SANS: 26‑day supply‑chain pause ends

Software supply-chain attacks hit three trusted developer tools on April 21 and 22, ending what SANS called a 26-day pause in TeamPCP-linked compromises. (isc.sans.edu) A supply-chain attack works like a poisoned ingredient in a shared kitchen: attackers tamper with code packages or build images so downstream users install malware from a trusted source. SANS said that pattern reappeared across npm, PyPI, and Docker Hub in a two-day burst. (isc.sans.edu) (socket.dev) One target was Checkmarx KICS, an open-source scanner that checks infrastructure-as-code files for security mistakes before deployment. SANS said the official KICS Docker Hub repository was compromised on April 22, and Docker said it quarantined the malicious image after detection. (isc.sans.edu) (docker.com) That KICS compromise then spilled into Bitwarden’s release pipeline. Bitwarden said a malicious npm package, @bitwarden/cli@2026.4.0, was available between 5:57 p.m. and 7:30 p.m. Eastern on April 22 before it was contained. (isc.sans.edu) (community.bitwarden.com) Bitwarden said the affected path was its npm-distributed command-line interface, not every Bitwarden product. Socket and BleepingComputer reported the package included credential-stealing code tied to the broader Checkmarx campaign. (community.bitwarden.com) (socket.dev) (bleepingcomputer.com) A third hit landed on PyPI, Python’s main package index, where researchers found trojanized xinference releases 2.6.0, 2.6.1, and 2.6.2 on April 22. JFrog and StepSecurity said the malicious code executed as soon as a program imported xinference. (research.jfrog.com) (stepsecurity.io) Xinference is used to run artificial-intelligence models on company infrastructure, which means its servers often hold cloud keys, model registry tokens, and Kubernetes credentials. StepSecurity said the payload harvested SSH keys, cloud credentials, environment variables, and crypto-wallet files, then exfiltrated them in an archive named love.tar.gz. (stepsecurity.io) SANS said the same week also brought CanisterSprawl, a self-propagating npm worm identified starting April 21. Socket described it as malware that steals developer tokens and reuses stolen publish access to spread into more packages. (isc.sans.edu) (socket.dev) The common thread is that attackers are not just aiming at apps users run directly. They are going after scanners, command-line tools, package managers, and build automation that sit upstream in continuous integration and continuous delivery pipelines. (isc.sans.edu) (securityweek.com) SANS said the April burst marked a shift back from credential monetization into active technical compromise. The immediate fixes are plain but labor-intensive: pin dependency versions, rotate exposed tokens, and audit every build system that could have pulled a poisoned package or image. (isc.sans.edu) (community.bitwarden.com)