secrets-theft

The 48-Hour Secrets Sprint: How Three Registries Were Swept in One Weekend

John Z Black Apr 23, 2026

Threat Intelligence #supply-chain #npm #pypi #teampcp #xinference #canisterworm #checkmarx-kics #secrets-theft #devsecops

A coordinated 48-hour sprint hit npm, PyPI, and Docker Hub, targeting developer secrets at scale. From infected AI libraries to a trojanized security scanner, the supply chain is moving faster than your detection.