CISA has added three critical supply chain vulnerabilities to its KEV catalog: a compromised Daemon Tools Lite installer (CVE-2026-8398, CVSS 9.8) affecting version 12.5.1, malicious TanStack npm packages (CVE-2026-45321, CVSS 9.6) affecting specific versions like tanstack/arktype-adapter 1.166.12 and 1.166.15, and a malicious Nx Console extension (CVE-2026-48027, CVSS 9.8) affecting nx_console version 18.95.0. Federal agencies must apply patches by June 10, 2026, and all organizations are urged to review their systems for these compromised versions and remediate them immediately.
Supply chain CISA adds Daemon Tools, TanStack, and Nx Console compromised versions to KEV catalog May 29, 2026 Share By SC Staff As detailed in Security Affairs, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, requiring federal agencies to address them by June 10, 2026. The vulnerabilities include compromised versions of Daemon Tools Lite (CVE-2026-8398), TanStack npm packages (CVE-2026-45321), and the Nx Console extension (CVE-2026-48027) resulting from recent supply chain attacks. The Daemon Tools Lite vulnerability was a supply chain attack where official installers were compromised between April and May 2026, appearing legitimate due to valid code-signing certificates. The TanStack flaw involved attackers abusing GitHub Actions to publish 84 malicious package versions containing credential-stealing malware. The Nx Console issue was a malicious version briefly available on the Visual Studio Marketplace and OpenVSX. CISA mandates that federal agencies patch these vulnerabilities to mitigate risks. Private organizations are also strongly encouraged to review the KEV catalog and remediate these issues within their own infrastructures to prevent exploitation. Source: Security Affairs SC Staff Related Supply chain New supply chain attack targets Laravel PHP packages with credential stealer SC Staff May 26, 2026 The attack compromises the release process of Laravel-Lang, affecting packages like laravel-lang/lang, laravel-lang/http-statuses, laravel-lang/attributes, and laravel-lang/actions. Supply chain Socket raises $60 million for its open-source security platform SC Staff May 21, 2026 The investment, led by Thrive Capital with participation from Andreessen Horowitz and Capital One Ventures, brings Socket's total funding to $125 million. Supply chain GitHub Actions workflow compromised to steal CI/CD credentials SC Staff May 19, 2026 The attack involves an "imposter commit" strategy where all existing tags in the repository were altered to point to a malicious commit. Related Events Cybercast From code to cloud: Stopping attacks in the software supply chain On-Demand Event Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe You can skip this ad in 5 seconds