#software-supply-chain-attacks

[ follow ]
#pypi-malware #npm-package-compromise #github #vscode-extensions #open-source-security #malware-distribution
Information security
fromWIRED
8 hours ago

A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale

Hackers used a poisoned VSCode extension to compromise thousands of GitHub repositories, spreading malware through open source tools and extorting victims.
Information security
fromThe Hacker News
1 day ago

GitHub Investigating TeamPCP Claimed Breach of ~4,000 Internal Repositories

GitHub is investigating unauthorized access to internal repositories after TeamPCP listed source code and organizations for sale, while monitoring for customer impact.
#npm-package-compromise
Information security
fromThe Hacker News
2 days ago

Mini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer Account

A compromised npm maintainer account pushed trojanized @antv and related packages, embedding credential-stealing code and creating significant downstream exposure for auto-updating dependencies.
Information security
fromSecurityWeek
1 week ago

TanStack, Mistral AI, UiPath Hit in Fresh Supply Chain Attack

A coordinated Mini Shai-Hulud supply chain attack compromised 170+ packages, stealing tokens and credentials and spreading via CI publishing of malicious package versions.
Information security
fromThe Hacker News
2 days ago

Mini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer Account

A compromised npm maintainer account pushed trojanized @antv and related packages, embedding credential-stealing code and creating significant downstream exposure for auto-updating dependencies.
Information security
fromSecurityWeek
1 week ago

TanStack, Mistral AI, UiPath Hit in Fresh Supply Chain Attack

A coordinated Mini Shai-Hulud supply chain attack compromised 170+ packages, stealing tokens and credentials and spreading via CI publishing of malicious package versions.
more#npm-package-compromise
Information security
fromThe Hacker News
2 days ago

GitHub Actions Supply Chain Attack Redirects Tags to Steal CI/CD Credentials

Compromised GitHub Actions workflows use imposter commits to steal CI/CD credentials and exfiltrate them to attacker-controlled servers.
Information security
fromSecurityWeek
1 week ago

Build Application Firewalls Aim to Stop the Next Supply Chain Attack

Supply chain attacks repeatedly compromise CI/CD build processes via trusted dependencies, enabling malicious code to enter builds and deliver payloads through automation.
Information security
fromTheregister
7 months ago

Fake Postmark MCP npm package stole emails with one-liner

A malicious npm package impersonating Postmark's MCP secretly BCC'd outgoing emails to an attacker, likely exfiltrating thousands of sensitive messages daily.
[ Load more ]