#supply-chain attack tag

4 months ago

Seven Malicious Go Packages Found Deploying Malware on Linux and macOS Systems

Ongoing campaign targets Go ecosystem with typosquatted modules deploying malware on Linux and macOS.

Software development

Google Go Module Mirror Served Backdoor for 3+ Years

Research uncovered a major supply chain attack in the Go ecosystem involving a backdoored package.

The attack exploited caching in the Go Module Proxy, emphasizing security vulnerabilities in module management.

DevOps

3 months ago

Separate supply chain attack tied to 23K pwned GitHub repos

The GitHub supply chain attack was likely initiated through a compromised GitHub Action, reviewdog/action-setup, leading to extensive data breaches.

Information security

1 month ago

DragonForce Exploits SimpleHelp Flaws to Deploy Ransomware Across Customer Endpoints

DragonForce ransomware exploited vulnerabilities in a Managed Service Provider's SimpleHelp tool for data exfiltration and ransomware deployment.

E-Commerce

fromArs Technica

Hundreds of e-commerce sites hacked in supply-chain attack

A supply-chain attack compromised hundreds of e-commerce sites, allowing malware to steal payment information from visitors.

Malware that had been dormant for six years is now actively stealing sensitive data from e-commerce customers.

Software development

fromSecuritymagazine

3 months ago

Typosquatted packages delivering malware to Linux and macOS systems

A malicious campaign using typosquatted Go packages is targeting Linux and macOS systems to deliver malware.

Growth hacking

4 months ago

Seven Malicious Go Packages Found Deploying Malware on Linux and macOS Systems

Ongoing campaign targets Go ecosystem with typosquatted modules deploying malware on Linux and macOS.

Software development

Google Go Module Mirror Served Backdoor for 3+ Years

Research uncovered a major supply chain attack in the Go ecosystem involving a backdoored package.

The attack exploited caching in the Go Module Proxy, emphasizing security vulnerabilities in module management.

DevOps

3 months ago

Separate supply chain attack tied to 23K pwned GitHub repos

The GitHub supply chain attack was likely initiated through a compromised GitHub Action, reviewdog/action-setup, leading to extensive data breaches.

Information security

1 month ago

DragonForce Exploits SimpleHelp Flaws to Deploy Ransomware Across Customer Endpoints

DragonForce ransomware exploited vulnerabilities in a Managed Service Provider's SimpleHelp tool for data exfiltration and ransomware deployment.

E-Commerce

fromArs Technica

Hundreds of e-commerce sites hacked in supply-chain attack

A supply-chain attack compromised hundreds of e-commerce sites, allowing malware to steal payment information from visitors.

Malware that had been dormant for six years is now actively stealing sensitive data from e-commerce customers.

Ripple's xrpl.js npm Package Backdoored to Steal Private Keys in Major Supply Chain Attack

XRPL.js, a popular JavaScript library, was compromised in a supply chain attack aimed at harvesting users' private keys.

DevOps

Compromised GitHub Action Highlights Risks in CI/CD Supply Chains

6 months ago

Information security

OpenWrt supply chain attack scare prompts urgent upgrades

Node JS

Ripple's xrpl.js npm Package Backdoored to Steal Private Keys in Major Supply Chain Attack

XRPL.js, a popular JavaScript library, was compromised in a supply chain attack aimed at harvesting users' private keys.

DevOps

Compromised GitHub Action Highlights Risks in CI/CD Supply Chains