Ossprey Security

We're tracking "Megalodon" An active supply chain attack injecting malicious steps into GitHub Actions workflows at scale. 575K+ files stolen. 449 GB exfiltrated. Still ongoing. If you see 'Optimize-Build' in CI, rotate every secret immediately. ossprey.com/blog/megalodon…

Ossprey Security flagged three malicious durabletask versions within seconds of each upload to PyPI this morning. Same behaviour to yesterday's antv package compromise. Our analysis, IOCs, and remediation advice. ossprey.com/blog/supply-ch…

Ossprey Security detected nine antv npm packages this morning, each carrying an identical credential stealer that runs the moment you npm install and walks off with AWS, GitHub, npm, and Vault tokens. ossprey.com/blog/shai-hulu…

@karpathy Another TeamPCP hit today with the malicious Telnyx pypi packages. Yet another in an endless stream of supply chain compromises in packages. ossprey.com/blog/telnyx-py…

Software horror: litellm PyPI supply chain attack. Simple `pip install litellm` was enough to exfiltrate SSH keys, AWS/GCP/Azure creds, Kubernetes configs, git credentials, env vars (all your API keys), shell history, crypto wallets, SSL private keys, CI/CD secrets, database passwords. LiteLLM itself has 97 million downloads per month which is already terrible, but much worse, the contagion spreads to any project that depends on litellm. For example, if you did `pip install dspy` (which depended on litellm>=1.64.0), you'd also be pwnd. Same for any other large project that depended on litellm. Afaict the poisoned version was up for only less than ~1 hour. The attack had a bug which led to its discovery - Callum McMahon was using an MCP plugin inside Cursor that pulled in litellm as a transitive dependency. When litellm 1.82.8 installed, their machine ran out of RAM and crashed. So if the attacker didn't vibe code this attack it could have been undetected for many days or weeks. Supply chain attacks like this are basically the scariest thing imaginable in modern software. Every time you install any depedency you could be pulling in a poisoned package anywhere deep inside its entire depedency tree. This is especially risky with large projects that might have lots and lots of dependencies. The credentials that do get stolen in each attack can then be used to take over more accounts and compromise more packages. Classical software engineering would have you believe that dependencies are good (we're building pyramids from bricks), but imo this has to be re-evaluated, and it's why I've been so growingly averse to them, preferring to use LLMs to "yoink" functionality when it's simple enough and possible.

A new wave of #TeamPCP malware embedded in #telnyx versions 4.87.1 and 4.87.2 on #PyPI. Full analysis is on our blog. If telnyx is in your dependency tree, check your installed version now. ossprey.com/blog/telnyx-py… #SupplyChainSecurity #PyPI #OpenSource

New Blog: Nx Package Compromise Malware hidden in recent Nx releases created a repo called s1ngularity-repository in developers’ GitHub accounts exposing SSH keys, API tokens, and even wallet files. Read the breakdown: ossprey.com/blog/nx-packag… #SupplyChainSecurity #npm #OSS

New from Ossprey: PyPI is cracking down on domain resurrection attacks by invalidating expired maintainer domains. 1,800 accounts un-verified in just 2 months. Time to check if your dependencies rely on revoked maintainers. Full blog: ossprey.com/blog/pypi-doma… #OpenSource

Now at #OSSummit, @bagder is absolutely rocking the stage. The room is laughing hard from all his examples of the life of an open source maintainer. But really, we should all be crying. Example: 47 car brands rely on cURL. Not one contributes back the project. #OSSummit #OSSEU

What a start to #OSSummit Europe! 🎉 Inspiring talks, buzzing sessions, and endless hallway conversations showed the power of the #OpenSource community in action. The energy is unmatched — and it’s only Day 1!

#OSSummit and #OpenSSFCommunity Day Europe are almost here. What’s on your “don’t miss” list? Visit the #OpenSSF booth B33 for demos, AMAs, and practical insights from the people building secure-by-design tools for open source. Read the highlights: openssf.org/blog/2025/08/2…

🚨 North Korea infiltrated 100+ U.S. companies using fake remote workers—stealing data, crypto & defense tech. They even used AI to forge voices, documents & LinkedIn profiles. The worst part? Some were praised as top talent. Full story → thehackernews.com/2025/07/us-arr…

Cryptocurrency company Binance has issued guidance on its blog for how to mitigate threats to personnel following a recent increase in actions targeting high profile individuals in the sector binance.com/en/blog/securi…?

See our latest blog post for a technical deep dive into what happened and what it means for engineers and defenders. 👉 ossprey.com/blog/tj-action… Let us know your thoughts or what your team is doing to reduce this kind of risk. #supplychainsecurity #BirdsOfCyber

Happy to announce that we have graduated from the Plexal Grow Cyber Security Accelerator! With over 60 sessions and countless insights, you can learn more about our experience with Plexal here: ossprey.com/blog/cyber-run… #SupplyChainSecurity #OpenSourceSecurity #CyberSecurity