"Both of these campaigns will likely play out over several months. The data that was taken a few weeks ago will likely be leveraged this week, next week, next month - probably for several months - and the blast radius will continue to expand."
"We are seeing more and more developers targeted by this type of activity. Attackers are starting to really look at the supply chain and open source packages, and figure out ways to compromise developers to deliver malware or gather data, depending on the type of threat."
"It's going to become even more frequent as attackers use AI to make their social engineering campaigns more believable and hyper-personalized to targeted people and organizations."
In March, two significant supply chain attacks targeted popular open source projects, Trivy and Axios, leading to malware infections and data theft from tens of thousands of organizations. Trivy, a vulnerability scanner, has over 100,000 users, while Axios, a JavaScript library, boasts around 100 million weekly downloads. Both attacks were executed by different groups but shared similar goals and methods. Experts warn that such attacks will increase, especially as AI enhances social engineering tactics used by attackers.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]