TrapDoor malware campaign puts developer workstations in CISO spotlight
Summary
The TrapDoor malware campaign compromised over 34 malicious packages across npm, PyPI, and Crates.io (popular code repositories where developers download libraries) to steal developer secrets like AWS credentials, GitHub tokens, and SSH keys (authentication credentials for secure systems). The campaign is particularly dangerous because it targets entire developer workflows, including AI coding assistants, and uses normal software development processes as cover, making it harder to detect and potentially giving attackers access to CI/CD pipelines (automated systems that build and deploy software) and cloud infrastructure.
Classification
Affected Vendors
Related Issues
Original source: https://www.csoonline.com/article/4177019/trapdoor-malware-campaign-puts-developer-workstations-in-ciso-spotlight.html
First tracked: May 26, 2026 at 08:00 AM
Classified by LLM (prompt v3) · confidence: 85%