supply-chain
429 articles with this tag
CRITICAL
INFO
MEDIUM
HIGH
HIGH
HIGH
HIGH
CRITICAL
HIGH
HIGH
CRITICAL
CRITICAL
CRITICAL
HIGH
INFO
HIGH
HIGH
HIGH
INFO
HIGH
INFO
HIGH
CRITICAL
HIGH
HIGH
HIGH
MEDIUM
MEDIUM
HIGH
HIGH
CRITICAL
HIGH
HIGH
CRITICAL
HIGH
HIGH
MEDIUM
HIGH
CRITICAL
CRITICAL
CRITICAL
MEDIUM
HIGH
HIGH
HIGH
MEDIUM
HIGH
HIGH
MEDIUM
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
INFO
HIGH
INFO
CRITICAL
HIGH
MEDIUM
HIGH
HIGH
HIGH
CRITICAL
HIGH
HIGH
CRITICAL
HIGH
INFO
HIGH
HIGH
HIGH
INFO
HIGH
HIGH
HIGH
INFO
INFO
INFO
CRITICAL
CRITICAL
CRITICAL
HIGH
HIGH
HIGH
INFO
INFO
CRITICAL
LOW
HIGH
HIGH
HIGH
HIGH
HIGH
MEDIUM
CRITICAL
INFO
HIGH
Supply Chain Compromises Impact Nx Console and GitHub Repositories
ESB vill neyðarvald yfir örgjörvaframleiðendum
Download pumping: New npm deception technique for supply chain attacks
Malicious npm Package Stole Files From Claude AI User Directory via GitHub
GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure
‘SymJack’ Attack Turns AI Coding Agents Into Supply Chain Attack Delivery Systems
Risky Business #839 -- TeamPCP stole GitHub's internal repos
⚡ Weekly Recap: Linux Flaws, Defender 0-Days, Router Botnets, and Supply Chain Chaos
Over 5,500 GitHub Repositories Infected in ‘Megalodon’ Supply Chain Attack
Laravel Lang Supply Chain Advisory
Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware
Laravel-Lang PHP Packages Compromised to Deliver Cross-Platform Credential Stealer
Megalodon GitHub Attack Targets 5,561 Repos with Malicious CI/CD Workflows
Grafana Says Codebase and Other Data Stolen via TanStack Supply Chain Attack
FCC, Github, MiniShai-hulud, Stated of Supply Chain, Itron, CRA, NIS2, and more!! - PSW #927
Mini Shai-Hulud: Frequently asked questions about the TeamPCP npm and PyPI supply chain campaign
GitHub internal repositories breached
GitHub, Grafana Labs breaches traced back to TanStack supply chain compromise
Socket Raises $60 Million at $1 Billion Valuation
Grafana Labs Says Code Breach Stemmed from TanStack Attack
Supply Chain Security Crisis: Too Many Vulnerabilities, Too Little Visibility
GitHub links repo breach to TanStack npm supply-chain attack
GitHub Internal Repositories Breached via Malicious Nx Console VS Code Extension
Mini Shai Hulud: Compromised @antv npm packages enable CI/CD credential theft
Grafana breach caused by missed token rotation after TanStack attack
Mini Shai-Hulud Hits Hundreds of npm Packages in AntV Ecosystem
GitHub says internal repositories were taken in poisoned VS Code extension attack
The IBM X-Force Index 2026 explains all three in one finding.
GitHub hit by a compromised VSCode extension
Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack
Why some security fixes never reach your vulnerability dashboard
GitHub Confirms Hack Impacting 3,800 Internal Repositories
The AntV Supply Chain Campaign Expands: Microsoft's `durabletask` PyPI Package Compromised
Grafana GitHub Breach Exposes Source Code via TanStack npm Attack
AntV data visualization tool the latest to be hit by ongoing npm supply chain attacks
New Shai-Hulud malware wave compromises 600 npm packages
A 6-step guide for responding to the Foxconn ransomware/supply chain incident
Mini Shai-Hulud Hits AntV: 300+ Malicious npm Packages Published via Compromised Maintainer Account
Compromised Nx Console 18.95.0 Targeted VS Code Developers with Credential Stealer
Mini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer Account
GitHub Actions Supply Chain Attack Redirects Tags to Steal CI/CD Credentials
TanStack Supply Chain Attack (And How to Lock Down GitHub Actions)
First Shai-Hulud Worm Clones Emerge
TeamPCP releases ‘vibe coded’ Shai-Hulud source code, issues challenge
Expired domain leads to supply chain attack on node-ipc npm package
Undermining the trust boundary: Investigating a stealthy intrusion through third-party compromise
Popular node-ipc npm package compromised to steal credentials
Malicious node-ipc versions published to npm in suspected maintainer account compromise
OpenAI caught in TanStack npm supply chain chaos after employee devices compromised
TeamPCP Ups the Game, Releases Shai-Hulud Worm’s Source Code
OpenAI confirms security breach in TanStack supply chain attack
Stealer Backdoor Found in 3 Node-IPC Versions Targeting Developer Secrets
Hunting the Behavior Behind npm Supply Chain Attacks
Analyzing TeamPCP’s Supply Chain Attacks: Checkmarx KICS and elementary-data in CI/CD Credential Theft
Foxconn Attack Highlights Manufacturing's Cyber Crisis
RubyGems pauses new account sign-ups amid major malicious attack
Manifold Security expands supply chain intelligence to cover AI agent servers
Foxconn Confirms North American Factories Hit by Cyberattack
Risky Business #837 -- GitHub Actions footgun claims TanStack
‘Mini Shai-Hulud’ malware compromises hundreds of open-source packages in sprawling supply-chain attack
‘Mini’ Shai-Hulud attack compromises hundreds of npm, PyPI packages
Sophos Endpoint in action: Blocking a novel supply chain attack
Mistral AI SDK, TanStack Router hit in npm software supply chain attack
RubyGems Suspends New Signups After Hundreds of Malicious Packages Are Uploaded
Mini Shai-Hulud Hits TanStack npm Packages
Cache-poisoning caper turns TanStack npm packages toxic
Shai Hulud attack ships signed malicious TanStack, Mistral npm packages
Developer workstations are the new beachhead
cPanel flaw exposes enterprises to hosting supply-chain risks
TanStack, Mistral AI, UiPath Hit in Fresh Supply Chain Attack
Postmortem: TanStack npm supply-chain compromise
TanStack Npm Packages Compromised Inside The Mini Shai Hulud Supply Chain Attack
Official CheckMarx Jenkins package compromised with infostealer
TeamPCP Compromises Checkmarx Jenkins AST Plugin Weeks After KICS Supply Chain Attack
Build Application Firewalls Aim to Stop the Next Supply Chain Attack
Malicious Hugging Face model masquerading as OpenAI release hits 244K downloads
Fake OpenAI Privacy Filter Repo Hits #1 on Hugging Face, Draws 244K Downloads
JDownloader site hacked to replace installers with Python RAT malware
BTS #73 - Uncovering Firmware Risks: From Y2K to Modern Malware
AI Coding Agents Could Fuel Next Supply Chain Crisis
Vendor Says Daemon Tools Supply Chain Attack Contained
PyPI Packages Deliver ZiChatBot Malware via Zulip APIs on Windows and Linux
DAEMON Tools Supply Chain Attack Compromises Official Installers with Malware
ScarCruft Hacks Gaming Platform to Deploy BirdCall Malware on Android and Windows
Chinese-linked Salt Typhoon suspected in Italy's Sistemi Informativi breach
Quasar Linux (QLNX) – A Silent Foothold in the Supply Chain: Inside a Full-Featured Linux RAT With Rootkit, PAM Backdoor, Credential Harvesting Capabilities
Backdoored PyTorch Lightning package drops credential stealer
Shadow IT has given way to shadow AI. Enter AI-BOMs
Penske Logistics launches platform for real-time supply chain visibility
Poisoned Ruby Gems and Go Modules Exploit CI Pipelines for Credential Theft
Billions of meals at risk due to Iran war, says fertiliser boss
The Vercel Breach: OAuth Supply Chain Attack Exposes the Hidden Risk in Platform Environment Variables
1,800 Hit in Mini Shai-Hulud Attack on SAP, Lightning, Intercom
Why You Must Check Your Password Manager Immediately | THREAT WIRE
The never-ending supply chain attacks worm into SAP npm packages, other dev tools
SAP NPM Packages Targeted in Supply Chain Attack
'Mini Shai-Hulud' supply chain attack targets SAP npm packages
Critical Gemini CLI Flaw Enabled Host Code Execution, Supply Chain Attacks
Ísland minna berskjaldað gegn truflun á aðfangakeðjum en brýnt að efla öryggi til framtíðar
Swisscom radar warns of geopolitical cyber surge