Date Observed: May 19, 2026Ecosystem: PyPI (Python)Targets: CI/CD runners, cloud workloads, Kubernetes clusters, developer environments consuming durabletaskAttack Type: Supply chain
Date Observed: May 19, 2026Ecosystem: npm (Node.js)Targets: @antV data visualization packages, echarts-for-react, timeago.js, size-sensor, canvas-nest.js, CI/CD pipelines, developer workstations.Attack Type:
Date Observed: May 11, 2026Ecosystem: npm, PyPITargets: Developers using @tanstack/react-router and related packages; UiPath, Mistral AI, OpenSearch, and Guardrails AI
Date Observed: Late April 2026Ecosystem: RubyGems and Go ModulesTargets: Developers, CI runners, and GitHub Actions pipelinesAttack Type: Malicious package campaign,
Date Observed: April 29–30, 2026Ecosystem: npm, PyPI, Packagist (PHP)Targets: SAP enterprise developers, AI/ML engineers, DevOps and DevSecOps teams using Intercom
Date Observed: April 23, 2026 Ecosystem: npm (Node.js) Targets: Developer workstations, GitHub Actions CI/CD pipelines, cloud environments, AI coding tool
Date Observed: April 22, 2026 Ecosystem: PyPI (Python) Targets: AI/MLOps teams, CI/CD pipelines, cloud-connected LLM inference environments Attack Type: Supply
Axios npm Compromise: North Korea-Linked Threat Actor Poisons Popular HTTP Client Date Observed: March–April 2026 Ecosystem: npm, Node.js, CI/CD pipelines
TeamPCP Supply Chain Campaign: CI/CD Pipeline Attacks Targeting Trivy, KICS, and LiteLLM Date Observed: March 2026 Ecosystem: GitHub Actions, npm,
GlassWorm: The Invisible Unicode Supply Chain Worm Targeting CI/CD Pipelines Date Observed: October 2025 – ongoing (March 2026) Ecosystem: VS
