Ingest
Attribute
Enrich
Fix
TrapDoor Supply Chain Campaign: Cross-Ecosystem Credential Theft and AI Assistant Poisoning via npm, PyPI, and Crates.io
Francesco Cipollone
25th May 2026
TrapDoor is an active supply chain campaign hitting npm, PyPI, and Crates.io simultaneously — 34 malicious packages, 384 artifact versions, confirmed since May 19, 2026. The campaign steals SSH keys, AWS credentials, GitHub tokens, and crypto wallet keystores, while silently poisoning AI coding assistants through hidden zero-width Unicode injected into .cursorrules and CLAUDE.md files. Zero CVEs assigned. Standard scanners return zero findings.
