Crates.io news

A new malware campaign named TrapDoor is targeting developers across npm, PyPI, and Crates.io. Researchers found over 34 malicious packages designed to compromise developer workstations and workflows, specifically targeting credentials and files related to AI coding assistants, highlighting ongoing software supply chain risks.

A coordinated supply chain attack named TrapDoor has been discovered across npm, PyPI, and Crates.io. The campaign used over 34 malicious packages to distribute credential-stealing malware, highlighting ongoing risks in open-source registries and the developers who rely on them.