#supply-chain-attack

[ follow ]
#cybersecurity
Information security
fromWIRED
11 months ago

A Catastrophic Hospital Hack Ends in a Leak of 300M Patient Records

Snowflake targeted in supply chain attack, Kaspersky software banned in the US, AI startup under scrutiny, Amazon's face-recognition tools utilized in UK train stations.
Software development
fromInfoQ
1 month ago

Google Go Module Mirror Served Backdoor for 3+ Years

Research uncovered a major supply chain attack in the Go ecosystem involving a backdoored package.
The attack exploited caching in the Go Module Proxy, emphasizing security vulnerabilities in module management.
DevOps
fromTheregister
2 months ago

Separate supply chain attack tied to 23K pwned GitHub repos

The GitHub supply chain attack was likely initiated through a compromised GitHub Action, reviewdog/action-setup, leading to extensive data breaches.
E-Commerce
fromArs Technica
3 weeks ago

Hundreds of e-commerce sites hacked in supply-chain attack

A supply-chain attack compromised hundreds of e-commerce sites, allowing malware to steal payment information from visitors.
Malware that had been dormant for six years is now actively stealing sensitive data from e-commerce customers.
Information security
fromWIRED
11 months ago

A Catastrophic Hospital Hack Ends in a Leak of 300M Patient Records

Snowflake targeted in supply chain attack, Kaspersky software banned in the US, AI startup under scrutiny, Amazon's face-recognition tools utilized in UK train stations.
Software development
fromInfoQ
1 month ago

Google Go Module Mirror Served Backdoor for 3+ Years

Research uncovered a major supply chain attack in the Go ecosystem involving a backdoored package.
The attack exploited caching in the Go Module Proxy, emphasizing security vulnerabilities in module management.
DevOps
fromTheregister
2 months ago

Separate supply chain attack tied to 23K pwned GitHub repos

The GitHub supply chain attack was likely initiated through a compromised GitHub Action, reviewdog/action-setup, leading to extensive data breaches.
E-Commerce
fromArs Technica
3 weeks ago

Hundreds of e-commerce sites hacked in supply-chain attack

A supply-chain attack compromised hundreds of e-commerce sites, allowing malware to steal payment information from visitors.
Malware that had been dormant for six years is now actively stealing sensitive data from e-commerce customers.
more#cybersecurity
Node JS
fromThe Hacker News
1 month ago

Ripple's xrpl.js npm Package Backdoored to Steal Private Keys in Major Supply Chain Attack

XRPL.js, a popular JavaScript library, was compromised in a supply chain attack aimed at harvesting users' private keys.
DevOps
fromInfoQ
1 month ago

Compromised GitHub Action Highlights Risks in CI/CD Supply Chains

A popular GitHub Action was compromised, exposing critical security weaknesses in the CI/CD pipeline of open-source Actions.
fromTheregister
5 months ago

OpenWrt supply chain attack scare prompts urgent upgrades

"Due to the combination of the command injection in the 'openwrt/imagebuilder' image and the truncated SHA-256 hash included in the build request hash, an attacker can pollute the legitimate image by providing a package list that causes the hash collision."
Information security
[ Load more ]