News,Press & Research

Software supply chain attacks are moving fast across developer endpoints, CI/CD pipelines, and open source ecosystems. Here’s what happened between April 30 and May 23—and what security teams should do about it.

Two acquisitions, one funding round, and a bigger platform: Boost adds Korbit.ai's AI-Native SAST and SecureIQx's reachability analysis to secure software factories running at machine speed.

In March 2026, TeamPCP unleashed mayhem on the software supply chain: compromising Trivy, LiteLLM, KICS, Telnyx, and dozens of npm packages, proving that CI/CD pipelines are the softest target. Today we're open-sourcing SmokedMeat, the first red team framework for build pipelines (i.e. CI/CD), so defenders can finally see the full kill chain for themselves.

A newly discovered attack technique allowing attackers to inject commands and exfiltrate secrets by creating malicious deployments from fork pull requests. Exploits the trust assumption that deployments come from verified services like Vercel, affecting popular integrations including Argos CI and Checkly.

TeamPCP published two malicious litellm versions to PyPI containing a .pth infostealer that runs on every Python startup. A compromised maintainer account was then used to silence the disclosure, deface repositories, and expose 70 private BerriAI repos in minutes. This is a Boost Security contribution to a broader community investigation: multiple teams worked this incident in parallel, each bringing their own angle. We focused on CI/CD forensics and GitHub account takeover evidence. The hunt continues.

Almost exactly one year after the tj-actions/changed-files compromise, history repeats. Twenty days after the February Pwn Request on Trivy that we covered in our previous report, the attacker regained access to the Aqua Security org (through a vector still under investigation) and weaponized the aqua-bot service account. On March 19, 2026, poisoned v0.69.4 releases of Trivy were pushed through GitHub Releases, Docker registries, and 75 of 76 tags on the trivy-action GitHub Action. This is an early publication in the interest of community threat hunting; our investigation is ongoing.

Between February 27–28, 2026, the GitHub user 'hackerbot-claw' launched an automated Pwn Request campaign targeting eight high-profile repositories using the AI agent 'openclaw.' Our Package Threat Hunter caught the attack in progress. Further investigation revealed 'MegaGame10418'—a throwaway account that predated the campaign by a month—used to test the same injection techniques against a vulnerable NewRelic test repository.

Is AppSec really dead? A practical look at AI-powered security, Claude Code Security, and why enterprise security needs more than agentic code generation.

We're releasing bagel, an open-source CLI that inventories security-relevant metadata on developer workstations. Credentials, misconfigs, and exposed secrets. It's cross-platform, privacy-first, and designed to help security teams understand the attack surface that modern supply chain adversaries are actively exploiting. Stay tuned for more exciting news about how Boost works to secure every part of the modern software factory (developer endpoints included).