Separate supply chain attack tied to 23K pwned GitHub reposThe GitHub supply chain attack was likely initiated through a compromised GitHub Action, reviewdog/action-setup, leading to extensive data breaches.
GitHub suffers a cascading supply chain attack compromising CI/CD secretsA supply chain attack exposed sensitive CI/CD secrets across over 23,000 GitHub repositories, initially stemming from the reviewdog/action-setup breach.
Stolen SpotBugs tokens sparked the massive GitHub attackThe GitHub supply chain attack originated from a leaked token in SpotBugs, revealing vulnerabilities in CI workflows.
GitHub Action Compromise Puts CI/CD Secrets at Risk in Over 23,000 RepositoriesA GitHub Action was compromised, leaking sensitive secrets from over 23,000 repositories via exploited CI/CD workflows.
SpotBugs Access Token Theft Identified as Root Cause of GitHub Supply Chain AttackAttackers exploited GitHub Actions to target multiple users via a cascading supply chain attack traced back to a leaked personal access token.
Separate supply chain attack tied to 23K pwned GitHub reposThe GitHub supply chain attack was likely initiated through a compromised GitHub Action, reviewdog/action-setup, leading to extensive data breaches.
GitHub suffers a cascading supply chain attack compromising CI/CD secretsA supply chain attack exposed sensitive CI/CD secrets across over 23,000 GitHub repositories, initially stemming from the reviewdog/action-setup breach.
Stolen SpotBugs tokens sparked the massive GitHub attackThe GitHub supply chain attack originated from a leaked token in SpotBugs, revealing vulnerabilities in CI workflows.
GitHub Action Compromise Puts CI/CD Secrets at Risk in Over 23,000 RepositoriesA GitHub Action was compromised, leaking sensitive secrets from over 23,000 repositories via exploited CI/CD workflows.
SpotBugs Access Token Theft Identified as Root Cause of GitHub Supply Chain AttackAttackers exploited GitHub Actions to target multiple users via a cascading supply chain attack traced back to a leaked personal access token.
Typosquatted packages delivering malware to Linux and macOS systemsA malicious campaign using typosquatted Go packages is targeting Linux and macOS systems to deliver malware.
Seven Malicious Go Packages Found Deploying Malware on Linux and macOS SystemsOngoing campaign targets Go ecosystem with typosquatted modules deploying malware on Linux and macOS.
A Catastrophic Hospital Hack Ends in a Leak of 300M Patient RecordsSnowflake targeted in supply chain attack, Kaspersky software banned in the US, AI startup under scrutiny, Amazon's face-recognition tools utilized in UK train stations.
Supply chain attack strikes array of Chrome ExtensionsA recent supply chain attack has impacted Chrome extension developers, compromising user data on a large scale.
Nearly 400,000 WordPress credentials stolenA security breach by MUT-1244 has resulted in the theft of over 390,000 WordPress credentials, highlighting the vulnerability of security researchers and pentesters.
What we know about the Hezbollah pagers attackThe explosion of Hezbollah's pagers could indicate a complex supply chain attack, with implications for security and surveillance efforts.
Typosquatted packages delivering malware to Linux and macOS systemsA malicious campaign using typosquatted Go packages is targeting Linux and macOS systems to deliver malware.
Seven Malicious Go Packages Found Deploying Malware on Linux and macOS SystemsOngoing campaign targets Go ecosystem with typosquatted modules deploying malware on Linux and macOS.
A Catastrophic Hospital Hack Ends in a Leak of 300M Patient RecordsSnowflake targeted in supply chain attack, Kaspersky software banned in the US, AI startup under scrutiny, Amazon's face-recognition tools utilized in UK train stations.
Supply chain attack strikes array of Chrome ExtensionsA recent supply chain attack has impacted Chrome extension developers, compromising user data on a large scale.
Nearly 400,000 WordPress credentials stolenA security breach by MUT-1244 has resulted in the theft of over 390,000 WordPress credentials, highlighting the vulnerability of security researchers and pentesters.
What we know about the Hezbollah pagers attackThe explosion of Hezbollah's pagers could indicate a complex supply chain attack, with implications for security and surveillance efforts.
Secure Node.js Applications from Supply Chain AttacksNode.js applications are particularly vulnerable to supply chain attacks; attention to security best practices is essential.
OpenWrt supply chain attack scare prompts urgent upgradesOpenWrt users should upgrade to the same image version to mitigate risks from a reported supply chain attack.
Secure Node.js Applications from Supply Chain AttacksNode.js applications are particularly vulnerable to supply chain attacks; attention to security best practices is essential.
OpenWrt supply chain attack scare prompts urgent upgradesOpenWrt users should upgrade to the same image version to mitigate risks from a reported supply chain attack.
The detonation of pagers used by Hezbollah shows the depths of supply-chain infiltrationThe coordinated attacks in Lebanon indicate a high level of sophistication and planning, likely by a state actor utilizing global supply chains.
GitLab releases security updates to fix 17 vulnerabilitiesGitLab's recent security update addresses 17 vulnerabilities, including a critical flaw (CVE-2024-6678) with a CVSS score of 9.9 posing severe risks.
Hackers Hijack 22,000 Removed PyPI Packages, Spreading Malicious Code to DevelopersA new supply chain attack technique called Revival Hijack targets the PyPI registry, allowing attackers to exploit existing packages for malicious intent.
Mystery criminals backdoor courtroom recording softwareCourtroom software backdoor discovered, necessitating re-imaging and credential resets for full mitigation.
Crooks plant backdoor in software used by courtrooms around the worldA software update for JAVS Viewer 8 contained a hidden backdoor, putting over 10,000 courtrooms at risk of unauthorized access by threat actors.
Judge mostly tosses SEC claims against SolarWinds securityJudge dismisses SEC lawsuit against SolarWinds post-SUNBURST attack claims; sustains securities fraud allegations for pre-SUNBURST statements about Orion product security.
Millions of sites could've been exposed in the Polyfill, BootCDN, Bootcss, and Staticfile attack - and it was all orchestrated by a single operatorA supply chain attack using multiple CDNs affected countless websites, prompting warnings and actions to mitigate potential risks.
Over 100K+ Sites Hit by Polyfill.io Supply Chain AttackSansec unveiled a supply chain attack affecting Polyfill JS service through multiple CDNs, impacting over 100K sites.