TeamPCP Compromises Telnyx Python SDK to Deliver Credential-... Malicious versions of the Telnyx Python SDK on PyPI delivered credential-stealing malware via a multi-stage supply chain attack.

🚨 TeamPCP compromised the Telnyx #Python SDK on PyPI.

Malicious versions 4.87.1 and 4.87.2 steal credentials.

Full analysis → socket.dev/blog/telnyx-...

TeamPCP has partnered with ransomware group Vect after exfiltrating ~300GB of credentials from CI/CD environments, targeting open source supply chains.

“We will chain these compromises into devastating follow-on ransomware campaigns.”

Details → socket.dev/blog/teampcp...

📌 If you've been tagged in one of these discussions, don’t follow the link. It’s not just spam. There’s routing and browser fingerprinting happening before anything else is served, as a first step before a follow-on payload.

New month, new GitHub bot spam notifications 🙄

Widespread GitHub Campaign Uses Fake VS Code Security Alerts... Widespread GitHub phishing campaign uses fake Visual Studio Code security alerts in Discussions to trick developers into visiting malicious website.

🚨 We’re seeing a widespread GitHub campaign using fake VS Code alerts + Google redirects to route developers to attacker infrastructure.

The flow adapts based on cookies and fingerprints users before serving a second-stage attack. Not your average phishing link:

socket.dev/blog/widespr...

Socket + Docker RSA Happy Hour · Luma Join Socket and Docker for happy hour during RSA. Stop by for drinks, bites, and conversation with other developers, security engineers, and open source...

At RSA? Join Docker + Socket.dev for a happy hour.

Socket Firewall is now integrated into Docker Hardened Images, helping filter risky dependencies early.
Grab a drink and talk directly with the teams behind it.
🗓 March 25 | 4pm PST

Register: https://bit.ly/4dFAvAq

VP of Engineering About Us Socket helps devs and security teams ship faster by cutting out security busywork. Thousands of orgs use Socket to safely find, audit, and manage open source code. Our customers — from Anthr...

We're hiring for our first VP of Engineering at Socket.

You'll work directly with @feross.bsky.social to lead and scale a high-performing, deeply technical engineering team tackling some of the hardest problems in software supply chain security.

⚡️Apply here: jobs.ashbyhq.com/socket/09d8b...

TeamPCP Is Systematically Targeting Security Tools Across th... TeamPCP is targeting security tools across the OSS ecosystem, turning scanners and CI pipelines into infostealers to access enterprise secrets.

These tools are secret + infrastructure + code security scanners by design and used in critical enterprise workflows. If compromised, they risk exposing production environments' secrets with a direct view into where the weak points are.

socket.dev/blog/teampcp...

Socket + Docker RSA Happy Hour · Luma Join Socket and Docker for happy hour during RSA. Stop by for drinks, bites, and conversation with other developers, security engineers, and open source…

🍻 Join Socket + @docker.com for Happy Hour at #RSA: drinks, bites, and conversation with security engineers & open source maintainers.

Socket Firewall is now integrated into Docker Hardened Images, helping filter risky dependencies early.

📅 Wed 3/25, 4–6 PM

RSVP: luma.com/socket-docke...

5 Malicious npm Packages Typosquat Solana and Ethereum Libra... Five malicious npm packages typosquatting crypto libraries steal private keys via Telegram, targeting Solana and Ethereum developers, with active C2 i...

New Research: 5 malicious npm packages typosquatting #crypto libraries steal private keys via Telegram, targeting #Solana and #Ethereum devs.

(Unrelated to recent TeamPCP attacks):
socket.dev/blog/5-malic... #NodeJS

🔺 Update: There are emerging claims of mass credential exfiltration: reports from @intcyberdigest.bsky.social and @vxundergroundre.bsky.social cite ~300GB of credentials exfiltrated and ~500,000 stolen via the LiteLLM compromise alone.

Our post has been updated with the latest details:

TeamPCP: "These companies were built to protect your supply chains yet they can't even protect their own, the state of modern security research is a joke, as a result we're gonna be around for a long time stealing terrabytes of trade secrets with our new partners."

This is an important situation for every security tool and open source project to monitor right now.

cc: @campuscodi.risky.biz @thehackernews.bsky.social @bleepingcomputer.com @techcrunch.com @zackwhittaker.com

TeamPCP Is Systematically Targeting Security Tools Across th... TeamPCP is targeting security tools across the OSS ecosystem, turning scanners and CI pipelines into infostealers to access enterprise secrets.

🚨 TeamPCP is systematically targeting security tools across the #OSS ecosystem, turning scanners and CI pipelines into infostealers.

Attacks spreading fast across GitHub Actions, OpenVSX, and PyPI.

Early speculation about a possible connection to LAPSUS$.

Details → socket.dev/blog/teampcp...

TypeScript 6.0 Released: The Final JavaScript-Based Version ... TypeScript 6.0 introduces new standard APIs, modern default settings, and deprecations as it prepares projects for the upcoming TypeScript 7.0 release...

🎉 #TypeScript 6.0 landed today with new standard APIs, stricter defaults, and deprecations ahead of 7.0’s Go-based compiler.

Quick breakdown → socket.dev/blog/typescr... #JavaScript

Aqua Security’s GitHub org was briefly taken over during the Trivy incident.

Archived snapshots show attacker-created repos (e.g. tpcp-docs-*) with messages like “TeamPCP Owns Aqua Security,” indicating the attacker had write access to the org.

Our post has been updated with more details:

If you’re pulling Trivy images from Docker Hub right now, be advised that the latest images are compromised.

cc: @campuscodi.risky.biz @thehackernews.bsky.social @zackwhittaker.com @bleepingcomputer.com

Trivy Supply Chain Attack Expands to Compromised Docker Imag... Newly published Trivy Docker images (0.69.4, 0.69.5, and 0.69.6) were found to contain infostealer IOCs and were pushed to Docker Hub without correspo...

🚨 Breaking: Trivy Docker images are compromised.

Tags 0.69.4, 0.69.5, and 0.69.6 contain infostealer IOCs. The latest images were pushed to Docker Hub without corresponding GitHub releases. `latest` currently points to a malicious image.

Details: socket.dev/blog/trivy-d...

Update: CanisterWorm has expanded to 135 malicious artifacts across 64+ npm packages.

New activity is slowing, likely due to npm intervention. Wiz attributes the campaign to “TeamPCP,” previously linked to the Trivy supply chain attacks.

Campaign tracking: socket.dev/supply-chain...

CanisterWorm: npm Publisher Compromise Deploys Backdoor Acro... The worm-enabled campaign hit @emilgroup and @teale.io, then used an ICP canister to deliver follow-on payloads.

🚨 Another supply chain attack:

Attackers republished 29 legitimate npm packages with a backdoor using compromised publisher access, enabling further propagation via stolen tokens and payload delivery through an ICP canister.

Details: socket.dev/blog/caniste...
#NodeJS

We updated our post with more info: Trivy maintainers confirmed it was a credential compromise, carried over from the previous incident in early March.

Trivy Under Attack Again: Widespread GitHub Actions Tag Comp... Attackers compromised Trivy GitHub Actions by force-updating tags to deliver malware, exposing CI/CD secrets across affected pipelines.

🚨 Trivy update: maintainers confirm this attack used a compromised credential carried over from the breach in early March.

We’ve updated our analysis with full details on how 75 GitHub Action tags were poisoned and used to exfiltrate secrets during CI runs.

socket.dev/blog/trivy-u...

FYI if you're using Trivy in CI right now:

75 of 76 tags on the official GitHub Action were force-pushed to serve malware. Affects 10K+ workflows.

If you're not on v0.35.0, assume compromise.

cc: @campuscodi.risky.biz @thehackernews.bsky.social @zackwhittaker.com @bleepingcomputer.com

Trivy Under Attack Again: Widespread GitHub Actions Tag Comp... Attackers compromised Trivy GitHub Actions by force-updating tags to deliver malware, exposing CI/CD secrets across affected pipelines.

🚨 Trivy is under attack again.

Attackers force-pushed 75 of 76 tags in aquasecurity/trivy-action, impacting 10K+ workflows and turning trusted GitHub Actions into malware.

Any version ≠ v0.35.0 may execute an infostealer in CI.

Analysis forthcoming: socket.dev/blog/trivy-u...

ENISA Publishes Technical Advisory on Secure Use of Package ... ENISA’s new package manager advisory outlines the dependency security practices companies will need to demonstrate as the EU’s Cyber Resilience Act be...

In less than 6 months, companies shipping software in Europe face the first Cyber Resilience Act deadline.

ENISA's latest advisory on secure package manager use spells out expectations for SBOMs, dependency monitoring, and vulnerability reporting.

socket.dev/blog/enisa-t...

GlassWorm Sleeper Extensions Activate on Open VSX, Shift to ... We identified over 20 additional malicious extensions, along with over 20 related sleeper extensions, some of which have already been weaponized.

🚨 GlassWorm sleeper extensions are now activating on Open VSX.

We identified 20+ new malicious extensions and ~20 sleepers, some later weaponized to deliver malware via extension updates.

New shift: payloads now hosted on GitHub, bypassing registry takedowns.

socket.dev/blog/glasswo...

🪱 Major update to GlassWorm activity on Open VSX:

The campaign is now following this pattern:

plant sleeper extensions → wire them together via extension packs → activate later → pull payloads from GitHub

cc @campuscodi.risky.biz @thehackernews.bsky.social @zackwhittaker.com @arstechnica.com

GlassWorm Sleeper Extensions Activate on Open VSX, Shift to ... We identified over 20 additional malicious extensions, along with over 20 related sleeper extensions, some of which have already been weaponized.

🚨 GlassWorm sleeper extensions are now activating on Open VSX.

We identified 20+ new malicious extensions and ~20 sleepers, some later weaponized to deliver malware via extension updates.

New shift: payloads now hosted on GitHub, bypassing registry takedowns.

socket.dev/blog/glasswo...

🚨 Update: Over the weekend we’ve identified 20+ additional malicious extensions tied to this campaign. We are currently monitoring another ~20 "sleeper" extensions that appear related but have not yet delivered the loader.