Supply‑chain incidents multiply

Open-source software attacks are hitting the tools developers trust to build and ship code, not just the apps they run. Researchers this month tied together incidents spanning npm packages, leaked GitLab artifacts, and compromised build pipelines. (socket.dev, labs.boostsecurity.io) A software supply-chain attack works like tampering with parts before they reach the factory floor. In practice, that means a poisoned package update, a stolen maintainer token, or a compromised continuous integration and continuous delivery pipeline that signs and publishes code automatically. (unit42.paloaltonetworks.com, labs.boostsecurity.io) The npm ecosystem has been a repeated target since at least September 2025, when Socket documented a campaign that started with the package `@ctrl/tinycolor` and then expanded to nearly 500 affected packages, including several open-source CrowdStrike packages. In March 2026, Socket reported another campaign, “CanisterWorm,” that backdoored more than 29 packages after compromising publisher accounts. (socket.dev, socket.dev, socket.dev) Those package attacks matter because tiny libraries sit deep inside huge dependency trees. Socket’s package index lists `ms`, a millisecond conversion utility, among widely used npm packages, which helps explain why researchers and defenders now focus on the “blast radius” of even a single small package or maintainer account. (socket.dev, socket.dev) The GitLab side of the story shows the same pattern in a different place. Red Hat said on October 3, 2025 that an unauthorized party accessed and copied data from a GitLab instance used for internal Red Hat Consulting collaboration, then said it had isolated the instance and added hardening measures. (access.redhat.com) Red Hat also said it had “no reason to believe” the incident affected its broader products, official software downloads, or software supply chain. The company said the exposed GitLab environment could contain project specifications, example code snippets, internal consulting communications, and limited business contact information tied to consulting engagements. (access.redhat.com) Outside researchers described a larger possible downstream impact from that Red Hat breach. GitGuardian wrote on October 3, 2025 that the attackers claimed to have exfiltrated 570 gigabytes from more than 28,000 repositories, including Customer Engagement Reports, authentication tokens, API keys, and infrastructure details affecting about 800 organizations, while noting those claims were based on public reporting and had not been independently verified. (blog.gitguardian.com) By March 31, 2026, Palo Alto Networks’ Unit 42 said TeamPCP had moved from package compromise to trusted security tooling, targeting Trivy, Checkmarx KICS, LiteLLM, and the official Python software development kit of Telnyx. Unit 42 said the campaign pushed infostealer payloads into GitHub Actions and Python Package Index releases, then harvested cloud tokens, Secure Shell keys, and Kubernetes secrets from automated workflows. (unit42.paloaltonetworks.com) That shift has changed the defensive playbook. Boost Security said on April 15, 2026 that it open-sourced SmokedMeat, a red-team framework for build pipelines designed to let defenders simulate the same attack chain, from a pull-request workflow injection to token theft and cloud access. (labs.boostsecurity.io, github.com) Boost said the tool models how a workflow bug can turn into production credential theft in under 60 seconds, and how stolen personal access tokens can expose private repositories and embedded secrets. The company framed SmokedMeat as a way for teams to test runner isolation, token permissions, OpenID Connect trust, and package registry controls before attackers do. (labs.boostsecurity.io, github.com) The common thread is that attackers are aiming at the machinery that publishes software, not only the software itself. Red Hat has kept its investigation open, and security firms are now treating package registries, build runners, and repository tokens as the next places where one stolen credential can spread far beyond one project. (access.redhat.com, unit42.paloaltonetworks.com, labs.boostsecurity.io)