TrapDoor and Megalodon Supply Chain Attacks Compromise Thousands
A coordinated software supply chain attack campaign, known as TrapDoor, has targeted npm, PyPI, and CratesIO, spreading credential-stealing malware. Simultaneously, over 5,500 GitHub repositories have been infected in the 'Megalodon' attack, which involves malicious CI/CD workflows. These attacks highlight the vulnerabilities in open-source ecosystems and underscore the need for enhanced monitoring and validation of third-party code.