March 2026 Summaries
2 posts from Stream.Security
Filter
Month:
Year:
Post Summaries
Back to Blog
In 2026, a major multi-ecosystem supply chain attack was orchestrated by TeamPCP, targeting platforms such as GitHub Actions, Docker Hub, npm, OpenVSX, and PyPI. This campaign began with the compromise of a single CI/CD token, which led to a cascade of breaches across various ecosystems within a week. One significant target was LiteLLM, a widely used AI/ML package, which had malicious versions published that enabled extensive credential theft and system backdoors. The attack exploited vulnerabilities in build pipelines, particularly the unpinned installation of dependencies like Trivy, allowing the attackers to harvest credentials and maintain persistent access across cloud environments. Detection strategies involve monitoring for runtime anomalies, and compromised versions were found to execute malicious payloads on any Python process invocation, posing severe risks. The campaign highlights the critical need for robust anomaly detection in security postures to preemptively identify threats before traditional indicators of compromise (IOCs) are published.
Mar 31, 2026
2,219 words in the original blog post.
A recent supply chain attack on March 30, 2026, involved the compromise of an npm maintainer account, leading to the publication of two malicious versions of the popular axios package. The attack, which unfolded over a short time span, involved the insertion of a malicious post-install hook into the npm package plain-crypto-js, which was then used as a dependency in the compromised axios versions. Although the attack was detected swiftly by CI/CD scanners and the malicious packages were removed within hours, the incident highlights the critical vulnerability window during which any npm install executed the malicious payload. This attack underscores the limitations of relying solely on Indicators of Compromise (IOCs) for detection, as attackers continue to evolve tactics, such as obfuscation and self-cleaning mechanisms, to evade detection. It emphasizes the need for behavioral detection methods that can identify deviations from normal application processes and unexpected network connections in real-time, as supply chain attacks targeting high-download packages are becoming increasingly frequent and sophisticated.
Mar 31, 2026
1,138 words in the original blog post.