Search
For "supply chain" across CVEs, vendor advisories, threat actors, IOCs, security research, and news.
Latest analysis of npm/PyPI/cargo registry compromises, dependency confusion, and self-replicating worms (Shai-Hulud).
BoxLite: Permission Bypass Allows Modification of Read-Only Files
aka Elderwood Gang, Beijing Group, Sneaky Panda
[Elderwood](https://attack.mitre.org/groups/G0066) is a suspected Chinese cyber espionage group that was reportedly responsible for the 2009 Google intrusion known as Operation Aurora. (Citation: Security Affairs Elderwood Sept 2012) The group has targeted defense organizations, supply chain manufacturers, human rights and nongovernmental organizations (NGOs), and IT service providers. (Citation: Symantec Elderwood Sept 2012) (Citation: CSM Elderwood Sept 2012)
aka TEMP.Isotope, DYMALLOY, Berserk Bear, TG-4192, Crouching Yeti, IRON LIBERTY
[Dragonfly](https://attack.mitre.org/groups/G0035) is a cyber espionage group that has been attributed to Russia's Federal Security Service (FSB) Center 16.(Citation: DOJ Russia Targeting Critical Infrastructure March 2022)(Citation: UK GOV FSB Factsheet April 2022) Active since at least 2010, [Dragonfly](https://attack.mitre.org/groups/G0035) has targeted defense and aviation companies, government entities, companies related to industrial control systems, and critical infrastructure sectors worldwide through supply chain, spearphishing, and drive-by compromise attacks.(Citation: Symantec Dragonfly)(Citation: Secureworks IRON LIBERTY July 2019)(Citation: Symantec Dragonfly Sept 2017)(Citation: Fortune Dragonfly 2.0 Sept 2017)(Citation: Gigamon Berserk Bear October 2021)(Citation: CISA AA20-296A Berserk Bear December 2020)(Citation: Symantec Dragonfly 2.0 October 2017)
aka COBALT GYPSY, IRN2, APT34, Helix Kitten, Evasive Serpens, Hazel Sandstorm
[OilRig](https://attack.mitre.org/groups/G0049) is a suspected Iranian threat group that has targeted Middle Eastern and international victims since at least 2014. The group has targeted a variety of sectors, including financial, government, energy, chemical, and telecommunications. It appears the group carries out supply chain attacks, leveraging the trust relationship between organizations to attack their primary targets. The group works on behalf of the Iranian government based on infrastructure details that contain references to Iran, use of Iranian infrastructure, and targeting that aligns with nation-state interests.(Citation: FireEye APT34 Dec 2017)(Citation: Palo Alto OilRig April 2017)(Citation: ClearSky OilRig Jan 2017)(Citation: Palo Alto OilRig May 2016)(Citation: Palo Alto OilRig Oct 2016)(Citation: Unit42 OilRig Playbook 2023)(Citation: Unit 42 QUADAGENT July 2018)
aka Evasive Panda, BRONZE HIGHLAND
[Daggerfly](https://attack.mitre.org/groups/G1034) is a People's Republic of China-linked APT entity active since at least 2012. [Daggerfly](https://attack.mitre.org/groups/G1034) has targeted individuals, government and NGO entities, and telecommunication companies in Asia and Africa. [Daggerfly](https://attack.mitre.org/groups/G1034) is associated with exclusive use of [MgBot](https://attack.mitre.org/software/S1146) malware and is noted for several potential supply chain infection campaigns.(Citation: Symantec Daggerfly 2023)(Citation: ESET EvasivePanda 2023)(Citation: Symantec Daggerfly 2024)(Citation: ESET EvasivePanda 2024)
aka Gleaming Pisces, Citrine Sleet, UNC1720, UNC4736
[AppleJeus](https://attack.mitre.org/groups/G1049) is a North Korean state-sponsored threat group attributed to the Reconnaissance General Bureau. Associated with the broader [Lazarus Group](https://attack.mitre.org/groups/G0032) umbrella of actors, [AppleJeus](https://attack.mitre.org/groups/G1049) has been active since at least 2018 and is closely aligned in resources with TEMP.hermit, another DPRK-affiliated group under the same umbrella.(Citation: dtex DPRK 2025 structure ITworkers) The group’s primary mission is to generate and launder revenue to provide financial support to the government. [AppleJeus](https://attack.mitre.org/groups/G1049) primarily targets the cryptocurrency industry and is most notably responsible for the [3CX Supply Chain Attack](https://attack.mitre.org/campaigns/C0057).(Citation: Mandiant 3cx UNC4736 2023) The group traditionally deploys malicious cryptocurrency software in combination with [Phishing](https://attack.mitre.org/techniques/T1566). From these compromised environments, it selectively deploys additional backdoors to enable extended operations against high-value financial targets.(Citation: Mandiant DPRK Groups 2023)(Citation: JPCert Blog Laz Subgroups 2025)
Inside EveryOps APAC: What India and Australia’s Tech Leaders Are Focused On
Last June, we hosted the first EveryOps Day in Sydney - born from the convergence of DevOps, DevSecOps, and AI/MLOps we were witnessing across every industry in APAC. A year later, with AI's proliferation across software delivery and securi
Active Exploitation of Oracle PeopleSoft Zero-Day (CVE-2026-35273)
Overview On June 10, 2026, Oracle published a security alert for CVE-2026-35273 , a critical vulnerability in the Updates Environment Management component of PeopleSoft Enterprise PeopleTools. Oracle released an out-of-band patch the same d
CVE-2026-35273 · CVE-2013-3821 · CVE-2017-3548
The Range Shrinks, the Threat Remains: Re-evaluating LLM Package Hallucinations on the 2026 Frontier-Model Cohort
arXiv:2605.17062v2 Announce Type: replace Abstract: Spracklen et al. (USENIX Security '25) showed that code-generating large language models hallucinate package names that do not exist on PyPI or npm at rates ranging from 5.2% on commercial
Classport: Designing Runtime Dependency Introspection for Java
arXiv:2510.20340v4 Announce Type: replace-cross Abstract: Runtime introspection of dependencies, i.e., the ability to observe which dependencies are currently used during program execution, is fundamental for Software Supply Chain security.
LNTest: A Testbed for Evaluating Bitcoin Lightning Network-Based Botnets
arXiv:2606.12887v1 Announce Type: new Abstract: Bitcoin's Lightning Network (LN) can be exploited as a covert, low-cost command-and-control (C&C) channel for botnets, as demonstrated by the LNBot and D-LNBot designs. However, both remain pr
Introducing the JFrog Power for Kiro
A new CVE drops into a package you depend on. With the JFrog power for Kiro installed, your next move is a single prompt in your IDE, not a tab switch to the JFrog UI and thirty minutes of hand-rolled REST calls. This is what governed agent
How to Validate Policy-as-Code Without Breaking Builds (Even When AI Writes the Code)
Picture two realities for the same compliance control reaching production. Reality One: Your AppSec team writes a new rule. An engineer uses Claude Code or Cursor to generate the OPA (Open Policy Agent) Rego policy in minutes. They deploy i
Trust No Skill: Integrity Verification for AI Agent Supply Chains
Protect enterprise AI agents from supply chain risks by auditing third-party skills for hidden vulnerabilities and multi-stage attack chains. The post Trust No Skill: Integrity Verification for AI Agent Supply Chains appeared first on Unit
A Five-Plane Reference Architecture for Runtime Governance of Production AI Agents
arXiv:2606.12320v1 Announce Type: cross Abstract: Enterprise security was built to govern data boundaries: the protected surface was data at rest and in transit, and the controls -- access control, data-loss prevention, perimeter inspection
The Governance Gap: What IDC's 2026 Data Reveals About AI and the Software Supply Chain
In a landscape where executive teams demand immediate AI integration, engineering and security leaders find themselves navigating a complex operational balancing act. To explore how organizations can accelerate delivery pipelines without in
Our AI Agent Now Has a Security Conscience: Introducing the JFrog Plugin for Claude Code
AI coding agents are changing the pace of software development. With tools like Claude Code, developers can move from idea to implementation faster than ever, generating code, exploring unfamiliar repositories, refactoring services, and tur
GRAFT: Graphlet-Triggered Backdoor Attack on GNN-Based Hardware Security Systems
arXiv:2606.10163v1 Announce Type: new Abstract: The globalization of the integrated circuit (IC) supply chain increases the risk of security threats, such as hardware Trojans (HTs) and the theft of intellectual property (IP). Graph Neural N
Anchors that Don't Lift: Understanding Supply Chain Driven Kernel Lock-In and Governance-Mediated Mitigation Strategies in SOHO Devices
arXiv:2606.11175v1 Announce Type: new Abstract: Small Office/Home Office (SOHO) devices are widely popular, yet often attacked due to security vulnerabilities in their firmware, affecting thousands of devices. These security vulnerabilities
MalSkillBench: A Runtime-Verified Benchmark of Malicious Agent Skills
arXiv:2606.07131v2 Announce Type: replace Abstract: AI coding agents such as Claude Code and Gemini CLI increasingly extend themselves with third-party skills: markdown packages bundling natural-language instructions, executable scripts, an
GitInject: Real-World Prompt Injection Attacks in AI-Powered CI/CD Pipelines
arXiv:2606.09935v1 Announce Type: new Abstract: AI-powered agents are increasingly embedded in continuous integration and continuous delivery/deployment (CI/CD) pipelines to autonomously review pull requests (PRs), triage issues, and mainta
Best Software Composition Analysis Services: Top 8 in 2026
What are software composition analysis services? Software Composition Analysis (SCA) services are automated tools that scan codebases to find, identify, and manage open-source components, detecting security vulnerabilities (CVEs), licensing
OWASP Dependency-Track 5.0 Is Now Generally Available
OWASP Dependency-Track 5.0 Is Now Generally Available The largest redesign in the project's history brings horizontal scaling, fault tolerance, and software supply chain integrity verification to the widely used open source platform
Targeting World Models to Compromise Robot Learning Pipelines
arXiv:2606.09499v1 Announce Type: cross Abstract: World models have recently seen a rapid growth in both their popularity and capability as more data efficient tools for generating robot training data or simulating real world environments,
Customization under Fire: Plugin Poisoning in Text-to-Image Ecosystem
arXiv:2606.09151v1 Announce Type: new Abstract: The prosperity of text-to-image (T2I) models has fostered a vibrant share-and-play ecosystem centered on Low-Rank Adaptation (LoRA) plugins, which allow users to customize and share model capa
DPAgent-in-the-Middle: Agentic Defense and Repair Against AI-Groomed Deceptive Patterns
arXiv:2606.06914v1 Announce Type: new Abstract: Privacy deceptive patterns in web interfaces systematically manipulate users into disclosing personal data, yet existing defenses are fragmented, static, and increasingly vulnerable to manipul
MalSkillBench: A Runtime-Verified Benchmark of Malicious Agent Skills
arXiv:2606.07131v1 Announce Type: new Abstract: AI coding agents such as Claude Code and Gemini CLI increasingly extend themselves with third-party skills: markdown packages bundling natural-language instructions, executable scripts, and to
Securing CI/CD in an agentic world: Claude Code Github action case
Microsoft Threat Intelligence discovered that Anthropic's Claude Code GitHub Action could expose CI/CD workflow secrets when AI agents process untrusted GitHub content, including issue bodies, pull request descriptions, and comments. We fou
Updating the taxonomy of failure modes in agentic AI systems: What a year of red teaming taught us
In this article Why the Taxonomy Needed Updating Seven new failure modes Operational findings: What red teaming showed New mitigations What to do this quarter When the Microsoft AI Red Team published the Taxonomy of Failure Modes in Agentic
CVE-2026-25253
Updating the taxonomy of failure modes in agentic AI systems: What a year of red teaming taught us
In this article Why the Taxonomy Needed Updating Seven new failure modes Operational findings: What red teaming showed New mitigations What to do this quarter When the Microsoft AI Red Team published the Taxonomy of Failure Modes in Agentic
CVE-2026-25253
NVIDIA NIM Models Are Now Governed Assets in Your Supply Chain
NVIDIA NIM (NVIDIA Inference Microservices) packages production-ready AI models into optimized containers for enterprise deployment. Your developers need them. Your coding agents pull them. And until now, they pulled them directly from NVID
Node-gyp Supply Chain Compromise: A Self-Propagating npm Worm That Hides in binding.gyp
A new npm worm is abusing binding.gyp to trigger node-gyp during install, letting malicious packages run code without lifecycle scripts. It steals credentials, persists in GitHub, and self-propagates across maintainers.
Talk to Your Platform: Spin Up JFrog Self-Service Trials with MCP – No Human Intervention Required
JFrog is one of the first Software Supply Chain Management and Security Platforms to provide MCP functionality, which we have now opened up to anyone interested in trying Claude and Cursor in their own development environment. Doing a free
Preinstall to persistence: Inside the Red Hat npm Miasma credential-stealing campaign
In this article Attack chain overview Mitigation and protection guidance Learn more Microsoft Threat Intelligence identified a large-scale npm supply chain attack affecting 32 maliciously modified packages across more than 90 versions under
The npm Threat Landscape: Attack Surface and Mitigations (Updated June 2)
Unit 42 analyzes npm supply chain evolution post-Shai Hulud. Discover wormable malware, CI/CD persistence, multi-stage attacks and more. The post The npm Threat Landscape: Attack Surface and Mitigations (Updated June 2) appeared first on Un
Introducing the Global Software Supply Chain Excellence Awards: Celebrating the People Behind the Software Pipelines
Today, JFrog is proud to introduce the Software Supply Chain Excellence Awards , the first-ever customer awards program created to spotlight the teams and individuals who are doing the hard work of securing and scaling modern software deliv
Trusted AI Adoption (Part 2): Detection
It's Monday morning. Your coding agents ran all weekend. Your security dashboard shows the exact same numbers it did Friday afternoon. Same models, the same approved Model Context Protocol (MCP) servers, the same AI assets you are familiar
Miasma: Supply Chain Attack Targeting RedHat npm Packages
Detect and mitigate malicious npm packages linked to the latest npm supply chain attack, based on the open sourced Mini Shai-Hulud malware.
Containers on fire: from container escapes to supply chain attacks
Introduction Modern infrastructures universally rely on containerization to deploy applications, scale services, and build cloud platforms. The use of Docker, Kubernetes, and similar technologies has become the corporate standard for effici
CVE-2019-5736
Miasma supply chain attack: malicious code found in @redhat-cloud-services npm packages
A supply chain worm dubbed Miasma has been found in dozens of @redhat-cloud-services npm releases. The malicious preinstall hook steals credentials, probes cloud identities, and can republish other packages.
Malicious npm packages abuse dependency confusion to profile developer environments
In this article Attack chain overview Threat actor attribution Mitigation and protection guidance Indicators of Compromise (IOC) References Learn more Microsoft Threat Intelligence has uncovered an active supply chain attack involving malic
Malicious npm packages abuse dependency confusion to profile developer environments
In this article Attack chain overview Threat actor attribution Mitigation and protection guidance Indicators of Compromise (IOC) References Learn more Microsoft Threat Intelligence has uncovered an active supply chain attack involving malic
Typosquatted npm packages used to steal cloud and CI/CD secrets
In this article Attack chain overview The lure: typosquats and spoofed metadata Execution: npm lifecycle hook abuse Gen-1 stager: HTTP C2 beacon and payload drop Gen-2 stager: abusing the legitimate Bun runtime as a loader Credential theft
Typosquatted npm packages used to steal cloud and CI/CD secrets
In this article Attack chain overview The lure: typosquats and spoofed metadata Execution: npm lifecycle hook abuse Gen-1 stager: HTTP C2 beacon and payload drop Gen-2 stager: abusing the legitimate Bun runtime as a loader Credential theft
OWASP Top 10 for LLM Applications: Risks, Impact, and Mitigation
What is OWASP Top 10 for LLM Applications? The 2025 OWASP Top 10 for LLM Applications is yet another monumental effort from OWASP made possible by a large number of experts in the fields of AI, cybersecurity, cloud technology, and beyond. T
Authenticated RCE via Argument Injection in Gogs (NOT FIXED)
Overview Rapid7 Labs discovered a critical argument injection ( CWE-88 ) vulnerability in Gogs , a popular open-source self-hosted Git service. Rapid7 Labs scores this vulnerability as CVSSv4 9.4 (Critical). The vulnerability allows any aut
Download pumping: New npm deception technique for supply chain attacks
Learn how attackers exploit automated bot traffic as part of software supply chain attacks to artificially inflate download counters and mask malicious payloads as legitimate. Key takeaways Volume doesn't equal trust. Packages with nu
Introducing Package Traffic Controller: Software Supply Chain Security at the Network Edge
Imagine this: your security team has done everything right. All development teams are using a centrally managed artifact repository with scanning in place. Your engineering organization has clear policies about where packages can come from.
Laravel Lang Supply Chain Advisory
Hundreds of historical Laravel Lang Packagist releases were republished with malicious code, putting Composer installs at risk of credential theft and secret exfiltration.
Laravel-Lang Composer tag-rewrite Supply Chain Attack
On 2026-05-22, an attacker rewrote every repository tag across four Composer packages in the Laravel-Lang ecosystem to point at malicious commits. The affected packages are laravel-lang/lang, laravel-lang/attributes, laravel-lang/http-statu
Mini Shai-Hulud: Frequently asked questions about the TeamPCP npm and PyPI supply chain campaign
A self-propagating worm has compromised more than 170 npm and PyPI packages, defeating provenance attestation and breaching OpenAI and Mistral AI. Here is what you need to know. Key takeaways Mini Shai-Hulud is a self-propagating wo
The Governance Gap Between Your Policy and Your Pipeline
Security teams are under more pressure than ever, and most of them believe they're keeping up. That confidence, it turns out, may be the most consequential finding in the JFrog 2026 Software Supply Chain Security State of the Union . Across
The AntV Supply Chain Campaign Expands: Microsoft's `durabletask` PyPI Package Compromised
A day after the AntV npm supply chain attack, the same campaign appears to have struck `durabletask`, a Microsoft-associated Python package on PyPI. Snyk has coverage in the vulnerability database and package health pages. Here's what we kn
The Agent Has Entered the Supply Chain
Software Delivery in the Age of Agents The way software gets built has fundamentally shifted. AI coding agents are no longer just autocomplete on steroids; they're resolving packages, configuring environments, selecting tools, and in some c
Mini Shai-Hulud Hits @antv: 323 npm Packages Compromised Through the atool Maintainer Account
An active supply chain attack has compromised 323 npm packages published under the atool npm maintainer account. The wave sweeps the entire @antv data-visualization organization alongside standalone libraries with wide independent adoption:
Turn Blind Trust into Verified Control with Prompt Security for Agentic AI
Agentic AI is no longer theoretical. It's already embedded across enterprises inside developer workflows, SaaS platforms, and operational pipelines. It is executing tasks, chaining actions, and interacting with critical systems at machine s
Early Warning Signs of Supply-Chain Attacks Live in the Dark Web
GitHub access sales, leaked repositories, and stolen API keys can all become supply-chain attack footholds. Flare explores how underground forums expose early signals tied to software supply-chain risk. [...]
ThreatsDay Bulletin: Worm Code Leaked, AI Agent Phished, Claude Action Patch + 28 New Stories
It's been one of those weeks. You expect the usual noise: recycled malware, sloppy attacks, another easy target getting hit. Instead, there's a supply chain attack kit in a public repo, a $5,000-a-month RAT that clones browsers, and research showing AI agents can be tricked into leaking real credentials. The bigger problem is how polished this all looks now. Mule networks run like SaaS.
OceanLotus Hits Vietnam Investors With SPECTRALVIPER in FireAnt Attack
The Vietnam-aligned threat actor known as OceanLotus has been attributed to two distinct campaigns that targeted domestic entities and stock investors with a backdoor known as SPECTRALVIPER. The campaigns involve a prolonged cyber espionage operation aimed at a Vietnamese infrastructure and transport construction corporation between mid-2024 and February 2026, as well as a supply chain attack
GitHub to Disable npm Install Scripts by Default to Stop Supply Chain Attacks
GitHub has announced what it said are "breaking changes" coming to npm version 12, one of which turns off install scripts by default to combat software supply chain threats. The changes aim to combat attack techniques that abuse the "npm install" command to trigger the execution of malicious code using npm lifecycle hooks. "Npm install" is used to download and install all the necessary
The ‘Miasma’ worm source code briefly leaked on GitHub
The Miasma credential-stealing attack framework, which has recently targeted open-source ecosystems through supply-chain attacks, was briefly open-sourced on GitHub. [...]
GitHub announces npm security changes to tackle supply-chain attacks
GitHub has announced that npm v12, expected next month, will introduce several security-focused changes aimed at blocking supply-chain attacks abusing behaviors triggered by the 'npm install' command. [...]
Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer
The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel artifacts across 19 packages in the Python Package Index (PyPI) registry, as the Mini Shai-Hulud-style attacks continue to be refined and splintered to target specific ecosystems. "The compromised releases shipped a *-setup.pth file that attempts to execute automatically
New Shai-Hulud attack trojanizes 19 science-focused PyPI packages
Hackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud supply-chain attack that delivered malware designed to steal developer secrets. [...]
TeamPCP Supply Chain Campaign: Activity Through 2026-06-07, (Mon, Jun 8th)
This diary continues the Internet Storm Center's tracking of the TeamPCP supply chain campaign, first documented in the SANS white paper When the Security Scanner Became the Weapon and most recently in the handler diary Activity Through 2026-05-24. Since that update, the story moved into two new places: the United States government, which formally caught up to the campaign, and the wider population of attackers now wielding the Mini Shai-Hulud framework that TeamPCP open-sourced last month.
VS Code Adds 2-Hour Extension Auto-Update Delay to Limit Supply Chain Attacks
Microsoft has announced that Visual Studio Code (VS Code) will apply a two-hour delay before extensions for the integrated development environment (IDE) are updated automatically to a newer version in an attempt to tackle software supply chain threats. "When automatic updates are enabled, new versions are auto-updated two hours after they are published, adding an extra layer of protection
Miasma Worm Hits 73 Microsoft GitHub Repositories in Major Supply Chain Attack
Microsoft's GitHub repositories have become the latest to fall victim to the ongoing Miasma self-replicating supply chain attack campaign. The incident impacted 73 Microsoft repositories across four of its GitHub organizations, including Azure, Azure-Samples, Microsoft, and MicrosoftDocs, per OpenSourceMalware. The development has GitHub to disable access to those repositories. "Access to this
IronWorm and New Miasma Worm Variant Hit npm in Supply Chain Attacks
Multiple software supply chain attacks have hit the npm ecosystem, with threat actors using both malicious and poisoned versions of over 50 legitimate packages to distribute a Rust-based information stealer and a self-spreading worm, respectively. According to JFrog, the information stealer "scrapes every secret it can find on a developer's machine, hides behind an eBPF kernel rootkit, and
Hola Browser for Windows compromised to deliver cryptominer
The Windows version of the Hola Browser has been compromised in a supply chain attack that delivered an undeclared executable identified by researchers as a cryptocurrency miner. [...]
Miasma Supply Chain Attack Compromises Red Hat npm Packages with Credential-Stealing Worm
A new Mini Shai-Hulud supply chain attack campaign, codenamed Miasma, has compromised @redhat-cloud-services packages to steal credentials and secrets from developer machines and deliver a self-propagating worm. "This is effectively a Mini Shai-Hulud campaign: it uses the same core tactics of install-time execution, credential harvesting, CI/CD targeting, encrypted exfiltration, and potential
OpenAI Codex Authentication Tokens Stolen in codexui-android npm Supply Chain Attack
Cybersecurity researchers have disclosed details of a new malicious supply chain campaign that's targeting developers using OpenAI Codex through a legitimate-looking remote web UI. The tool, named codexui-android, is advertised on GitHub and npm as a remote web UI for OpenAI Codex, attracting over 29,000 weekly downloads. The package is still available for download from the repository. What
Supply Chain Compromises Impact Nx Console and GitHub Repositories
<p>CISA is prioritizing the response to multiple emerging software supply chain intrusion campaigns targeting developer ecosystems Continuous Integration/Continuous Development (CI/CD) pipelines. These recent incidents, including the GitHub compromise via a malicious Nx Console Visual Studio Code (VS Code) extension and the “Megalodon” supply chain intrusion campaign, demonstrate how cyber threat actors are abusing tools and processes that support enterprise, cloud, and DevOps environments—specifically CI/CD pipelines, code extensions and workflows. </p> <p>Threat actors leveraged a prior compromise of Nx developer systems to compromise a GitHub employee’s device through a poisoned third-party VS Code extension, resulting in unauthorized access and exfiltration of internal GitHub repositories. The malicious extension version (18.95.0) was distributed through VS Code’s automatic update mechanism, meaning systems with Nx Console previously installed may have received the malicious build without developers taking any manual installation action. GitHub released a <a href="https://github.com/nrwl/nx-console/security/advisories/GHSA-c9j4-9m59-847w" target="_blank">security advisory</a> on this activity, and <a href="https://www.cve.org/CVERecord?id=CVE-2026-48027" target="_blank">CVE-2026-48027</a> has been assigned to the malicious version of Nx Console and added to <a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog">CISA’s Known Exploited Vulnerabilities (KEV) Catalog</a>.</p> <p>Additionally, in a campaign known as “Megalodon,” a cyber threat actor injected malicious GitHub Action workflows to harvest CI/CD secrets, cloud credentials, and tokens, impacting both development and deployment pipelines in public GitHub repositories.</p> <p>CISA urges organizations to implement the following recommendations to detect and remediate a potential compromise:</p> <ul> <li>Monitor and audit workflow files and contributor activity for suspicious pull re
CVE-2026-48027