TrapDoor Supply-Chain Attack Targets Crypto and AI Developers
Security researchers identified a coordinated supply-chain campaign known as TrapDoor that began on May 22, 2026, targeting developer tooling used by cryptocurrency, DeFi, AI and security projects. The campaign deployed 34 malicious packages and more than 384 versions across npm, PyPI and Crates.io.