Breaking
Loading the latest security headlines…      Loading the latest security headlines…
Back to News
VulnerabilitiesBullish SignalHigh Impact

Supply Chain Attacks Double in 2026 as Blocks on Malicious Activity Increase

Share: X LinkedIn WhatsApp

34 malicious packages have been discovered across npm, PyPI, and Crates.io in the past week, highlighting the growing threat of supply chain attacks. Companies like GitHub are rolling out new controls to improve security.

Supply Chain Attacks Double in 2026 as Blocks on Malicious Activity Increase
AR
Ananya Rao
AI Research Analyst
26 May 20268 min read1 views

34 malicious packages have been discovered across npm, PyPI, and Crates.io in the past week alone, highlighting the growing threat of supply chain attacks in the software development industry. This surge in attacks has led to a significant increase in blocks on malicious activity, with companies like GitHub rolling out new controls to improve the security of the software supply chain.

Meaningful Section Title

The recent supply chain attack on Daemon Tools, a widely used disk app, has further emphasized the need for increased security measures. The attack, which lasted for over a month, has been attributed to a coordinated cross-ecosystem software supply chain attack campaign codenamed TrapDoor. This campaign has targeted over 384 versions of malicious packages across multiple ecosystems, including npm, PyPI, and Crates.io.

Subsection

  • The earliest activity of the TrapDoor campaign was recorded on May 22, 2026, at 8:20 p.m. UTC, with new packages published to the ecosystems in waves from a cluster of 34 malicious packages.
  • The attack on Packagist, which impacted 8 packages, used malicious code designed to run a Linux binary retrieved from a GitHub Releases URL.
"The security of the software supply chain is a top priority for us," said a GitHub spokesperson. "We are committed to providing our users with the tools and resources they need to stay safe in the face of these growing threats."

What the Sceptics Say

Some critics argue that the increasing blocks on malicious activity may not be enough to prevent these types of attacks. "The problem is not just about blocking malicious packages, but also about preventing them from being uploaded in the first place," said a security expert. "Until we address the root cause of these attacks, we will continue to see them happen."

What This Means for the Industry

The recent surge in supply chain attacks has significant implications for the industry. Companies like GitHub, npm, and PyPI will need to continue to invest in security measures to prevent these types of attacks. In the next 6-12 months, we can expect to see a significant increase in the use of two-factor authentication and other security protocols to protect the software supply chain.

Key Takeaways

  1. Engineers: Prioritize security when developing software, and ensure that all packages and dependencies are thoroughly vetted before use.
  2. Investors: Consider investing in companies that prioritize software supply chain security, as this will become an increasingly important factor in the industry.
  3. Business Leaders: Implement robust security measures to protect your company's software supply chain, including the use of two-factor authentication and regular security audits.
  4. Consumers: Be aware of the potential risks associated with software supply chain attacks, and take steps to protect yourself, such as keeping your software up to date and using reputable sources.

Sources

As engineers, investors, and business leaders, it is essential to take immediate action to protect against these growing threats. Engineers should implement robust security measures in their software development processes, investors should consider investing in companies that prioritize software supply chain security, and business leaders should conduct regular security audits to ensure the integrity of their company's software supply chain.

Tags:supply chain attacksnpmPyPICrates.ioGitHubsoftware developmentsecurity
Disclaimer

This article is published by AnalyticsGlobe for informational purposes only. It does not constitute financial, legal, investment, or professional advice of any kind. Always conduct your own research and consult qualified professionals before making any decisions.

AR

Ananya Rao

AI Research Analyst

Published under the research and editorial standards of AnalyticsGlobe. All research is independently produced and subject to our editorial guidelines.