TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO

SITREP: A coordinated software supply chain attack, named TrapDoor, has been identified, targeting npm, PyPI, and Crates.io to distribute credential-stealing malware. The attack involves over 34 malicious packages and spans more than 384 versions, with initial activity detected on May 22, 2026. TACTICAL ASSESSMENT: This attack highlights vulnerabilities in widely used package management systems, potentially compromising numerous applications and user credentials. The widespread nature of the attack suggests a significant threat to software integrity and user security across multiple platforms. PROJECTED VECTORS: Future developments may include further exploitation of these vulnerabilities or the emergence of additional malicious packages as attackers refine their methods.