‘TrapDoor’ malware targets crypto dev tools in supply chain attack

Developer platform Socket says a malware called TrapDoor is targeting crypto and AI developers across npm, PyPI and Crates, aiming to steal crypto wallet info and browser data.
The Hacker News

TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO

TrapDoor spread 34 malicious packages across npm, PyPI, and Crates.io, stealing developer credentials and enabling persistence.

Protect your enterprise now from the Shai-Hulud worm and npm vulnerability in 6 actionable ...

TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious versions anyway. The CI/CD Trust-Chain Audit Grid maps the six gaps it ...
gihyo.jp

サイトについて

Anthropicは2026年5月26日、Claude Code向けのセキュリティ支援プラグイン 「security-guidance」 を公開した。Claude Codeがコードを書いている最中に、一般的な脆弱性や危険な実装パターンを検出し、同じセッション内で修正を促すためのプラグインで、すべてのClaude Codeユーザーが利用できる。 We’ve shipped a security-gu ...