TrapDoor supply-chain campaign spreads credential-stealing malware via npm, PyPI, and Crates.io

TrapDoor is a coordinated supply-chain campaign distributing credential-stealing malware through malicious packages across npm, PyPI, and Crates.io. Researchers have cataloged more than 34 packages spanning over 384 versions tied to this activity. The campaign targets developers and organizations that pull code from these registries, aiming to capture identity credentials and data from developer tools. This update is the latest in an ongoing series we have been tracking, with the focus remaining on breadth across ecosystems rather than any single package. Inventory and quarantine suspect dependencies; scan build and dev hosts for malicious packages; rotate impacted credentials; pin and verify dependencies; enforce allowlists and provenance checks across npm, PyPI, and Crates.io. Read the full daily briefing: https://kernelpanicbrief.substack.com Recommended tool: Disclosure: This section contains paid affiliate links. We may earn a commission if you purchase through these links. - Sophos: Endpoint and malware protection for Windows, Linux, and business environments where malware, ransomware, exploited vulnerabilities, or privilege escalation matter. https://prf.hn/l/ojNAEE2/ #cybersecurity #infosec #shorts #malware

Видео TrapDoor supply-chain campaign spreads credential-stealing malware via npm, PyPI, and Crates.io канала The Kernel Panic Brief