Skip to main content

Briefing Zero-days CVEs IOCs NewsActors Vendors Licenses Help

⌘+KWorkspace→

Real-time security intelligence — KEV, CVEs, exploits, threat actors and IOCs unified into one live view.

Sources Status API docs Licenses Help Security disclosure

© 2026 ZeroDayAttack · Public data from CISA · NIST · MITRE · FIRST · OSV · GitHub · abuse.ch — not a security advisory.

Built by Kiril Urbonas

ZeroDayAttack — AppSec intelligence aggregator

Search

122 results

For "supply chain" across CVEs, vendor advisories, threat actors, IOCs, security research, and news.

All122 Vulnerabilities50 Threat actors5 Vendor advisories1 Research50 News16 IOCs0

Instant answer

Supply-chain attacks

Latest analysis of npm/PyPI/cargo registry compromises, dependency confusion, and self-replicating worms (Shai-Hulud).

Recent coverage

redditnetsecThe Axios npm compromise was visible in registry metadata before anyone ran npm install8 h ago
jfrogInside EveryOps APAC: What India and Australia’s Tech Leaders Are Focused On1 d ago

Vulnerabilities

50

OSV-MAL-2026-5737—8 h ago
Malicious code in postcss-minify-selector-parser (npm)
OSV-MAL-2026-5712—18 h ago
Malicious code in jextic-eclib (npm)
OSV-MAL-2026-5299—19 h ago
Malicious code in pantheon-agents (PyPI)
OSV-MAL-2026-5698—19 h ago
Malicious code in nagios-xi (PyPI)

arxivClassport: Designing Runtime Dependency Introspection for Java1 d ago

jfrogIntroducing the JFrog Power for Kiro1 d ago

jfrogHow to Validate Policy-as-Code Without Breaking Builds (Even When AI Writes the Code)1 d ago

unit42Trust No Skill: Integrity Verification for AI Agent Supply Chains2 d ago

thehackernewsGitHub to Disable npm Install Scripts by Default to Stop Supply Chain Attacks2 d ago

sansiscTeamPCP Supply Chain Campaign: Activity Through 2026-06-07, (Mon, Jun 8th)4 d ago

All Shai-Hulud research

OSV-MAL-2026-5280—19 h ago

Malicious code in bramin (PyPI)

OSV-MAL-2026-5708—19 h ago

Malicious code in vite-svgr (npm)

OSV-MAL-2026-5707—19 h ago

Malicious code in ttspc-server-sample (npm)

OSV-MAL-2026-3774—19 h ago

Malicious code in ts-build-optimize (npm)

OSV-MAL-2026-5636—19 h ago

Malicious code in swagger-express-routes (npm)

OSV-MAL-2026-5629—19 h ago

Malicious code in sass-formats (npm)

OSV-MAL-2026-4621—19 h ago

Malicious code in nolimit-x (npm)

OSV-MAL-2026-5483—19 h ago

Malicious code in mcp-server-sentry (npm)

OSV-MAL-2026-5482—19 h ago

Malicious code in mcp-server-redis (npm)

OSV-MAL-2026-5481—19 h ago

Malicious code in mcp-server-postgres (npm)

OSV-MAL-2026-5480—19 h ago

Malicious code in mcp-server-notion (npm)

OSV-MAL-2026-5478—19 h ago

Malicious code in mcp-server-git (npm)

OSV-MAL-2026-5476—19 h ago

Malicious code in mcp-server-fetch (npm)

OSV-MAL-2026-5479—19 h ago

Malicious code in mcp-server-github (npm)

OSV-MAL-2026-5165—19 h ago

Malicious code in @emcd-vue/loans (npm)

OSV-MAL-2026-5164—19 h ago

Malicious code in @emcd-vue/b2b-pay-form (npm)

OSV-MAL-2026-5163—19 h ago

Malicious code in @emcd-vue/auth (npm)

OSV-MAL-2026-4394—19 h ago

Malicious code in @ikyyofc/gemini-cli (npm)

OSV-MAL-2026-5692—19 h ago

Malicious code in ecto-win-flag-q2m7 (npm)

OSV-MAL-2026-5690—19 h ago

Malicious code in ecto-spectral-leak-8d4e2 (npm)

OSV-MAL-2026-5689—19 h ago

Malicious code in ecto-rust-read-f3a9c1 (npm)

OSV-MAL-2026-5688—19 h ago

Malicious code in ecto-nightly-spirit (npm)

OSV-MAL-2025-49282—19 h ago

Malicious code in ect-472839 (npm)

OSV-MAL-2026-5607—19 h ago

Malicious code in chai-net-test (npm)

OSV-MAL-2026-4508—19 h ago

Malicious code in cdk-insights (npm)

OSV-MAL-2026-2891—19 h ago

Malicious code in chai-as-init (npm)

OSV-MAL-2026-5394—19 h ago

Malicious code in @sql-access/nodesql (npm)

CVE-2025-59374Critical· 9.8KEV22 h ago

ASUS Live Update Embedded Malicious Code Vulnerability

CVE-2026-47190Medium· 4.423 h ago

IPAM controller service account granted unnecessary full access to Secrets

CVE-2026-50010High· 7.523 h ago

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, SimpleTrustManagerFactory.engineGetTrustManagers() and related paths wrap any user-supplied plain X5

CVE-2026-47250Medium· 6.11 d ago

MCP Server Kubernetes: kubectl-generic flag injection enables Kubernetes bearer token exfiltration

CVE-2026-48089—1 d ago

DevGuard has improper authorization on public assets

CVE-2026-46695Critical· 10.02 d ago

BoxLite: Permission Bypass Allows Modification of Read-Only Files

OSV-MAL-2026-5646—2 d ago

Malicious code in sn-internal-testjgsakjdkjadkjahsdkjad (npm)

CVE-2026-46517High· 7.82 d ago

LMDeploy is a toolkit for compressing, deploying, and serving large language models. In versions 0.12.3 and prior, hardcoded "trust_remote_code=True" enables HF supply-chain RCE without user opt-in. At time of publication, there are no publ

OSV-MAL-2026-5572—2 d ago

Malicious code in sendgrid-sdk (npm)

OSV-MAL-2026-5612—2 d ago

Malicious code in gpt-sdk (npm)

OSV-MAL-2026-5570—2 d ago

Malicious code in nim-submit-for-test (npm)

OSV-MAL-2026-5363—2 d ago

Malicious code in @solana-labs/web3-js (npm)

OSV-MAL-2026-5292—2 d ago

Malicious code in bittensor-burn-watch (PyPI)

OSV-MAL-2026-5555—2 d ago

Malicious code in express-timer (npm)

OSV-MAL-2026-5554—2 d ago

Malicious code in express-self-destruct2 (npm)

OSV-MAL-2026-5557—2 d ago

Malicious code in janus-ft (npm)

OSV-MAL-2026-5540—2 d ago

Malicious code in @monitoring-lib/error-tracking (npm)

OSV-MAL-2026-5536—2 d ago

Malicious code in zer0onedatetool (npm)

CVE-2026-47155—2 d ago

vLLM's Artifact Pin Decay allows pinned deployments to load unpinned code, weights, and processors