#supply-chain-attack tag

A Catastrophic Hospital Hack Ends in a Leak of 300M Patient Records

Snowflake targeted in supply chain attack, Kaspersky software banned in the US, AI startup under scrutiny, Amazon's face-recognition tools utilized in UK train stations.

DevOps

fromTheregister

1 month ago

Separate supply chain attack tied to 23K pwned GitHub repos

The GitHub supply chain attack was likely initiated through a compromised GitHub Action, reviewdog/action-setup, leading to extensive data breaches.

E-Commerce

fromArs Technica

18 hours ago

Hundreds of e-commerce sites hacked in supply-chain attack

A supply-chain attack compromised hundreds of e-commerce sites, allowing malware to steal payment information from visitors.

Malware that had been dormant for six years is now actively stealing sensitive data from e-commerce customers.

DevOps

fromInfoWorld

1 month ago

GitHub suffers a cascading supply chain attack compromising CI/CD secrets

A supply chain attack exposed sensitive CI/CD secrets across over 23,000 GitHub repositories, initially stemming from the reviewdog/action-setup breach.

Cryptocurrency

fromThe Hacker News

2 days ago

Malicious Go Modules Deliver Disk-Wiping Linux Malware in Advanced Supply Chain Attack

Three malicious Go modules can destroy Linux systems by overwriting primary disks, indicating significant supply-chain attack risks.

DevOps

fromTheregister

4 weeks ago

Stolen SpotBugs tokens sparked the massive GitHub attack

The GitHub supply chain attack originated from a leaked token in SpotBugs, revealing vulnerabilities in CI workflows.

Information security

fromWIRED

10 months ago

A Catastrophic Hospital Hack Ends in a Leak of 300M Patient Records

Snowflake targeted in supply chain attack, Kaspersky software banned in the US, AI startup under scrutiny, Amazon's face-recognition tools utilized in UK train stations.

DevOps

fromTheregister

1 month ago

Separate supply chain attack tied to 23K pwned GitHub repos

The GitHub supply chain attack was likely initiated through a compromised GitHub Action, reviewdog/action-setup, leading to extensive data breaches.

E-Commerce

fromArs Technica

18 hours ago

Hundreds of e-commerce sites hacked in supply-chain attack

A supply-chain attack compromised hundreds of e-commerce sites, allowing malware to steal payment information from visitors.

Malware that had been dormant for six years is now actively stealing sensitive data from e-commerce customers.

DevOps

fromInfoWorld

1 month ago

GitHub suffers a cascading supply chain attack compromising CI/CD secrets

A supply chain attack exposed sensitive CI/CD secrets across over 23,000 GitHub repositories, initially stemming from the reviewdog/action-setup breach.

Cryptocurrency

fromThe Hacker News

2 days ago

Malicious Go Modules Deliver Disk-Wiping Linux Malware in Advanced Supply Chain Attack

Three malicious Go modules can destroy Linux systems by overwriting primary disks, indicating significant supply-chain attack risks.

DevOps

fromTheregister

4 weeks ago

Stolen SpotBugs tokens sparked the massive GitHub attack

The GitHub supply chain attack originated from a leaked token in SpotBugs, revealing vulnerabilities in CI workflows.

Ripple's xrpl.js npm Package Backdoored to Steal Private Keys in Major Supply Chain Attack

XRPL.js, a popular JavaScript library, was compromised in a supply chain attack aimed at harvesting users' private keys.

DevOps

fromInfoQ

2 weeks ago

Compromised GitHub Action Highlights Risks in CI/CD Supply Chains

A popular GitHub Action was compromised, exposing critical security weaknesses in the CI/CD pipeline of open-source Actions.

fromTheregister

4 months ago

Information security

OpenWrt supply chain attack scare prompts urgent upgrades

OpenWrt users should upgrade to the same image version to mitigate risks from a reported supply chain attack.

Information security

fromThe Hacker News

8 months ago

Hackers Hijack 22,000 Removed PyPI Packages, Spreading Malicious Code to Developers

A new supply chain attack technique called Revival Hijack targets the PyPI registry, allowing attackers to exploit existing packages for malicious intent.

Information security

fromITPro

10 months ago

Millions of sites could've been exposed in the Polyfill, BootCDN, Bootcss, and Staticfile attack - and it was all orchestrated by a single operator

A supply chain attack using multiple CDNs affected countless websites, prompting warnings and actions to mitigate potential risks.

#supply-chain-attack#supply-chain-attack

A Catastrophic Hospital Hack Ends in a Leak of 300M Patient Records

Separate supply chain attack tied to 23K pwned GitHub repos

Hundreds of e-commerce sites hacked in supply-chain attack

GitHub suffers a cascading supply chain attack compromising CI/CD secrets

Malicious Go Modules Deliver Disk-Wiping Linux Malware in Advanced Supply Chain Attack

Stolen SpotBugs tokens sparked the massive GitHub attack

A Catastrophic Hospital Hack Ends in a Leak of 300M Patient Records

Separate supply chain attack tied to 23K pwned GitHub repos

Hundreds of e-commerce sites hacked in supply-chain attack

GitHub suffers a cascading supply chain attack compromising CI/CD secrets

Malicious Go Modules Deliver Disk-Wiping Linux Malware in Advanced Supply Chain Attack

Stolen SpotBugs tokens sparked the massive GitHub attack

Ripple's xrpl.js npm Package Backdoored to Steal Private Keys in Major Supply Chain Attack

Compromised GitHub Action Highlights Risks in CI/CD Supply Chains

OpenWrt supply chain attack scare prompts urgent upgrades

Hackers Hijack 22,000 Removed PyPI Packages, Spreading Malicious Code to Developers

Millions of sites could've been exposed in the Polyfill, BootCDN, Bootcss, and Staticfile attack - and it was all orchestrated by a single operator

#supply-chain-attack
#supply-chain-attack