Malware , Supply chain , DevOps New software supply chain attack uses sleeper packages for credential theft and CI tampering May 1, 2026 Share By SC Staff (Adobe Stock) A new software supply chain attack campaign has been observed utilizing sleeper packages to deliver malicious payloads, enabling credential theft, GitHub Actions tampering, and SSH persistence, according to a recent report by The Hacker News. The campaign, attributed to the GitHub account "BufferZoneCorp," involved malicious Ruby gems and Go modules disguised as legitimate libraries. The Ruby gems were designed to steal credentials, including environment variables, SSH keys, and various configuration secrets, exfiltrating the data to an attacker-controlled endpoint. The Go modules offered broader capabilities, such as tampering with GitHub Actions workflows, planting fake Go wrappers to intercept commands, and establishing SSH persistence by adding a public key to the authorized keys file. These modules would execute through their init functions, manipulate environment variables like HTTP_PROXY, and place a fake Go executable in a cache directory, ensuring it was prioritized over the legitimate binary. This allowed attackers to influence or intercept subsequent Go executions without breaking the build process. Developers who may have installed these packages are advised to remove them, review systems for unauthorized access or changes, rotate compromised credentials, and inspect network logs for suspicious outbound traffic. Source: The Hacker News SC Staff Related Malware More sophisticated EtherRAT malware variant delivered via trojanized installer SC Staff May 1, 2026 More sophisticated EtherRAT malware variant delivered via trojanized installer Threat actors have leveraged a malicious copy of the popular Windows TFTP server and admin tool, Tftpd64, to compromise IT administrators and network professionals with an updated iteration of the EtherRAT malware as part of a new hybrid attack campaign that combines system compromise with cryptocurrency theft, according to Cyber Security News. Malware Clandestine Deep#Door stealer facilitates long-term data compromise SC Staff May 1, 2026 Infosecurity Magazine reports that Windows systems are being stealthily targeted for protracted surveillance and credential exfiltration with the new Python-based Deep#Door backdoor framework. Malware Celebrity data leak exposes private photos and messages due to stalkerware SC Staff May 1, 2026 Cybersecurity researcher Jeremiah Fowler discovered the data, which included intimate chat logs from apps like WhatsApp, Facebook, TikTok, and Instagram. Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe Related Terms Adware You can skip this ad in 5 seconds