A series of software supply chain attacks, including the Axios npm attack attributed to North Korean hackers and others linked to TeamPCP, have compromised development tools and stolen hundreds of thousands of secrets. These stolen credentials are being leveraged to enable further supply chain attacks, SaaS environment compromises, ransomware, and cryptocurrency theft. The article serves as a high-level threat advisory and does not provide specific CVE details, CVSS scores, affected version ranges, fixed versions, or technical workarounds.
After linking the Axios npm supply chain attack to North Korean hackers, Google researchers warned that “hundreds of thousands of stolen secrets could potentially be circulating” as a result of this and the Trivy, KICS, LiteLLM, and Telnyx supply chain attacks (linked to TeamPCP). “This could enable further software supply chain attacks, software as a service (SaaS) environment compromises (leading to downstream customer compromises), ransomware and extortion events, and cryptocurrency theft over the near term,” … More → The post Software supply chain hacks trigger wave of intrusions, data theft appeared first on Help Net Security .