TrapDoor: Malicious npm, PyPI, Crates.io Packages Target Developer Secrets & AI Tooling

TrapDoor is a cross-ecosystem supply-chain campaign that pushed dozens of malicious packages (34+ packages, 380+ affected versions reported) to npm, PyPI, and Crates.io to execute during dependency installation or builds, harvest developer and cloud credentials, validate tokens, attempt SSH-based lateral movement, and establish persistence. The operators targeted crypto/DeFi, Solana, and AI-adjacent developer communities and also modified or created AI instruction files (e.g., .cursorrules, CLAUDE.md) to poison developer tooling; recommended mitigations include inventorying dependencies added in late May 2026, hunting for AI file tampering and persistence artifacts, rotating exposed secrets, and hardening CI/build environments.