#supply-chain-attack

[ follow ]
Node JS
fromThe Hacker News
1 week ago

Ripple's xrpl.js npm Package Backdoored to Steal Private Keys in Major Supply Chain Attack

XRPL.js, a popular JavaScript library, was compromised in a supply chain attack aimed at harvesting users' private keys.
#cybersecurity
Growth hacking
fromThe Hacker News
1 month ago

Seven Malicious Go Packages Found Deploying Malware on Linux and macOS Systems

Ongoing campaign targets Go ecosystem with typosquatted modules deploying malware on Linux and macOS.
Information security
fromWIRED
10 months ago

A Catastrophic Hospital Hack Ends in a Leak of 300M Patient Records

Snowflake targeted in supply chain attack, Kaspersky software banned in the US, AI startup under scrutiny, Amazon's face-recognition tools utilized in UK train stations.
Software development
fromInfoQ
1 week ago

Google Go Module Mirror Served Backdoor for 3+ Years

Research uncovered a major supply chain attack in the Go ecosystem involving a backdoored package.
The attack exploited caching in the Go Module Proxy, emphasizing security vulnerabilities in module management.
DevOps
fromTheregister
1 month ago

Separate supply chain attack tied to 23K pwned GitHub repos

The GitHub supply chain attack was likely initiated through a compromised GitHub Action, reviewdog/action-setup, leading to extensive data breaches.
Information security
fromSecuritymagazine
4 months ago

Nearly 400,000 WordPress credentials stolen

A security breach by MUT-1244 has resulted in the theft of over 390,000 WordPress credentials, highlighting the vulnerability of security researchers and pentesters.
Growth hacking
fromThe Hacker News
1 month ago

Seven Malicious Go Packages Found Deploying Malware on Linux and macOS Systems

Ongoing campaign targets Go ecosystem with typosquatted modules deploying malware on Linux and macOS.
Information security
fromWIRED
10 months ago

A Catastrophic Hospital Hack Ends in a Leak of 300M Patient Records

Snowflake targeted in supply chain attack, Kaspersky software banned in the US, AI startup under scrutiny, Amazon's face-recognition tools utilized in UK train stations.
Software development
fromInfoQ
1 week ago

Google Go Module Mirror Served Backdoor for 3+ Years

Research uncovered a major supply chain attack in the Go ecosystem involving a backdoored package.
The attack exploited caching in the Go Module Proxy, emphasizing security vulnerabilities in module management.
DevOps
fromTheregister
1 month ago

Separate supply chain attack tied to 23K pwned GitHub repos

The GitHub supply chain attack was likely initiated through a compromised GitHub Action, reviewdog/action-setup, leading to extensive data breaches.
Information security
fromSecuritymagazine
4 months ago

Nearly 400,000 WordPress credentials stolen

A security breach by MUT-1244 has resulted in the theft of over 390,000 WordPress credentials, highlighting the vulnerability of security researchers and pentesters.
more#cybersecurity
DevOps
fromInfoQ
2 weeks ago

Compromised GitHub Action Highlights Risks in CI/CD Supply Chains

A popular GitHub Action was compromised, exposing critical security weaknesses in the CI/CD pipeline of open-source Actions.
fromTheregister
4 months ago
Information security

OpenWrt supply chain attack scare prompts urgent upgrades

OpenWrt users should upgrade to the same image version to mitigate risks from a reported supply chain attack.
Information security
fromBusiness Insider
7 months ago

The detonation of pagers used by Hezbollah shows the depths of supply-chain infiltration

The coordinated attacks in Lebanon indicate a high level of sophistication and planning, likely by a state actor utilizing global supply chains.
Information security
fromThe Hacker News
7 months ago

Hackers Hijack 22,000 Removed PyPI Packages, Spreading Malicious Code to Developers

A new supply chain attack technique called Revival Hijack targets the PyPI registry, allowing attackers to exploit existing packages for malicious intent.
Information security
fromITPro
9 months ago

Millions of sites could've been exposed in the Polyfill, BootCDN, Bootcss, and Staticfile attack - and it was all orchestrated by a single operator

A supply chain attack using multiple CDNs affected countless websites, prompting warnings and actions to mitigate potential risks.
[ Load more ]