{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreib5y6jnts6j3eu66tb5h745iyy7r5swwpjpg52pedpqf3vm5apbxu",
    "uri": "at://did:plc:ghkvexthfanuyq7fb5veq6tw/app.bsky.feed.post/3mmnxyv6tfwc2"
  },
  "coverImage": {
    "$type": "blob",
    "ref": {
      "$link": "bafkreigjhrgbgad4btceugg62ekqhtae5ngey4sdpaedpp6i4kigmsebgu"
    },
    "mimeType": "image/jpeg",
    "size": 296026
  },
  "path": "/2026/05/trapdoor-supply-chain-attack-spreads.html",
  "publishedAt": "2026-05-25T05:59:13.000Z",
  "site": "https://thehackernews.com",
  "textContent": "A new coordinated cross-ecosystem software supply chain attack campaign has targeted npm, PyPI, and Crates.io to distribute credential-stealing malware.\n\nThe campaign, codenamed TrapDoor, spans more than 34 malicious packages across over 384 versions. The earliest activity was recorded on May 22, 2026, at 8:20 p.m. UTC, with new packages published to the ecosystems in waves from a cluster of",
  "title": "TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO"
}