CISA warns of malware via supply chain attacks
CISA currently warns of recently observed supply chain attacks on TanStack, Daemon Tools, and Nx Console, which have distributed malware.
(Image: janews/Shutterstock.com)
The US IT security authority CISA has issued a warning about recently discovered supply chain attacks on several products. IT managers should take this as an opportunity to check whether they are unknowingly using packages infected with malware.
In total, CISA warns of three incidents. First are Daemon Tools, which between April 8 and May 5, 2026, delivered installers infected with malware from Daemon Tools Lite. The version 12.6 and newer of Daemon Tools Lite no longer contain malicious code, the provider assures. The incident has received a CVE vulnerability entry (CVE-2026-8398, CVSS 9.8, risk “critical”). Unusual is the urgency CISA specifies for the fix: instead of the usual two weeks, US authorities have only until May 30 to distribute the cleaned software.
Another supply chain attack targeted TanStack. Malicious actors compromised 42 packages, with 84 compromised versions. After only 20 minutes, the infected packages were discovered (the CVE entry even speaks of only 6 minutes on May 11, 2026, from 7:20 PM to 7:26 PM UTC) and have since been marked as “deprecated,” but it is unclear how often they were installed. Affected users should renew their credentials in any case. The associated CVE vulnerability entry is numbered CVE-2026-45321 (CVSS 9.8, risk “critical”).
Third supply chain attack
The development tool Nx Console also fell victim to a supply chain attack in May 2026. Version 18.95.0 was impacted; compromised software was available for download between 12:30 PM and 1:09 PM UTC. The problem apparently originated from an individual developer machine that had pulled a manipulated TanStack package a week earlier and then incorporated it. A postmortem report from the Nx Console maintainers goes into detail. The vulnerability entry is CVE-2026-48027 (CVSS 9.8, risk “critical”).
Videos by heise
The last incident shows that a compromise via the supply chain can happen quickly and initially unnoticed. Developers should, if necessary, check the packages they use to see if any known compromised packages have slipped in.
(dmk)
