#supply chain attacks

[ follow ]
#supply-chain-attacks #cybersecurity #open-source #malware #software-development #fortiweb #zero-day
fromThe Hacker News
20 hours ago

Weekly Recap: Fortinet Exploit, Chrome 0-Day, BadIIS Malware, Record DDoS, SaaS Breach & More

Fortinet has warned that a new security flaw in FortiWeb has been exploited in the wild. The medium-severity vulnerability, tracked as CVE-2025-58034, carries a CVSS score of 6.7 out of a maximum of 10.0. It has been addressed in version 8.0.2. "An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiWeb may allow an authenticated attacker to execute unauthorized code on the underlying system via crafted HTTP requests or CLI commands," the company said.
Information security
Information security
fromIT Pro
3 weeks ago

Ransomware attacks are hitting European enterprises at record pace

Europe faces record ransomware and state-sponsored cyberattacks, with faster deployments and broad targeting across industries including healthcare, defense, and critical infrastructure.
Information security
fromThe Hacker News
1 month ago

Chinese Threat Group 'Jewelbug' Quietly Infiltrated Russian IT Network for Months

China-linked Jewelbug conducted a five-month intrusion into a Russian IT service provider, accessing code repositories and exfiltrating data to Yandex Cloud.
Information security
fromTheregister
1 month ago

Socket will block it with free malicious package firewall

Socket released Socket Firewall Free, a free CLI that blocks malicious dependencies at install time across npm, yarn, pnpm, pip, uv, and cargo.
Node JS
fromSecurityWeek
2 months ago

GitHub Boosting Security in Response to NPM Supply Chain Attacks

GitHub will require two-factor authentication for local NPM publishing and deploy short-lived, granular tokens plus trusted publishing to mitigate NPM supply-chain attacks.
Information security
fromThe Hacker News
2 months ago

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Cursor's default-disabled Workspace Trust allows VS Code-style autorun tasks to execute on folder open, enabling arbitrary code execution and potential credential theft.
fromTheregister
2 months ago

Stolen OAuth tokens expose Palo Alto customer data

Marc Benoit, chief information security officer at PAN, confirmed in a note to clients - seen by The Register - that it was informed on August 25 that the "compromise of a third-party application, Salesloft's Drift, resulted in the access and exfiltration of data stored in our Salesforce environment." It immediately disconnected the third-party application from its Salesforce CRM, he said.
Information security
fromThe Hacker News
3 months ago

PyPI Blocks 1,800 Expired-Domain Emails to Prevent Account Takeovers and Supply Chain Attacks

These changes improve PyPI's overall account security posture, making it harder for attackers to exploit expired domain names to gain unauthorized access to accounts.
Python
#cybersecurity
fromSecuritymagazine
5 months ago
Information security

Why Are Cyberattacks Targeting Retail? Experts Share Their Thoughts

Retailers, even luxury brands, are increasingly targeted by cyberattacks, highlighting vulnerabilities in their security practices.
fromDatabreaches
6 months ago
Tech industry

Chinese Hackers Hit Drone Sector in Supply Chain Attacks

Chinese hackers disrupt Taiwan and South Korea's drone supply chain through targeted multi-wave attacks.
more#cybersecurity
Information security
fromIT Pro
5 months ago

Application security risk: How leaders can protect their businesses

Application security is increasingly challenging due to software complexity and pressure for rapid feature rollout.
[ Load more ]