Major supply chain attack discovered in popular npm package affecting 14 million weekly downloads. Compromised PyPI packages target machine learning pipelines with credential-stealing malware. A backdoor in a widely-used GitHub Action has been exfiltrating CI/CD secrets for 6 months.
⚡ Bottom line: Audit your dependencies immediately. Rotate all CI/CD credentials that may have been exposed.
📦
Critical
npm "event-stream-utils" Supply Chain Compromise
Why It Matters
The npm package "event-stream-utils" (14.2M weekly downloads) was compromised via a maintainer account takeover. Malicious code injected in version 4.7.3 steals environment variables, AWS credentials, and cryptocurrency wallet keys. Package used by major financial and tech companies.
Impact
Description
Credential Theft
AWS, GCP, Azure credentials from CI/CD environments
Crypto Theft
Wallet private keys from developer machines
Backdoor Access
Reverse shell capability in production environments
Blast Radius
14M+ weekly downloads, thousands of dependent packages
How to Protect Yourself — Action Items
Check for event-stream-utils in package-lock.json immediately
Pin to version 4.7.2 or earlier, or remove entirely
Rotate all credentials that may have been exposed
Scan npm audit for additional compromised dependencies
Implement Software Bill of Materials (SBOM) tracking
🐍
Critical
PyPI "pytorch-nightly-utils" Malware Campaign
Why It Matters
Typosquatting packages on PyPI targeting ML/AI developers have been downloaded 45,000+ times. Packages contain malware that exfiltrates model training data, Jupyter notebook contents, and API keys.
Malicious Package Names
pytorch-nightly-utils
tensorflow-model-tools
sklearn-utils-extra
🧠
ML Model Theft
Theft of proprietary ML models and training data.
🔑
API Key Exfiltration
Cloud API credentials from Jupyter notebooks exposed.
📊
IP Theft
Research and development work compromised.
How to Protect Yourself — Action Items
Audit Python environments for suspicious packages
Use pip-audit to scan for known malicious packages
Implement allowlist for approved PyPI packages
Enable two-factor authentication on PyPI accounts
Use virtual environments isolated from production
⚙️
Critical
GitHub Action "actions/cache-restore" Backdoor
Why It Matters
A backdoored version of the popular "actions/cache-restore" GitHub Action (not the official actions/cache) has been secretly exfiltrating repository secrets, environment variables, and source code since August 2025. Over 3,200 repositories affected.
Audit all GitHub Actions for unofficial/typosquatted actions
Pin actions to specific SHA hashes, not tags
Review Actions permissions (GITHUB_TOKEN scope)
Enable GitHub Advanced Security secret scanning
Rotate all secrets used in affected workflows
🐳
Urgent
Docker Hub Image Poisoning Campaign
Why It Matters
Researchers discovered 200+ malicious Docker images on Docker Hub mimicking popular base images. Images contain cryptominers and backdoors activated only in production environments (detecting CI vs production).
How to Protect Yourself — Action Items
Use only Docker Official Images or verified publishers
Implement image signing with Docker Content Trust
Scan images with Trivy/Grype before deployment
Use private container registries with admission control
Enable runtime container security monitoring
💻
High
Compromised VS Code Extension "Prettier Pro"
Why It Matters
A popular VS Code extension "Prettier Pro" (fake version of Prettier) with 89,000 installs was found stealing source code and git credentials from developer machines.
How to Protect Yourself — Action Items
Remove "Prettier Pro" extension immediately
Only install extensions from verified publishers
Review extension permissions before installation
Audit installed extensions across development team
Use VS Code extension allowlists in enterprise
Run a KENSAI scan now to check your supply chain security