{"data":{"id":"9ba8cbee-a6f1-409f-84eb-bf5507387faf","title":"TrapDoor malware campaign puts developer workstations in CISO spotlight","summary":"The TrapDoor malware campaign compromised over 34 malicious packages across npm, PyPI, and Crates.io (popular code repositories where developers download libraries) to steal developer secrets like AWS credentials, GitHub tokens, and SSH keys (authentication credentials for secure systems). The campaign is particularly dangerous because it targets entire developer workflows, including AI coding assistants, and uses normal software development processes as cover, making it harder to detect and potentially giving attackers access to CI/CD pipelines (automated systems that build and deploy software) and cloud infrastructure.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://www.csoonline.com/article/4177019/trapdoor-malware-campaign-puts-developer-workstations-in-ciso-spotlight.html","publishedAt":"2026-05-26T11:34:29.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["supply_chain","data_extraction"],"issueType":"news","affectedPackages":null,"affectedVendors":["HuggingFace"],"affectedVendorsRaw":["Cursor","Claude"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-05-26T11:34:29.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"advanced","impactType":["confidentiality","integrity"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}