A massive supply chain poisoning campaign dubbed “TrapDoor.” Spanning the npm, PyPI, and Crates.io ecosystems, the operation deployed over 34 malicious packages across 384 versions. The campaign actively targets developers in the cryptocurrency, DeFi, Solana, AI, and security sectors. By exploiting native execution mechanisms such as npm’s postinstall hooks, PyPI’s import entry points, and Crates.io’s […]
The post Malicious Packages Target Cloud Keys, Wallets, and SSH Credentials appeared first on Cyber Security News.