A new coordinated cross-ecosystem software supply chain attack
campaign has targeted npm, PyPI, and Crates.io to distribute
credential-stealing malware. The campaign, codenamed TrapDoor,
spans more than 34 malicious packages across over 384 versions. The
earliest activity was recorded on May 22, 2026, at 8:20 p.m. UTC,
with new packages published to the ecosystems in waves from a
cluster of
Read more https://thehackernews.com/2026/05/trapdoor-supply-chain-attack-spreads.html
