#supply-chain-attack

[ follow ]
#npm
fromCyberScoop
1 day ago
Information security

The npm incident frightened everyone, but ended up being nothing to fret about

fromZDNET
2 days ago
Information security

This 2FA phishing scam pwned a developer - and endangered billions of npm downloads

fromArs Technica
3 days ago
Information security

Software packages with more than 2 billion weekly downloads hit in supply-chain attack

fromCyberScoop
1 day ago
Information security

The npm incident frightened everyone, but ended up being nothing to fret about

fromZDNET
2 days ago
Information security

This 2FA phishing scam pwned a developer - and endangered billions of npm downloads

fromArs Technica
3 days ago
Information security

Software packages with more than 2 billion weekly downloads hit in supply-chain attack

Information security
fromBitcoin Magazine
3 days ago

NPM Attack: Javascript Library Compromise Goes After Bitcoin Wallets

Compromised NPM account pushed malware that locates cryptocurrency wallets, modifies transaction-signing functions, and swaps recipient addresses to steal funds.
Information security
fromTechCrunch
3 days ago

Salesloft says Drift customer data thefts linked to March GitHub account hack | TechCrunch

A March GitHub breach at Salesloft allowed theft of authentication and OAuth tokens, enabling mass hacks of multiple large tech customers and a supply-chain compromise.
#oauth-token-theft
Information security
fromThe Hacker News
6 days ago

Malicious npm Packages Impersonate Flashbots, Steal Ethereum Wallet Keys

Four npm packages impersonating Flashbots exfiltrate Ethereum private keys and mnemonic seeds to a Telegram bot and redirect unsigned transactions to attacker-controlled wallets.
Information security
fromDataBreaches.Net
1 week ago

Salesloft Drift Breach Rolls Up Cloudflare, Palo Alto, Zscaler, and Others - DataBreaches.Net

Supply-chain attacks exploiting a Salesloft/Drift Salesforce OAuth vulnerability compromised customer Salesforce instances at Cloudflare, Palo Alto Networks, Zscaler, SpyCloud, PagerDuty, and hundreds more.
#data-breach
fromIT Pro
1 month ago
Privacy technologies

Air France and KLM confirm customer data stolen in third-party breach

fromIT Pro
1 month ago
Privacy technologies

Air France and KLM confirm customer data stolen in third-party breach

fromTechzine Global
1 week ago

Hackers steal customer data from Zscaler via Salesloft leak

Following a previous series of victims, Zscaler has also been affected by a hacked Salesforce Drift instance. This resulted in the theft of customer data and information about support cases. Zscaler warns that hackers stole sensitive customer data after gaining access to their Salesforce environment. The stolen data includes customer names, email addresses, job titles, phone numbers, and location data. In addition, product licenses, commercial information, and the content of certain support cases have also been compromised.
Information security
Information security
fromDevOps.com
1 week ago

Malicious Nx Packages Used in Two Waves of Supply Chain Attack - DevOps.com

Malicious actors stole an Nx NPM token, published compromised package versions that harvest credentials and used leaked GitHub tokens to expose repositories and exfiltrate data.
fromArs Technica
1 month ago

Supply-chain attacks on open source software are getting out of hand

Malicious packages published on npm and PyPI had been downloaded more than 56,000 times, containing malware that enabled keylogging and other surveillance functionalities.
Privacy technologies
fromCSO Online
1 month ago

Supply chain attack compromises npm packages to spread backdoor malware

In a newly discovered supply chain attack, attackers last week targeted a range of npm-hosted JavaScript type testing utilities, several of which were successfully compromised to distribute malware.
JavaScript
#cybersecurity
Cryptocurrency
fromThe Hacker News
4 months ago

Malicious Go Modules Deliver Disk-Wiping Linux Malware in Advanced Supply Chain Attack

Three malicious Go modules can destroy Linux systems by overwriting primary disks, indicating significant supply-chain attack risks.
Cryptocurrency
fromThe Hacker News
4 months ago

Malicious Go Modules Deliver Disk-Wiping Linux Malware in Advanced Supply Chain Attack

Three malicious Go modules can destroy Linux systems by overwriting primary disks, indicating significant supply-chain attack risks.
Information security
fromThe Hacker News
3 months ago

DragonForce Exploits SimpleHelp Flaws to Deploy Ransomware Across Customer Endpoints

DragonForce ransomware exploited vulnerabilities in a Managed Service Provider's SimpleHelp tool for data exfiltration and ransomware deployment.
fromArs Technica
4 months ago

Hundreds of e-commerce sites hacked in supply-chain attack

The widespread supply chain attack targeted at least 500 e-commerce sites, compromising sensitive customer data by executing malicious code via visited browsers.
E-Commerce
Node JS
fromThe Hacker News
4 months ago

Ripple's xrpl.js npm Package Backdoored to Steal Private Keys in Major Supply Chain Attack

XRPL.js, a popular JavaScript library, was compromised in a supply chain attack aimed at harvesting users' private keys.
Software development
fromInfoQ
4 months ago

Google Go Module Mirror Served Backdoor for 3+ Years

Research uncovered a major supply chain attack in the Go ecosystem involving a backdoored package.
The attack exploited caching in the Go Module Proxy, emphasizing security vulnerabilities in module management.
DevOps
fromInfoQ
4 months ago

Compromised GitHub Action Highlights Risks in CI/CD Supply Chains

A popular GitHub Action was compromised, exposing critical security weaknesses in the CI/CD pipeline of open-source Actions.
[ Load more ]