#supply-chain-attack

[ follow ]
fromArs Technica
1 week ago

Supply-chain attacks on open source software are getting out of hand

Malicious packages published on npm and PyPI had been downloaded more than 56,000 times, containing malware that enabled keylogging and other surveillance functionalities.
Privacy technologies
fromCSO Online
1 week ago

Supply chain attack compromises npm packages to spread backdoor malware

In a newly discovered supply chain attack, attackers last week targeted a range of npm-hosted JavaScript type testing utilities, several of which were successfully compromised to distribute malware.
JavaScript
#cybersecurity
Cryptocurrency
fromThe Hacker News
2 months ago

Malicious Go Modules Deliver Disk-Wiping Linux Malware in Advanced Supply Chain Attack

Three malicious Go modules can destroy Linux systems by overwriting primary disks, indicating significant supply-chain attack risks.
Privacy technologies
fromThe Hacker News
4 months ago

THN Weekly Recap: GitHub Supply Chain Attack, AI Malware, BYOVD Tactics, and More

The recent supply chain breach began as a targeted attack on Coinbase, highlighting vulnerabilities in open-source projects.
Cryptocurrency
fromThe Hacker News
2 months ago

Malicious Go Modules Deliver Disk-Wiping Linux Malware in Advanced Supply Chain Attack

Three malicious Go modules can destroy Linux systems by overwriting primary disks, indicating significant supply-chain attack risks.
Privacy technologies
fromThe Hacker News
4 months ago

THN Weekly Recap: GitHub Supply Chain Attack, AI Malware, BYOVD Tactics, and More

The recent supply chain breach began as a targeted attack on Coinbase, highlighting vulnerabilities in open-source projects.
more#cybersecurity
Information security
fromThe Hacker News
2 months ago

DragonForce Exploits SimpleHelp Flaws to Deploy Ransomware Across Customer Endpoints

DragonForce ransomware exploited vulnerabilities in a Managed Service Provider's SimpleHelp tool for data exfiltration and ransomware deployment.
fromArs Technica
2 months ago

Hundreds of e-commerce sites hacked in supply-chain attack

The widespread supply chain attack targeted at least 500 e-commerce sites, compromising sensitive customer data by executing malicious code via visited browsers.
E-Commerce
Node JS
fromThe Hacker News
3 months ago

Ripple's xrpl.js npm Package Backdoored to Steal Private Keys in Major Supply Chain Attack

XRPL.js, a popular JavaScript library, was compromised in a supply chain attack aimed at harvesting users' private keys.
Software development
fromInfoQ
3 months ago

Google Go Module Mirror Served Backdoor for 3+ Years

Research uncovered a major supply chain attack in the Go ecosystem involving a backdoored package.
The attack exploited caching in the Go Module Proxy, emphasizing security vulnerabilities in module management.
#github-actions
DevOps
fromThe Hacker News
4 months ago

GitHub Supply Chain Breach: Coinbase Attack Exposes 218 Repositories, Leaks CI/CD Secrets

A supply chain attack involving GitHub Actions led to the leakage of secrets across multiple repositories, but the impact was less severe than initially feared.
DevOps
fromThe Hacker News
4 months ago

GitHub Supply Chain Breach: Coinbase Attack Exposes 218 Repositories, Leaks CI/CD Secrets

A supply chain attack involving GitHub Actions led to the leakage of secrets across multiple repositories, but the impact was less severe than initially feared.
more#github-actions
#github
DevOps
fromTheregister
3 months ago

Stolen SpotBugs tokens sparked the massive GitHub attack

The GitHub supply chain attack originated from a leaked token in SpotBugs, revealing vulnerabilities in CI workflows.
DevOps
fromTheregister
3 months ago

Stolen SpotBugs tokens sparked the massive GitHub attack

The GitHub supply chain attack originated from a leaked token in SpotBugs, revealing vulnerabilities in CI workflows.
more#github
DevOps
fromTheregister
4 months ago

GitHub supply chain attack spills secrets from 23K projects

A supply chain attack affected the tj-actions/changed-files GitHub Action, leading to potential leakage of sensitive information from projects.
DevOps
fromArs Technica
4 months ago

Large enterprises scramble after supply-chain attack spills their secrets

Open-source software tj-actions/changed-files was compromised with credential-stealing code, affecting thousands of organizations and highlighting vulnerabilities in software supply chains.
fromTheregister
7 months ago

OpenWrt supply chain attack scare prompts urgent upgrades

"Due to the combination of the command injection in the 'openwrt/imagebuilder' image and the truncated SHA-256 hash included in the build request hash, an attacker can pollute the legitimate image by providing a package list that causes the hash collision."
Information security
[ Load more ]