A coordinated TrapDoor supply chain campaign is actively targeting developers across three major package ecosystems, with researchers identifying over 34 malicious packages and 384+ related versions and artifacts across npm, PyPI, and Crates.io. Socket Security researchers say some packages have already been removed, while others remain live. The attack first surfaced on May 22, 2026, at […]
The post Supply Chain Attack Compromises 34 Packages Across npm, PyPI, Crates. appeared first on Cyber Security News.