Attackers re-registered the expired email domain of a dormant lead maintainer to reset their npm account password and publish credential-stealing updates.
On May 11, 2026, the popular open-source project TanStack fell victim to a CI/CD release pipeline poisoning attack. Threat actors hijacked the release pipeline via a pull request exploitation vector and OIDC token theft to publish 84 backdoored versions across 42 packages.
On April 30, 2026, `intercom-client@7.0.4` on npm introduced a first-ever `preinstall` hook that executed a Bun-launched obfuscated credential stealer and exfiltrated secrets through GitHub APIs.
On April 30, 2026, malicious `lightning` PyPI releases 2.6.2 and 2.6.3 shipped an import-time loader that bootstrapped Bun and executed a large obfuscated JavaScript credential stealer.
A malicious `elementary-data==0.23.3` release was pushed to PyPI and GHCR after attackers exploited a GitHub Actions script-injection path, adding an interpreter-startup `.pth` infostealer.
Bitwarden confirmed that @bitwarden/cli@2026.4.0 was maliciously distributed through the npm CLI delivery path for a short April 22, 2026 window. JFrog and Socket analysis tied the package to bw_setup.js, bw1.js, Bun bootstrap, audit.checkmarx.cx exfiltration, GitHub fallback channels, and developer/CI credential theft.
JFrog reported that the legitimate PyPI package xinference shipped malicious versions 2.6.0, 2.6.1, and 2.6.2 with import-time code in xinference/__init__.py. The payload collected host and secret material into love.tar.gz and posted it to whereisitat.lucyatemysuperbox.space with header X-QT-SR: 14.
On March 31, 2026, the popular JavaScript HTTP client Axios was compromised when attackers hijacked a lead maintainer's npm account, publishing malicious versions containing a phantom dependency to drop a cross-platform Remote Access Trojan (RAT).
On March 24, 2026, threat actors targeted cryptocurrency developers on the npm registry by typosquatting common Solana and Ethereum libraries. The malicious packages silently harvested and exfiltrated wallet private keys to a Telegram Bot C2.
On March 24, 2026, the popular LiteLLM Python package was compromised on PyPI. Attackers harvested PyPI publishing secrets from LiteLLM's CI/CD runner via a previously backdoored dependency, uploading malicious versions containing a python startup hook payload.
On March 19, 2026, the widely adopted container vulnerability scanner Trivy was compromised in a major supply chain attack. Cybercrime group TeamPCP poisoned version tags to harvest and exfiltrate runner credentials.
Attackers published typosquatted versions of the popular pyspellchecker library to deliver a Remote Access Trojan (RAT) hidden inside compressed Basque dictionary files.
Socket reported that semantic-types became malicious at version 0.1.5 and 0.1.6, with five Solana-themed PyPI packages pulling it transitively. The payload monkey-patched solders.keypair.Keypair constructors, encrypted Solana private keys with an RSA-2048 public key, and exfiltrated ciphertext through Solana Devnet SPL memo transactions.
No analyses match the current search.