Date Observed: April 29–30, 2026Ecosystem: npm, PyPI, Packagist (PHP)Targets: SAP enterprise developers, AI/ML engineers, DevOps and DevSecOps teams using Intercom
SANDWORM_MODE: A New Wave of npm Supply Chain Attacks Targeting CI/CD Pipelines Date of Discovery: February 20, 2026 Ecosystem: npm
How InvisiRisk BAF Effectively Mitigates GitHub Actions Supply Chain Attacks Like the Ultralytics Attack Introduction The rise of automation in
In-Depth Analysis: How InvisiRisk BAF Effectively Mitigates GitHub Actions Supply Chain Attacks Introduction The modern software development lifecycle is heavily
The Great NPM Heist: What Happened and How InvisiRisk Protects You In early September 2025 attackers orchestrated a large-scale supply
Date Observed: April 23, 2026 Ecosystem: npm (Node.js) Targets: Developer workstations, GitHub Actions CI/CD pipelines, cloud environments, AI coding tool
Date Observed: April 22, 2026 Ecosystem: PyPI (Python) Targets: AI/MLOps teams, CI/CD pipelines, cloud-connected LLM inference environments Attack Type: Supply
Axios npm Compromise: North Korea-Linked Threat Actor Poisons Popular HTTP Client Date Observed: March–April 2026 Ecosystem: npm, Node.js, CI/CD pipelines
TeamPCP Supply Chain Campaign: CI/CD Pipeline Attacks Targeting Trivy, KICS, and LiteLLM Date Observed: March 2026 Ecosystem: GitHub Actions, npm,
GlassWorm: The Invisible Unicode Supply Chain Worm Targeting CI/CD Pipelines Date Observed: October 2025 – ongoing (March 2026) Ecosystem: VS
Please fill out the form and we will get back to you.
