TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO

Updated on May 25, 2026

A new coordinated cross-ecosystem software supply chain attack campaign has targeted npm, PyPI, and Crates.io to distribute credential-stealing malware.

The campaign, codenamed TrapDoor, spans more than 34 malicious packages across over 384 versions. The earliest activity was recorded on May 22, 2026, at 8:20 p.m. UTC, with new packages published to the ecosystems in waves from a cluster of…

Read the rest of the story at Read More

Source: The Hacker News

February 28, 2025 Uncategorized

5,000 Phishing PDFs on 260 Domains Distr...

December 21, 2023 Uncategorized

Cost of a Data Breach Report 2023: Insig...

December 21, 2023 Uncategorized

TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO

Related posts

5,000 Phishing PDFs on 260 Domains Distr...

Cost of a Data Breach Report 2023: Insig...

New JavaScript Malware Targeted 50,000+ ...

Leave a Comment Cancel reply

Recent News

⚡ Weekly Recap: Linux Flaws, Defender 0-Days, Router Botnets, and Supply Chain Chaos

Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks

The Alert Firehose Finally Meets Its Match

Lazarus Deploys RemotePE Memory-Only RAT Against Financial and Crypto Firms

TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO

npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks

Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware

Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software

Laravel-Lang PHP Packages Compromised to Deliver Cross-Platform Credential Stealer

LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root