Tag: supply chain
Hijacked npm and Go Packages Deploy Python Infostealer via VS Code Tasks
Researchers have identified two compromised npm packages and a cluster of malicious Go packages that abuse Visual Studio Code task mechanisms to…
Claude Code Hijack Attack Hides Payload in DNS, Never Touches the Repo
Mozilla's 0Din researchers have demonstrated how attackers can weaponize Claude Code's autonomous behavior to spawn a reverse shell on developer machines, with…
CISA Contractor Leaked AWS GovCloud Keys and Plaintext Passwords on GitHub
A public GitHub repository maintained by a Nightwing contractor exposed highly privileged AWS GovCloud credentials, plaintext passwords, and internal CISA system files…
Encryption Optional: How Cyber Extortion Is Evolving Beyond Ransomware
Unit 42 research shows ransomware encryption dropped to 78% of extortion cases in 2025, as threat actors pivot to pure data theft…
AI Agent Skills Need Supply-Chain Audits, Unit 42 Research Finds
A new audit primitive called Behavioral Integrity Verification scanned nearly 50,000 agent skills and found that 80 percent deviate from their declared…
Malicious Skills Persist on ClawHub Despite AI Agent Marketplace Scanning
Unit 42 researchers found five undetected malicious skills in OpenClaw's ClawHub marketplace between February and May 2026, including macOS infostealers and novel…
DNS-Delivered Payload Turns Clean GitHub Repos Into AI Agent Traps
Mozilla 0DIN researchers demonstrate how an agentic coding tool can be manipulated into spawning a reverse shell, with no malicious code ever…