Security Briefing 🔴 Critical

Supply Chain Under Siege: npm, PyPI & GitHub

6 min read
CRITICAL URGENCY

Executive Summary

Major supply chain attack discovered in popular npm package affecting 14 million weekly downloads. Compromised PyPI packages target machine learning pipelines with credential-stealing malware. A backdoor in a widely-used GitHub Action has been exfiltrating CI/CD secrets for 6 months.

⚡ Bottom line: Audit your dependencies immediately. Rotate all CI/CD credentials that may have been exposed.

📦
Critical

npm "event-stream-utils" Supply Chain Compromise

Why It Matters

The npm package "event-stream-utils" (14.2M weekly downloads) was compromised via a maintainer account takeover. Malicious code injected in version 4.7.3 steals environment variables, AWS credentials, and cryptocurrency wallet keys. Package used by major financial and tech companies.

Impact Description
Credential Theft AWS, GCP, Azure credentials from CI/CD environments
Crypto Theft Wallet private keys from developer machines
Backdoor Access Reverse shell capability in production environments
Blast Radius 14M+ weekly downloads, thousands of dependent packages

How to Protect Yourself — Action Items

  • Check for event-stream-utils in package-lock.json immediately
  • Pin to version 4.7.2 or earlier, or remove entirely
  • Rotate all credentials that may have been exposed
  • Scan npm audit for additional compromised dependencies
  • Implement Software Bill of Materials (SBOM) tracking
🐍
Critical

PyPI "pytorch-nightly-utils" Malware Campaign

Why It Matters

Typosquatting packages on PyPI targeting ML/AI developers have been downloaded 45,000+ times. Packages contain malware that exfiltrates model training data, Jupyter notebook contents, and API keys.

Malicious Package Names

pytorch-nightly-utils
tensorflow-model-tools
sklearn-utils-extra
🧠

ML Model Theft

Theft of proprietary ML models and training data.

🔑

API Key Exfiltration

Cloud API credentials from Jupyter notebooks exposed.

📊

IP Theft

Research and development work compromised.

How to Protect Yourself — Action Items

  • Audit Python environments for suspicious packages
  • Use pip-audit to scan for known malicious packages
  • Implement allowlist for approved PyPI packages
  • Enable two-factor authentication on PyPI accounts
  • Use virtual environments isolated from production
⚙️
Critical

GitHub Action "actions/cache-restore" Backdoor

Why It Matters

A backdoored version of the popular "actions/cache-restore" GitHub Action (not the official actions/cache) has been secretly exfiltrating repository secrets, environment variables, and source code since August 2025. Over 3,200 repositories affected.

Why it's dangerous: CI/CD secrets (API keys, deploy credentials) stolen. Source code of private repositories exfiltrated. Supply chain attacks on downstream users possible.

How to Protect Yourself — Action Items

  • Audit all GitHub Actions for unofficial/typosquatted actions
  • Pin actions to specific SHA hashes, not tags
  • Review Actions permissions (GITHUB_TOKEN scope)
  • Enable GitHub Advanced Security secret scanning
  • Rotate all secrets used in affected workflows
🐳
Urgent

Docker Hub Image Poisoning Campaign

Why It Matters

Researchers discovered 200+ malicious Docker images on Docker Hub mimicking popular base images. Images contain cryptominers and backdoors activated only in production environments (detecting CI vs production).

How to Protect Yourself — Action Items

  • Use only Docker Official Images or verified publishers
  • Implement image signing with Docker Content Trust
  • Scan images with Trivy/Grype before deployment
  • Use private container registries with admission control
  • Enable runtime container security monitoring
💻
High

Compromised VS Code Extension "Prettier Pro"

Why It Matters

A popular VS Code extension "Prettier Pro" (fake version of Prettier) with 89,000 installs was found stealing source code and git credentials from developer machines.

How to Protect Yourself — Action Items

  • Remove "Prettier Pro" extension immediately
  • Only install extensions from verified publishers
  • Review extension permissions before installation
  • Audit installed extensions across development team
  • Use VS Code extension allowlists in enterprise

Run a KENSAI scan now to check your supply chain security

🗡️ Scan Your Systems →

Your Action Checklist for This Week

Critical — Do Today
  • Audit npm dependencies for event-stream-utils
  • Scan PyPI packages for typosquatting malware
  • Review GitHub Actions for unofficial actions
High — Do This Week
  • Rotate all potentially exposed CI/CD credentials
  • Implement SBOM for all software projects
  • Enable dependency vulnerability scanning in pipelines
Medium — Ongoing
  • Audit Docker base images for authenticity
  • Review VS Code extensions across developer machines
  • Implement package allowlisting where feasible

🛡️ Is your website secure?

Discover vulnerabilities before attackers do.

Scan your website for free →

📚 Related Articles