TanStack has released a detailed postmortem describing a sophisticated supply-chain attack that compromised 42 npm packages and published 84 malicious package versions in just six minutes, exposing developers and CI/CD systems to credential theft and malware propagation. The attack exploited a combination of GitHub Actions cache poisoning, unsafe pull_request_target workflows, and runtime token extraction to inject malicious https://detroitapartment.net/securing-machinery-loads-from-ohios-manufacturing-hubs.html code into the release pipeline without directly compromising npm credentials. CISA is prioritizing the response to multiple emerging software supply chain intrusion campaigns targeting developer ecosystems Continuous Integration/Continuous Development (CI/CD) pipelines.
Atomic Arch Supply Chain Attack Hits 1,500 AUR Packages
New TrapDoor supply chain campaign, an active attack deploying 34 malicious packages and over 384 related versions across npm, PyPI, and Crates.io to steal developer credentials and cryptocurrency wallets. Security researchers and external contributors detected the compromise within roughly 20 minutes of the malicious packages appearing on npm, allowing TanStack to rapidly deprecate affected versions and coordinate with npm security to remove compromised tarballs from the registry. TanStack later acknowledged that the attack could have remained undetected far longer had the malware not inadvertently broken tests during the publishing process. Throughout its history, EXIM has a long history of financing projects that resulted in imports critical to U.S. economic security. For example, in the 1940s and 1950s when the Soviet Union stopped exporting uranium, EXIM provided loans to develop foreign production capacity of this strategic resource, ensuring a source of supply for the United States. As technology and innovation has developed over the decades, critical inputs are often located outside of the U.S.
Routing guides are crumbling: ‘It is different this time’
- After a year defined by tariff-fueled turbulence, supply chains shouldn’t expect to settle into a period of calm in 2026.
- Suppliers working with participating providers will access region-specific pricing through Walmart’s published rate card, with no additional markups applied by participating providers to services performed by Walmart.
- Every compromised package version contains a newly injected router_init.js file, approximately 2.3 MB in size.
- Suppliers send products under a single national purchase order to one location, and from there Walmart combines the inventory and distributes it across its 42 regional distribution centers (RDCs).
- TrapDoor attempts to harvest an extensive array of developer data, specifically targeting Sui, Solana, and Aptos crypto wallets, alongside SSH keys, browser profiles, and AWS environment variables.
GitHub has announced what it said are “breaking changes” coming to npm version 12, one of which turns off install scripts by default to combat software supply chain threats. Business leaders must know where their products are, which suppliers or sub-suppliers are at risk, and how to respond with confidence. The campaign’s earliest observed component was the PyPI package eth-security-, published on May 22, 2026, before expanding rapidly into other repositories. Packages were uploaded in distinct waves across all three registries, utilizing deceptive names like prompt-engineering-toolkit, solidity-deploy-guard, and defi-threat-scanner to heavily feign legitimacy within adjacent developer communities. “OEMs and tier 1 suppliers may wish to build buffer inventory as DRAM makers pivot to data center applications, but this strategy offers limited long-term relief.”
How AI-powered news scanning and data mapping boost General Motors’ supply chain efficiency
According to Sonatype, the campaign started with abandoned packages in AUR, which were modified to execute a malicious NPM package during installation. By June 12, the attackers switched to Bun-based installation paths and also started pushing new malicious packages. Reliable, harmonized data is essential for AI-driven decisions and for orchestrating the supply chain. In 2026, we are continuing to enhance master data consistency, improve network-wide data quality, and support AI‑ready data models that help ensure our customers can trust and operationalize their insights at scale. Whether it’s global conflicts, raw material shortages, or sudden demand spikes, supply chains need to pivot faster than ever. That’s why this year, the conversation isn’t about incremental improvements—it’s about reimagining processes with intelligent technologies that anticipate, adapt, and act autonomously.
- Those that hesitate risk falling behind in a world where adaptability is the ultimate competitive advantage.
- The solution integrates data from SAP Business Network and SAP Business Data Cloud, providing a comprehensive view across every tier of the supply chain.
- As ijiwei indicates, polarizers can cause cracking at bending points in foldable designs, making CoE a standard approach for recent foldable panels.
- Security researchers are warning of a supply chain attack against tj-actions/changed-files GitHub Action, which is used in more than 23,000 repositories.
- AI delivers lasting value in supply chain management only when it is embedded where work actually happens.
Don’t miss tomorrow’s Cybersecurity industry news
- OpenAI announced it struck a deal with the Pentagon hours after Defense Secretary Pete Hegseth declared Anthropic a supply chain risk in late February.
- Together, they represent incremental but meaningful progress toward more connected, automated, and resilient supply chain operations.
- The critical role semiconductor memory chips play in modern vehicle electronic systems is driving the high demand, Fusion said.
- The next generation of supply chain technology will empower businesses to detect disruptions early, harness data at scale, and consistently exceed customer expectations.
- TanStack has released a detailed postmortem describing a sophisticated supply-chain attack that compromised 42 npm packages and published 84 malicious package versions in just six minutes, exposing developers and CI/CD systems to credential theft and malware propagation.
SCRI, like previous EXIM efforts, aims to remedy that by bolstering supply chains critical to competitiveness, innovation, and economic security. The malware then creates unauthorized GitHub Actions workflows in compromised repositories, enabling the attackers to maintain access and automate further malicious activities. “This incident highlights the growing risks in software supply chains and the need for real time CI/CD security monitoring to detect and prevent such actions,” Varun Sharma, CEO of StepSecurity, said via email.