Update: We added our technical analysis. Notable findings: → Likely dormant maintainer account takeover → Payload appended to the CommonJS entrypoint, node-ipc.cjs → Steals developer/CI secrets from env vars and config files → Exfiltrates via DNS TXT queries, not HTTP

Update: We added our technical analysis. Notable findings: → Likely dormant maintainer account takeover → Payload appended to the CommonJS entrypoint, node-ipc.cjs → Steals developer/CI secrets from env vars and config files → Exfiltrates via DNS TXT queries, not HTTP

🏁 TeamPCP and BreachForums are running a supply chain attack contest: $1,000 in Monero for the biggest haul of compromised open source packages, measured by download counts. The group open sourced Shai-Hulud as attack tooling and requires it for entry.

🏁 TeamPCP and BreachForums are running a supply chain attack contest: $1,000 in Monero for the biggest haul of compromised open source packages, measured by download counts. The group open sourced Shai-Hulud as attack tooling and requires it for entry.

This is how I set up Socket Firewall to protect my local dev environment from supply chain attacks. The core idea is simple: package installs are now part of the attack surface. npm install, pip install, CI jobs, and LLM agent workspaces can all execute attacker-controlled code before anything reaches production. So I wrapped my package managers with @SocketSecurity’s sfw, cleared local caches, and made normal commands like npm, pnpm, yarn, pip, uv, and cargo route through Socket Firewall by default. The article covers: 1. Why the TanStack npm compromise made this urgent 2. How install-time protection differs from auditing after the fact 3. The shell wrapper setup 4. What LLM coding agents should do before installing packages Supply chain security cannot depend on everyone remembering to be careful at the exact moment they are trying to move fast. The safer path has to become the default path.

⚠️ GemStuffer used more than 150 RubyGems packages to exfiltrate scraped U.K. council portal data, not distribute malware. The gems collected ModernGov pages, built .gem archives, and published them to RubyGems with hardcoded credentials. Read:

💎 New GemStuffer Campaign: Socket detected a RubyGems registry abuse campaign stuffing scraped UK council portal pages into junk gems. PoC worm, scraper, or spam? Low downloads, repeated publishing, and 155 artifacts tracked so far. New Research →

🐘 @packagist is urging #PHP# projects to update Composer after a GitHub token format change caused some GitHub Actions tokens to be exposed in CI logs. GitHub has rolled back the token change for now, but affected projects still need to update Composer.

It’s not every day a competitor promotes your product in their launch image. Thanks for the endorsement, Endor Labs. 😅 For anyone wondering, sfw is Socket Firewall, and yes, you can install it from npm today: npm install -g sfw

🐘 @packagist is urging #PHP# projects to update Composer after a GitHub token format change caused some GitHub Actions tokens to be exposed in CI logs. GitHub has rolled back the token change for now, but affected projects still need to update Composer.

💎 New GemStuffer Campaign: Socket detected a RubyGems registry abuse campaign stuffing scraped UK council portal pages into junk gems. PoC worm, scraper, or spam? Low downloads, repeated publishing, and 155 artifacts tracked so far. New Research →

This is why @pnpmjs's latest v11 release was the top story in Socket Weekly this past week - it includes smart defaults that put roadblocks in front of attacks like this. Hard to imagine a more relevant release for this week’s supply chain chaos. 🔮

🎉 Socket is proud to be named to the Rising in Cyber 2026 list by @notablecap, recognizing 30 private cybersecurity startups selected by nearly 150 practicing CISOs and cybersecurity executives.

This is why @pnpmjs's latest v11 release was the top story in Socket Weekly this past week - it includes smart defaults that put roadblocks in front of attacks like this. Hard to imagine a more relevant release for this week’s supply chain chaos. 🔮

🚨 UPDATE: Mini Shai-Hulud has crossed from @npmjs into @pypi and is still spreading. Newly confirmed compromised artifacts: @​opensearch-project/opensearch: 3.5.3, 3.6.2, 3.7.0, 3.8.0 (1.3M weekly downloads) mistralai: 2.4.6 on PyPI guardrails-ai: 0.10.1 on PyPI additional @​squawk/* packages on npm guardrails-ai 0.10.1 executes malicious code on import. On Linux, it downloads git-tanstack[.]com/transformers.​pyz, writes it to /tmp/transformers.​pyz, and runs it with python3 without integrity verification. The git-tanstack.​com domain displayed a message signed “With Love TeamPCP,” along with: “We've been online over 2 hours now stealing creds Regardless I just came to say hello :^)” The page also linked to a YouTube video and you can probably guess which one.

🚨 The popular PyPI package lightning has been compromised in a supply chain attack. Socket detected malicious code in versions 2.6.2 and 2.6.3 that executes automatically on import, downloads Bun, and runs an 11 MB obfuscated JavaScript payload designed to steal credentials. This appears to be connected to yesterday's mini Shai-Hulud attack, but we're still investigating. #Python#