#supply-chain attack

[ follow ]
#supply-chain-attack #npm #cybersecurity #malware #phishing #data-breach #oauth-token-theft #unc6395 #npm-packages
#f5-breach
fromWIRED
2 days ago
Information security

Why the F5 Hack Created an 'Imminent Threat' for Thousands of Networks

fromWIRED
2 days ago
Information security

Why the F5 Hack Created an 'Imminent Threat' for Thousands of Networks

more#f5-breach
#supply-chain-attack
fromThe Cipher Brief
1 week ago
Information security

A Deniable Attack with Strategic Precision: Why the Red Hat Breach Looks More Like Statecraft Than Mere Crime

Information security
fromThe Hacker News
1 month ago

Weekly Recap: Drift Breach Chaos, Zero-Days Active, Patch Warnings, Smarter Threats & More

OAuth token theft via a Salesloft-Drift integration exposed Salesforce data across major tech firms, underscoring integration fragility and supply-chain security risks.
Information security
fromDataBreaches.Net
1 month ago

Salesloft Drift Breach Rolls Up Cloudflare, Palo Alto, Zscaler, and Others - DataBreaches.Net

Supply-chain attacks exploiting a Salesloft/Drift Salesforce OAuth vulnerability compromised customer Salesforce instances at Cloudflare, Palo Alto Networks, Zscaler, SpyCloud, PagerDuty, and hundreds more.
fromThe Cipher Brief
1 week ago
Information security

A Deniable Attack with Strategic Precision: Why the Red Hat Breach Looks More Like Statecraft Than Mere Crime

more#supply-chain-attack
#data-breach
fromIT Pro
2 months ago
Privacy technologies

Air France and KLM confirm customer data stolen in third-party breach

fromIT Pro
2 months ago
Privacy technologies

Air France and KLM confirm customer data stolen in third-party breach

more#data-breach
Information security
fromIT Pro
3 weeks ago

A malicious MCP server is silently stealing user emails

A malicious MCP server repackaged as Postmark on npm exfiltrated thousands of emails by adding a BCC line, exploiting full assistant privileges and bypassing security controls.
#phishing
more#phishing
Information security
fromThe Hacker News
3 weeks ago

Two Critical Flaws Uncovered in Wondershare RepairIt Exposing User Data and AI Models

Two critical authentication-bypass vulnerabilities in Wondershare RepairIt exposed unencrypted user data and cloud resources, enabling AI model tampering, supply-chain attacks, and remote code execution.
Information security
fromTheregister
3 weeks ago

SolarWinds patches critical RCE - for the third time

SolarWinds issued a third hotfix for a critical (9.8) unauthenticated deserialization RCE in Web Help Desk, which remains patch-bypassed and likely exploitable.
#npm
more#npm
Information security
fromBitcoin Magazine
1 month ago

NPM Attack: Javascript Library Compromise Goes After Bitcoin Wallets

Compromised NPM account pushed malware that locates cryptocurrency wallets, modifies transaction-signing functions, and swaps recipient addresses to steal funds.
Information security
fromTechCrunch
1 month ago

Salesloft says Drift customer data thefts linked to March GitHub account hack | TechCrunch

A March GitHub breach at Salesloft allowed theft of authentication and OAuth tokens, enabling mass hacks of multiple large tech customers and a supply-chain compromise.
Information security
fromThe Hacker News
1 month ago

Malicious npm Packages Impersonate Flashbots, Steal Ethereum Wallet Keys

Four npm packages impersonating Flashbots exfiltrate Ethereum private keys and mnemonic seeds to a Telegram bot and redirect unsigned transactions to attacker-controlled wallets.
fromTechzine Global
1 month ago

Hackers steal customer data from Zscaler via Salesloft leak

Following a previous series of victims, Zscaler has also been affected by a hacked Salesforce Drift instance. This resulted in the theft of customer data and information about support cases. Zscaler warns that hackers stole sensitive customer data after gaining access to their Salesforce environment. The stolen data includes customer names, email addresses, job titles, phone numbers, and location data. In addition, product licenses, commercial information, and the content of certain support cases have also been compromised.
Information security
fromArs Technica
2 months ago

Supply-chain attacks on open source software are getting out of hand

Malicious packages published on npm and PyPI had been downloaded more than 56,000 times, containing malware that enabled keylogging and other surveillance functionalities.
Privacy technologies
#cybersecurity
Cryptocurrency
fromThe Hacker News
5 months ago

Malicious Go Modules Deliver Disk-Wiping Linux Malware in Advanced Supply Chain Attack

Three malicious Go modules can destroy Linux systems by overwriting primary disks, indicating significant supply-chain attack risks.
Cryptocurrency
fromThe Hacker News
5 months ago

Malicious Go Modules Deliver Disk-Wiping Linux Malware in Advanced Supply Chain Attack

Three malicious Go modules can destroy Linux systems by overwriting primary disks, indicating significant supply-chain attack risks.
more#cybersecurity
Information security
fromThe Hacker News
4 months ago

DragonForce Exploits SimpleHelp Flaws to Deploy Ransomware Across Customer Endpoints

DragonForce ransomware exploited vulnerabilities in a Managed Service Provider's SimpleHelp tool for data exfiltration and ransomware deployment.
fromArs Technica
5 months ago

Hundreds of e-commerce sites hacked in supply-chain attack

The widespread supply chain attack targeted at least 500 e-commerce sites, compromising sensitive customer data by executing malicious code via visited browsers.
E-Commerce
Node JS
fromThe Hacker News
5 months ago

Ripple's xrpl.js npm Package Backdoored to Steal Private Keys in Major Supply Chain Attack

XRPL.js, a popular JavaScript library, was compromised in a supply chain attack aimed at harvesting users' private keys.
DevOps
fromInfoQ
6 months ago

Compromised GitHub Action Highlights Risks in CI/CD Supply Chains

A popular GitHub Action was compromised, exposing critical security weaknesses in the CI/CD pipeline of open-source Actions.
[ Load more ]