#supply-chain-attack tag

Air France and KLM confirm customer data stolen in third-party breach

Air France and KLM confirm that they are investigating a fraudulent access to the data of some of our customers. An unusual activity was detected on a third-party platform used by our contact centers, which led our IT security team, together with the third-party system involved, to swiftly implement corrective measures to put an end to the incident.

Privacy technologies

fromArs Technica

4 weeks ago

Supply-chain attacks on open source software are getting out of hand

Malicious packages published on npm and PyPI had been downloaded more than 56,000 times, containing malware that enabled keylogging and other surveillance functionalities.

Privacy technologies

fromCSO Online

4 weeks ago

Supply chain attack compromises npm packages to spread backdoor malware

In a newly discovered supply chain attack, attackers last week targeted a range of npm-hosted JavaScript type testing utilities, several of which were successfully compromised to distribute malware.

JavaScript

#cybersecurity

fromThe Hacker News

1 month ago

Information security

Malware Injected into 6 npm Packages After Maintainer Tokens Stolen in Phishing Attack

fromThe Hacker News

1 month ago

Privacy technologies

Malicious Pull Request Targets 6,000+ Developers via Vulnerable Ethcode VS Code Extension

fromThe Hacker News

1 month ago

Node JS

North Korea-linked Supply Chain Attack Targets Developers with 35 Malicious npm Packages

fromThe Hacker News

2 months ago

Growth hacking

New Supply Chain Malware Operation Hits npm and PyPI Ecosystems, Targeting Millions Globally

Cryptocurrency

fromThe Hacker News

3 months ago

Malicious Go Modules Deliver Disk-Wiping Linux Malware in Advanced Supply Chain Attack

Three malicious Go modules can destroy Linux systems by overwriting primary disks, indicating significant supply-chain attack risks.

fromThe Hacker News

1 month ago

Information security

Malware Injected into 6 npm Packages After Maintainer Tokens Stolen in Phishing Attack

fromThe Hacker News

1 month ago

Privacy technologies

Malicious Pull Request Targets 6,000+ Developers via Vulnerable Ethcode VS Code Extension

fromThe Hacker News

1 month ago

Node JS

North Korea-linked Supply Chain Attack Targets Developers with 35 Malicious npm Packages

fromThe Hacker News

2 months ago

Growth hacking

New Supply Chain Malware Operation Hits npm and PyPI Ecosystems, Targeting Millions Globally

Cryptocurrency

fromThe Hacker News

3 months ago

Malicious Go Modules Deliver Disk-Wiping Linux Malware in Advanced Supply Chain Attack

Three malicious Go modules can destroy Linux systems by overwriting primary disks, indicating significant supply-chain attack risks.

DragonForce Exploits SimpleHelp Flaws to Deploy Ransomware Across Customer Endpoints

DragonForce ransomware exploited vulnerabilities in a Managed Service Provider's SimpleHelp tool for data exfiltration and ransomware deployment.

fromArs Technica

3 months ago

Hundreds of e-commerce sites hacked in supply-chain attack

The widespread supply chain attack targeted at least 500 e-commerce sites, compromising sensitive customer data by executing malicious code via visited browsers.

E-Commerce

Node JS

fromThe Hacker News

4 months ago

Ripple's xrpl.js npm Package Backdoored to Steal Private Keys in Major Supply Chain Attack

XRPL.js, a popular JavaScript library, was compromised in a supply chain attack aimed at harvesting users' private keys.

Software development

fromInfoQ

4 months ago

Google Go Module Mirror Served Backdoor for 3+ Years

Research uncovered a major supply chain attack in the Go ecosystem involving a backdoored package.

The attack exploited caching in the Go Module Proxy, emphasizing security vulnerabilities in module management.

DevOps

fromInfoQ

4 months ago

Compromised GitHub Action Highlights Risks in CI/CD Supply Chains

A popular GitHub Action was compromised, exposing critical security weaknesses in the CI/CD pipeline of open-source Actions.

#supply-chain-attack#supply-chain-attack

Air France and KLM confirm customer data stolen in third-party breach

Supply-chain attacks on open source software are getting out of hand

Supply chain attack compromises npm packages to spread backdoor malware

Malware Injected into 6 npm Packages After Maintainer Tokens Stolen in Phishing Attack

Malicious Pull Request Targets 6,000+ Developers via Vulnerable Ethcode VS Code Extension

North Korea-linked Supply Chain Attack Targets Developers with 35 Malicious npm Packages

New Supply Chain Malware Operation Hits npm and PyPI Ecosystems, Targeting Millions Globally

Malicious Go Modules Deliver Disk-Wiping Linux Malware in Advanced Supply Chain Attack

Malware Injected into 6 npm Packages After Maintainer Tokens Stolen in Phishing Attack

Malicious Pull Request Targets 6,000+ Developers via Vulnerable Ethcode VS Code Extension

North Korea-linked Supply Chain Attack Targets Developers with 35 Malicious npm Packages

New Supply Chain Malware Operation Hits npm and PyPI Ecosystems, Targeting Millions Globally

Malicious Go Modules Deliver Disk-Wiping Linux Malware in Advanced Supply Chain Attack

DragonForce Exploits SimpleHelp Flaws to Deploy Ransomware Across Customer Endpoints

Hundreds of e-commerce sites hacked in supply-chain attack

Ripple's xrpl.js npm Package Backdoored to Steal Private Keys in Major Supply Chain Attack

Google Go Module Mirror Served Backdoor for 3+ Years

Compromised GitHub Action Highlights Risks in CI/CD Supply Chains

#supply-chain-attack
#supply-chain-attack