The threat actor utilizes zero-width Unicode characters to obscure malicious prompts, tricking the AI into performing hostile credential exfiltration under the guise of executing an automated project security scan, Socket said. Kimberly-Clark is also projecting further supply chain productivity gains from its pending merger with personal home care product manufacturer Kenvue, which is expected to close in the second half of 2026. More specifically, Kimberly Clark sees opportunities to reduce logistics and procurement costs through the merger. In logistics, new Joule Agents will support execution-level decisions across warehouse and transportation operations, validating inbound receipts, aligning labor with real workload, and helping organizations respond faster to shifting constraints.

GitBait Phishing Campaign Abuses GitHub Pages to Attack Financial Institutions

The malicious package versions also introduce an optionalDependencies field in package.json pointing to a suspicious standalone commit hash 79ac49eedf774dd4b0cfa308722bc463cfe5885c in the TanStack/router GitHub repository. A significant supply-chain compromise affecting 84 npm package artifacts across the TanStack namespace. Systems running compromised packages should be entirely rebuilt from known-good images to ensure total eradication of the persistent threat.

TanStack npm Packages Hacked

The workflows, SafeDep says, were injected through over 5,700 malicious commits pushed to the impacted repositories within a six-hour window, on May 18. The final report is expected to be published next spring, which would include findings and recommendations to governments on how competition could be improved across the food supply chain. In a recent press release, CEO Mary Barra said that the company expects to pay between $4 billion and $5 billion in tariffs by the end of 2025.

“Some companies are looking at rationalizing their actual SKU base and their product base in order to mitigate against some of the price increases that will come in 2026,” Khalaf said of computer manufacturers’ response to higher memory prices. Procurement teams will be tested by constraints touching critical minerals, memory chips, beef and other supplies throughout the year. What changes is how consistently high-volume, time-sensitive coordination happens across the supply chain. OSAT providers such as SPIL and Amkor have benefited from this spillover demand, and alternative technologies like EMIB and FOEB are also gaining traction, with Intel leveraging its U.S.-based manufacturing advantage.

• In 2021, the shortage forced General Motors to cut production at eight facilities; The company had to halt US truck production again in 2022.
• Companies are also adapting supply chains to product changes made necessary by component constraints, Amanda Khalaf, a partner at global management consultancy Argon & Co., said in an interview with Supply Chain Dive.
• TanStack later acknowledged that the attack could have remained undetected far longer had the malware not inadvertently broken tests during the publishing process.
• The npm registry acted swiftly to remove the affected packages, but developers and organizations are urged to take immediate action to mitigate potential damage.

China’s A-Share Suppliers in Apple Foldable Supply Chain

Gaskin said the technology helps maintain a steady product flow to dealerships while giving General Motors opportunities to get days or a week ahead of unexpected supply chain snags. The malware deployed is identical to the one observed in the tinycolor incident, indicating a consistent modus operandi by the threat actors. As ijiwei indicates, the company stated it is supplying UTG glass, PET film, glass supports, and 3D glass cover plates for a major client’s foldable device project this year, with sources saying the client is Apple. As for memory, according to ijiwei, citing The Bell, sources say Apple has placed large-volume orders with Samsung for 12GB LPDDR5X chips as the primary configuration for the iPhone Fold, with procurement prices roughly doubling year over year.

• Despite the supply chain risk designation, the DOD has been using Anthropic’s models to support its military efforts in the war in Iran.
• However, if General Motors is going to adjust its supplier bases to avoid the levies, it already has the tech infrastructure to map out where it should source parts from.
• The platform is widely used in the continuous integration/continuous delivery process and helps automate software development.
• Adversaries are weaponizing vulnerabilities faster, while defenders are racing to ship detections and configurations.
• Through the process, suppliers pay a transparent, price-per-case rate, covering case handling at the automated consolidation center (ACC) and outbound transportation to Walmart RDCs.

The compromised account is said to have pushed malicious orphan commits to two RedHatInsights repositories, bypassing code review. Your go-to portal for global supply chain news, expert analysis, and actionable insights from industry leaders worldwide. Last week, NPM announced that all NPM granular access tokens with write access that bypass two-factor authentication have been invalidated to prevent supply chain attacks similar to Mini Shai-Hulud. One was designed to add a new workflow that would be triggered on every push and pull request, and another that replaced existing workflows with specific triggers, creating dormant backdoors.

In 2024, the DOT began publishing information on inland freight hubs, including rail terminal and warehouse end destinations to help shippers with capacity planning and avoid supply chain delays. Other published data includes purchase information as well as information around cargo movements out of specific ports of origin. The malicious packages have since been removed from public repositories, but the campaign’s complexity raises concerns about similar future attacks. Security researchers are warning of a supply chain attack against tj-actions/changed-files GitHub Action, which is used in more than 23,000 repositories. Similar to the modus operandi observed in the Axios supply chain attack, the hackers modified the packages’ PKGBUILD to introduce malicious behavior masquerading as the NPM package atomic-lockfile.

• As the report notes, Infineon previously highlighted that traditional transformers face rising cost and lead-time pressures due to heavy material use, particularly copper.
• The workflows, SafeDep says, were injected through over 5,700 malicious commits pushed to the impacted repositories within a six-hour window, on May 18.
• Predictive labor planning in SAP Extended Warehouse Management will allow operations teams to anticipate workforce needs rather than react to gaps.
• The malware then attempted to propagate itself by enumerating additional npm packages maintained by the victim and republishing them with the same malicious payload.

Sources say the company has already supplied foldable device hardware to major clients, including support components and hinge modules made from stainless steel, titanium alloy, and carbon fiber. The Pentagon has continued to use Claude during the U.S. and Israeli war with Iran, CBS News reported last week. The American Supply Chain Sovereignty Initiative also builds on the National Freight Strategic Plan, per the press release, which was updated this year.

State of Logistics Report: Volatility is the new normal

As ijiwei indicates, polarizers can cause cracking at bending points in foldable designs, making CoE a standard approach for recent foldable panels. Notably, the OLED materials will continue to use the M14 set found in the iPhone 17 Pro Max rather than a new material stack, reflecting Apple’s focus on stability and cost efficiency. TrendForce News operates independently from our research team, curating key semiconductor and tech https://bicyclepotential.org/blog/fast-and-reliable-bike-shipping-services-in-nyc updates to support timely, informed decisions. “There is no valid justification for the Challenged Actions. The Court should declare them unlawful and enjoin Defendants from taking any steps to implement them.” The lawsuit accused the administration of “seeking to destroy the economic value created by one of the world’s fastest-growing private companies, which is a leader in responsibly developing an emergent technology of vital significance to our Nation.”

Samsara raises guidance amid data center boom

The national freight plan was launched in 2020 to guide national policy and investments related to supply chains. In recent years, Walmart has highlighted several uses of automation in its supply chain, including a high-density storage system developed with technology company Knapp, autonomous forklifts from Fox Robotics and inventory-tracking sensors from Wiliot that reduce manual tasks. https://northfloridahouse.com/journey-to-egypt-a-complete-travel-companion.html Earlier this year, npm also introduced “min-release-age,” a setting that tells npm to reject any package version published less than a specified number of days as a safeguard against newly published malicious packages. The changes aim to combat attack techniques that abuse the “npm install” command to trigger the execution of malicious code using npm lifecycle hooks. “Npm install” is used to download and install all the necessary dependencies for a Node.js project.

Discovered in May 2026 by Socket and Aikido, threat actors manipulated GitHub tags to distribute malware through Composer’s autoloader, granting complete remote access to developer environments. Because of the supply chain risk designation, defense contractors have to certify that they do not use Anthropic’s Claude models in their work with the military. If anything, the AI systems ensure that processes along General Motors’ supply chain keep humming so that factory workers can continue to assemble vehicles with readily available components. Instead, it helps data-center employees identify risks, which can help suppliers produce parts, keep General Motors production on factory floors, and help the company profit. Third, Risk Intelligence, General Motors’ AI article scanner, reads and classifies thousands of daily news articles for potential impact on the company’s supply chain.