TechSecInfo

The tech + cyber briefing: what happened, why it matters, and where it came from.

Cyber Security

TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO

By rooter

A new coordinated cross-ecosystem software supply chain attack campaign has targeted npm, PyPI, and Crates.io to distribute credential-stealing malware.

The campaign, codenamed TrapDoor, spans more than 34 malicious packages across over 384 versions. The earliest activity was recorded on May 22, 2026, at 8:20 p.m. UTC, with new packages published to the ecosystems in waves from a cluster of

Oh hi there 👋
It’s nice to meet you.

Sign up to receive awesome content in your inbox, every month.

We don’t spam! Read our privacy policy for more info.

Oh hi there 👋
It’s nice to meet you.

Sign up to receive awesome content in your inbox, every month.

We don’t spam! Read our privacy policy for more info.

By rooter

Related Post

Cyber Security

CMMC Is Exposing A Major Gap In The Defense Supply Chain

rooter
Cyber Security

Critical Splunk Enterprise Flaw Lets Attackers Run Code Without Authentication

rooter
Cyber Security

Zero Trust For AI In Defense Networks

rooter

Leave a Reply

You Missed

News

How to watch most of the World Cup matches with free trials

News

‘Ninja Scroll’ Is Slashing Back to Theaters in October

News

Segway Navimow X430 Review: A Featureful Mow-Bot

News

The impossible dream of the universal remote