AI hallucinations create a new supply chain threat

Welcome to the latest edition of Chainmail: Software Supply Chain Security News, which brings you the latest software security headlines from around the world, curated by the team at ReversingLabs (RL).

This week: Newly discovered package hallucination technique ‘slopsquatting’ poses major supply chain risk. Also: RL researchers find that commercial software is just as vulnerable as open-source software. 

This Week’s Top Story

AI hallucinations create a new supply chain threat

This week, researchers from the University of Texas at San Antonio, University of Oklahoma, and Virginia Tech discovered a new package hallucination technique referred to as “slopsquatting,” where the code generated by a large-language model (LLM) recommends or references a fictitious package. The researchers warn that threat actors can exploit this by publishing malicious packages with the hallucinated names — posing serious threats to the software supply chain. 

In the research team’s report (PDF), it cited: “As other unsuspecting and trusting LLM users are subsequently recommended the same fictitious package in their generated code, they end up downloading the adversary-created malicious package, resulting in a successful compromise.” A successful slopsquatting attack could lead to the compromise of an entire codebase or software dependency chain, as any code relying on the malicious package could end up being infected, the researchers said.

When testing 16 popular LLMs for code generation, none were free of package hallucination —  generating a combined 205,474 unique fictitious package names. When looking at commercial models specifically, researchers found that hallucinated packages occurred in about 5% of cases. When looking at open-source models, the percentage jumped to nearly 22%.

(Security Week)

This Week’s Headlines

Report: Commercial software just as vulnerable as open source

RL’s 2025 Software Supply Chain Security Report found that commercial software is just as vulnerable as open-source code. RL researchers performed scans of more than two dozen widely used commercial-software binaries, including commercial operating systems, password managers, web browsers and virtual private network (VPN) software. The team’s findings presented numerous risks, with many of the packages receiving a failing security grade due to the discovery of exposed secrets, actively exploited software vulnerabilities, evidence of possible code tampering and inadequate application hardening. 

RL’s analysis also included scans of 20 distinct versions of VPN clients from six prominent vendors, which found that seven of them contained one or more patch-mandated and/or exploited software vulnerabilities, and four contained exposed developer secrets. (DevOps.com)

Attackers exploit zero-day flaw in file-sharing platform

Researchers at Huntress have discovered that a deserialization vulnerability in Gladinet’s CentreStack enterprise file-sharing platform for managed service providers (MSPs) (CVE-2025-30406) is being exploited in the wild by attackers. Huntress said it believes that seven organizations have already been compromised via the zero-day flaw, which involves a hardcoded cryptographic key that can be used to gain remote code execution (RCE). The researchers are also warning of a second product, Gladinet’s Triofox, which relies on a hardcoded key, and is also vulnerable to CVE-2025-30406. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the flaw to its exploited vulnerabilities catalog. (Cybersecurity Dive)

New malvertising campaign misuses Node.js

Microsoft Security researchers have observed attackers leveraging Node.js to carry out a malvertising campaign related to cryptocurrency trading that attempts to lure users into downloading a malicious installer disguised as legitimate software. Node.js is widely used and trusted by developers for building frontend and backend applications. In this campaign, the downloaded installer contains a malicious DLL that gathers system information and sets up a scheduled task for persistence. This allows attackers to enable defense evasion, data collection, payload delivery and execution. The researchers said that the campaign is still active. (Microsoft Security)

Older SonicWall SMA100 vulnerability exploited in the wild

SonicWall has disclosed that an OS command-injection vulnerability (CVE-2021-20035) in SonicWall SMA100 remote-access appliances has been exploited in the wild. The software product serves as a unified secure access gateway that enables organizations to provide remote access to their corporate environments. The vulnerability, first disclosed in 2021, was initially assigned a medium-severity CVSS score of 6.5, but SonicWall raised the score to 7.2, making it a high-severity flaw. Upon adding it to their exploited vulnerabilities catalogue, CISA said it’s unknown whether the exploitation activity involves ransomware attacks. Federal civilian executive branch agencies in the U.S. have until May 7, 2025 to either patch their SonicWall products or discontinue use of them if mitigations cannot be applied. (Cybersecurity Dive)

Worried about threats to your development pipeline? RL Spectra Assure provides early and actionable feedback on software supply chain risks like malware, tampering, and exposed secrets — without slowing down development.

The Best of RL

Webinar | AI Meets Software Supply Chain Security

Thursday, April 24 at 12pm ET

In this webinar, cybersecurity thought leader Daniel Miessler ⚙️ and RL’s VP of Product Marketing Daniel Petrillo will unpack what AI means for the future of software supply chain security — and how to prepare for what’s next. (Save Your Seat)

Blog | Quantum delivers really random numbers: How that boosts AppSec

Quantum random number generators can make software — including software development secrets — more secure. Here's how it works. (Read It Here)

Calculator | Learn how much you can save on pentesting

Penetration testing is a fundamental practice that mimics a real-world threat actor’s actions to compromise an application deployed to production. But because pentests require software deployment and omit a large portion of the codebase from analysis, they cannot detect embedded threats or software changes. RL’s new calculator can help teams determine how much money their organization can save on pentesting costs by switching to RL Spectra Assure. (Estimate Your Cost)

For more insights on software supply chain security, see the RL Blog.