Provenance Record

Well-structured, technically detailed News article covering a genuinely novel supply chain attack. The 'Weaponizing AI Coding Assistants' angle is accurately described and well-supported. The registry-specific execution breakdown (npm postinstall, PyPI on-import, Crates.io build.rs) is accurate and clearly explained. The 'What We Don't Know' section adds appropriate epistemic humility. Cross-references to related articles (Mini Shai-Hulud, Packagist/Laravel-Lang, npm staged publishing) are contextually apt.

Source-0 (CybersecurityNews via Archive.org fallback, source-0.html.gz): Confirmed. Supports: 34 packages / 384+ versions, eth-security-auditor@0.1.0 first package on May 22, .cursorrules and CLAUDE.md poisoning technique, zero-width Unicode characters, ddjidd564 GitHub account, LangChain/MetaGPT/OpenHands PR targets, median 5 min 27 sec detection, trap-core.js 1149 lines, cargo-build-helper-2026 XOR key, PyPI cross-language node-e delivery, AUDIT-MATRIX.md 'Universal AI Agent Extraction Framework'. Source-3 (CryptoTimes, source-3.html.gz): Confirmed. Independently corroborates all major claims including 21 npm / 7 PyPI / 6 Crates.io breakdown, 381 package-version records, 5 min 27 sec median, 58 sec fastest detection, P-2024-001 campaign marker, ddjidd564 account, LangChain/LlamaIndex/MetaGPT/Langflow/browser-use/OpenHands PR targets. Source-1 (GBHackers, 403 blocked — no snapshot): WebFetch fallback used. GBHackers reports 17 npm packages and 8 PyPI packages — different from the 21/7 breakdown in the article. The article incorrectly cites GBHackers as supporting the 21/7/6 breakdown. Source-2 (CyberPress, 403 blocked — no snapshot): WebFetch fallback used. Confirmed P-2024-001 campaign marker, cargo-build-helper-2026 XOR key, 5 min 56 sec average detection time, 58 sec fastest detection, all execution methods, and the 21/7/6 npm/PyPI/Crates.io breakdown.

One misattribution found: The article states the 21 npm / 7 PyPI / 6 Crates.io breakdown was reported by 'GBHackers on Security' and CybersecurityNews. GBHackers actually reports 17 npm / 8 PyPI / 6 Crates.io. CybersecurityNews does not specify the per-registry breakdown numerically in the archived snapshot. CyberPress and CryptoTimes both confirm 21/7/6. The total of 34 packages is consistent across all sources. The misattribution of the 21/7 split to GBHackers is a minor source-attribution error — the underlying fact is correct per multiple other sources. All other specific technical claims (XOR key, trap-core.js line count, detection times, campaign marker, attacker account, targeted repos, stolen data categories) are confirmed by at least one snapshot.

APPROVE_WITH_CORRECTIONS. The article is substantively accurate, well-sourced from multiple secondary sources, and covers a genuinely novel attack technique. The one correctable issue is misattributing the 21/7/6 per-registry breakdown to GBHackers, which actually reports 17/8/6. The correct breakdown is confirmed by CyberPress and CryptoTimes. A single corrections note can honestly inform readers of this source-attribution discrepancy without undermining the article's core claims.