All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

Supply Chain Attacks on Open-Source Software: Case Study of Malicious Pull Request Attempts

By

brene

1mo ago· 12 min readenInsight
Bagel score 100 of 100
100/100
Golden Brown
Bagelometer

Pulled from the oven just right. Trustworthy, fact-dense, deeply satisfying.

Score100TypeanalysisSentimentnegative

Summary

The article discusses recent supply chain attacks on open-source software projects like LiteLLM and axios, with a specific case study of attempted malicious code injection into the Better-Auth JavaScript library. The author describes how attackers attempt to add malicious code via pull requests that download multi-stage payloads from blockchain sources and establish command-and-control server connections, comparing these tactics to North Korea's 'EtherHiding' techniques. The article serves as a technical analysis and warning about the growing threat of state-sponsored attacks on open-source ecosystems.

Key quotes

· 5 pulled
Just in the last 7 days, we've seen LiteLLM and axios impacted by supply chain attacks.
He observed repeated attempts by a contributor to add malicious code directly via a pull request.
This malicious code downloads multi-stage payloads hosted on a blockchain and establishes a command and control server connection which ultimately compromises the machine.
This is very similar to DPRK's 'EtherHiding'.
These attacks were thankfully thwarted.
Snippet from the RSS feed
Just in the last 7 days, we've seen LiteLLM and axios impacted by supply chain attacks. Recently, I was chatting with Bereket Engida, the creator of the popular JS auth library. He observed repeated attempts by a contributor to add malicious code directly

You might also wanna read

AWS well-architected framework best practices for software supply chain security

This article discusses software supply chain security best practices in the context of recent npm Registry attacks (Shai-Hulud, Chalk/Debug,

aws.amazon.com·4d ago

September 2025 NPM supply-chain attack compromises popular JavaScript packages

In September 2025, a coordinated software supply-chain attack targeted multiple popular NPM packages in the JavaScript ecosystem. The attack

projectptixiakis.github.io·3d ago

Microsoft uncovers supply chain attack: Compromised @antv npm packages steal CI/CD credentials via Mini Shai-Hulud malware

Microsoft has identified an active supply chain attack targeting the @antv npm package ecosystem. A threat actor compromised an @antv mainta

microsoft.com·15h ago

Microsoft uncovers npm supply chain attack stealing cloud and CI/CD credentials via typosquatted packages

Microsoft identified an active supply chain attack (Mini Shai-Hulud campaign) targeting the npm package ecosystem. On May 28, 2026, a threat

microsoft.com·2d ago

SymJack Attack Exploits AI Coding Agents for Supply Chain Compromise

This article describes a novel supply chain attack called 'SymJack' that targets AI coding agents. The attack exploits the trust and automat

briefly.co·4d ago

North Korean Chollima Group Targets PHP Developers via Malicious Packagist Package

A malicious obfuscated JavaScript payload was discovered appended to tailwind.js in the Packagist development version dev-drewroberts/featur

socket.dev·2h ago