Skills
Three npm/PyPI Supply Chain Attacks Hit in 48 Hours (April 21-23) — All Targeting Secrets: API Keys, Cloud Credentials, SSH Keys From Dev Environments and CI/CD
GitGuardian documented three coordinated supply chain campaigns hitting npm, PyPI, and Docker Hub within a 48-hour window, all targeting developer secrets. Combined with the LiteLLM compromise (versions 1.82.7-1.82.8, 95M monthly downloads, three-stage payload stealing 50+ categories of secrets) and the QLNX RAT, a pattern emerges: attackers are systematically targeting AI infrastructure dependencies. The LiteLLM backdoor used hybrid RSA-4096/AES-256 encryption and polled checkmarx.zone for second-stage payloads every 50 minutes.
Source
↳ Follow the thread