Two different attackers poisoned popular open source tools — and showed us the future of supply chain compromise

April 11, 2026
aisecuritybusinessmobile
Red game pieces grouped with one isolated piece symbolizing social distancing on a reflective surface.
Photo by Markus Spiske on Pexels

The incidents

It has been reported that two separate campaigns in March infected widely used open source tooling and siphoned secrets from tens of thousands of organizations — and we may only be seeing the opening act. First, Trivy, a vulnerability scanner embedded in thousands of CI/CD pipelines, was compromised in late February and had credential‑stealing malware injected into binaries, GitHub Actions and container images on March 16; that malware allegedly hoovered CI/CD secrets, cloud credentials, SSH keys and Kubernetes configs and planted persistent backdoors. It has been reported that the same group, known as TeamPCP, used stolen CI/CD secrets to taint other projects (KICS, LiteLLM, Telnyx) and push malicious packages to PyPI.

Meanwhile, it has been reported that the popular JavaScript library Axios — tens of millions of downloads weekly and present in roughly 80 percent of cloud and developer environments — was compromised by attackers allegedly linked to North Korea. Two different threat actors. Two different motives, similar playbooks: deep access to developer environments, clever social engineering, and a hunger for secrets. How bad? We won't know the full blast radius for months.

Why this matters — and what's next

Experts warn this is exactly the trajectory supply‑chain attacks were heading toward. It has been reported that Mandiant Consulting CTO Charles Carmakal expects stolen data to be weaponized over many months; Cisco Talos outreach lead Nick Biasini has said attackers are increasingly targeting developers and open‑source packages. Add AI to the mix — making phishing and persona spoofing far more convincing — and you get a formula for frequent, scalable compromises. It feels less like a one‑off heist and more like a new normal.

Time to start dropping SBOMs

So what now? Short answer: treat the tools you trust as part of your attack surface. Start dropping SBOMs, rotate and isolate CI/CD credentials, tighten supply‑chain provenance checks, and assume compromise when triaging alerts. It’s an ugly reminder: the software we build with communal pieces can become the vector that knocks the wind out of thousands. Not subtle. Not sexy. Effective.

Sources: The Register