mitre-t1195
339 articles with this tag
HIGH
HIGH
HIGH
HIGH
HIGH
CRITICAL
CRITICAL
HIGH
CRITICAL
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
CRITICAL
HIGH
HIGH
MEDIUM
HIGH
HIGH
HIGH
HIGH
CRITICAL
HIGH
HIGH
HIGH
HIGH
HIGH
MEDIUM
HIGH
CRITICAL
CRITICAL
HIGH
MEDIUM
CRITICAL
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
MEDIUM
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
CRITICAL
HIGH
MEDIUM
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
MEDIUM
HIGH
HIGH
HIGH
CRITICAL
HIGH
HIGH
MEDIUM
HIGH
HIGH
HIGH
HIGH
MEDIUM
CRITICAL
HIGH
HIGH
HIGH
MEDIUM
CRITICAL
HIGH
HIGH
MEDIUM
CRITICAL
HIGH
HIGH
CRITICAL
MEDIUM
HIGH
HIGH
HIGH
CRITICAL
HIGH
HIGH
CRITICAL
HIGH
HIGH
CRITICAL
HIGH
MEDIUM
Laravel-Lang Packages Poisoned for Malware Delivery
Over 5,500 GitHub Repositories Infected in ‘Megalodon’ Supply Chain Attack
TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO
Laravel Lang packages hijacked to deploy credential-stealing malware
Laravel Lang Supply Chain Advisory
Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware
Laravel-Lang PHP Packages Compromised to Deliver Cross-Platform Credential Stealer
Megalodon chums the waters in 5.5K+ GitHub repo poisonings
Megalodon GitHub Attack Targets 5,561 Repos with Malicious CI/CD Workflows
A hacker group is poisoning open source code at an unprecedented scale
Grafana Says Codebase and Other Data Stolen via TanStack Supply Chain Attack
Mini Shai-Hulud: Frequently asked questions about the TeamPCP npm and PyPI supply chain campaign
GitHub Breach Traced to Malicious 'Nx Console' VS Code Extension
GitHub internal repositories breached
A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale
GitHub links repo breach to TanStack npm supply-chain attack
GitHub Internal Repositories Breached via Malicious Nx Console VS Code Extension
Mini Shai Hulud: Compromised @antv npm packages enable CI/CD credential theft
Mini Shai-Hulud Hits Hundreds of npm Packages in AntV Ecosystem
The IBM X-Force Index 2026 explains all three in one finding.
Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack
Typosquatting Is No Longer a User Problem. It's a Supply Chain Problem
GitHub Confirms Hack Impacting 3,800 Internal Repositories
The AntV Supply Chain Campaign Expands: Microsoft's `durabletask` PyPI Package Compromised
Grafana GitHub Breach Exposes Source Code via TanStack npm Attack
AntV data visualization tool the latest to be hit by ongoing npm supply chain attacks
Biometrics, diagnoses, and bank details exposed in major healthcare breach
GitHub Actions workflow compromised to steal CI/CD credentials
Microsoft Takes Down Fox Tempest for Providing Ransomware-Enabling Signing Tool
New Shai-Hulud malware wave compromises 600 npm packages
A 6-step guide for responding to the Foxconn ransomware/supply chain incident
Mini Shai-Hulud Hits AntV: 300+ Malicious npm Packages Published via Compromised Maintainer Account
Mini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer Account
GitHub Actions Supply Chain Attack Redirects Tags to Steal CI/CD Credentials
Shai-Hulud Worm Clones Spread After Code Release
TanStack weighs invitation-only pull requests after supply chain attack
Four Malicious npm Packages Deliver Infostealers and Phantom Bot DDoS Malware
First Shai-Hulud Worm Clones Emerge
TeamPCP releases ‘vibe coded’ Shai-Hulud source code, issues challenge
Popular node-ipc npm package compromised to steal credentials
Malicious node-ipc versions published to npm in suspected maintainer account compromise
TanStack Supply Chain Attack Hits Two OpenAI Employee Devices, Forces macOS Updates
OpenAI Hit by TanStack Supply Chain Attack
OpenAI caught in TanStack npm supply chain chaos after employee devices compromised
TeamPCP Ups the Game, Releases Shai-Hulud Worm’s Source Code
TeamPCP hackers advertise Mistral AI code repos for sale
Axios breach shows why software supply chains need zero trust
Hunting the Behavior Behind npm Supply Chain Attacks
Analyzing TeamPCP’s Supply Chain Attacks: Checkmarx KICS and elementary-data in CI/CD Credential Theft
RubyGems pauses new account sign-ups amid major malicious attack
‘Mini Shai-Hulud’ malware compromises hundreds of open-source packages in sprawling supply-chain attack
‘Mini’ Shai-Hulud attack compromises hundreds of npm, PyPI packages
Sophos Endpoint in action: Blocking a novel supply chain attack
Mistral AI SDK, TanStack Router hit in npm software supply chain attack
RubyGems Suspends New Signups After Hundreds of Malicious Packages Are Uploaded
Mini Shai-Hulud Hits TanStack npm Packages
Shai Hulud attack ships signed malicious TanStack, Mistral npm packages
TanStack, Mistral AI, UiPath Hit in Fresh Supply Chain Attack
JDownloader website compromised to distribute malicious installers
Official CheckMarx Jenkins package compromised with infostealer
TeamPCP Compromises Checkmarx Jenkins AST Plugin Weeks After KICS Supply Chain Attack
Checkmarx tackles another TeamPCP intrusion as Jenkins plugin sabotaged
Checkmarx Jenkins AST Plugin Compromised in Supply Chain Attack
Fake OpenAI Privacy Filter Repo Hits #1 on Hugging Face, Draws 244K Downloads
JDownloader site hacked to replace installers with Python RAT malware
Quasar Linux RAT Steals Developer Credentials for Software Supply Chain Compromise
ScarCruft hackers push BirdCall Android malware via game platform
Chinese-linked Salt Typhoon suspected in Italy's Sistemi Informativi breach
Trellix Source Code Repository Breached
Backdoored PyTorch Lightning package drops credential stealer
New software supply chain attack uses sleeper packages for credential theft and CI tampering
Supply chain attack against SAP npm packages facilitates credential theft
Illicit AI-assisted commit-linked npm dependency compromises crypto wallets
Arbitrary code pushed by long concealed backdoor in widely used WordPress redirect add-on
Poisoned Ruby Gems and Go Modules Exploit CI Pipelines for Credential Theft
The Vercel Breach: OAuth Supply Chain Attack Exposes the Hidden Risk in Platform Environment Variables
Why You Must Check Your Password Manager Immediately | THREAT WIRE
The never-ending supply chain attacks worm into SAP npm packages, other dev tools
TeamPCP Hits SAP Packages With 'Mini Shai-Hulud' Attack
PyTorch Lightning Compromised in PyPI Supply Chain Attack to Steal Credentials
PromptMink: ReversingLabs discloses 7-month DPRK supply chain campaign using LLM Optimization (LLMO) to target AI coding agents via npm
SAP NPM Packages Targeted in Supply Chain Attack
'Mini Shai-Hulud' supply chain attack targets SAP npm packages
Critical Gemini CLI Flaw Enabled Host Code Execution, Supply Chain Attacks
SAP npm package attack highlights risks in developer tools and CI/CD pipelines
Official SAP npm packages compromised to steal credentials
SAP npm Packages Compromised by “Mini Shai-Hulud” Credential-Stealing Malware
Kuse Web App Abused to Host Phishing Document
Why a recent supply-chain attack singled out security firms Checkmarx and Bitwarden
Checkmarx Confirms Data Stolen in Supply Chain Attack
More fake extensions linked to GlassWorm found in Open VSX code marketplace
Malicious elementary-data package version 0.23.3 steals developer data and cryptocurrency wallets
North Korean hackers operate self-propagating supply chain hack
Checkmarx confirms LAPSUS$ hackers leaked its stolen GitHub data
Malicious Release of elementary-data PyPI Package Steals Cloud Credentials from Data Engineers
Ongoing supply-chain attack 'explicitly targeting' security, dev tools
Tradecraft Tuesday Recap: axios npm Supply Chain Compromise
Checkmarx Confirms GitHub Repository Data Posted on Dark Web After March 23 Attack
The npm Threat Landscape: Attack Surface and Mitigations
Supply chain attacks hit Checkmarx and Bitwarden developer tools