supply-chain-attack
44 articles with this tag
HIGH
CRITICAL
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
CRITICAL
HIGH
HIGH
HIGH
CRITICAL
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
CRITICAL
CRITICAL
HIGH
HIGH
CRITICAL
CRITICAL
CRITICAL
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
CRITICAL
HIGH
HIGH
HIGH
HIGH
CRITICAL
HIGH
HIGH
HIGH
HIGH
INFO
GitHub says internal repos exfiltrated after poisoned VS Code extension attack
Four Malicious npm Packages Deliver Infostealers and Phantom Bot DDoS Malware
Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages
JDownloader website compromised to distribute malicious installers
PromptMink: ReversingLabs discloses 7-month DPRK supply chain campaign using LLM Optimization (LLMO) to target AI coding agents via npm
Why a recent supply-chain attack singled out security firms Checkmarx and Bitwarden
Checkmarx Confirms Data Stolen in Supply Chain Attack
More fake extensions linked to GlassWorm found in Open VSX code marketplace
Researchers Uncover 73 Fake VS Code Extensions Delivering GlassWorm v2 Malware
Bitwarden CLI npm package compromised to steal developer credentials
Trojanized TestDisk installer, Microsoft binary tapped for illicit ScreenConnect deployment
When PUPs Grow Fangs: Dragon Boss Solutions' $10 Supply Chain Risk
OpenAI Revokes macOS App Certificate After Malicious Axios Supply Chain Incident
Do not get high(jacked) off your own supply (chain)
Axios NPM supply chain incident
You Patched LiteLLM, But Do You Know Your AI Blast Radius?
Mercor Hit by LiteLLM Supply Chain Attack
What is TeamPCP Doing? - Threat Wire
Threat Brief: Widespread Impact of the Axios Supply Chain Attack
North Korea-Nexus Threat Actor Compromises Widely Used Axios NPM Package in Supply Chain Attack
Emergency Webcast Briefing: Axios NPM Supply Chain Compromise
the WORST hack of 2026
Axios npm packages backdoored in supply chain attack
Supply chain blast: Top npm package backdoored to drop dirty RAT on dev machines
HUGE supply chain attack
CISA sounds alarm on Langflow RCE, Trivy supply chain compromise after rapid exploitation
Trivy supply chain breach compromises over 1,000 SaaS environments, Lapsus$ joins the extortion wave
TeamPCP Expands Supply Chain Campaign With LiteLLM PyPI Compromise
LiteLLM PyPI packages compromised in expanding TeamPCP supply chain attacks
From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI
PyPI warns developers after LiteLLM malware found stealing cloud and CI/CD credentials
Aqua’s Trivy Vulnerability Scanner Hit by Supply Chain Attack
Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets
Claude Code Security and Magecart: Getting the Threat Model Right
New PhantomRaven NPM attack wave steals dev data via 88 packages
The Future of Supply Chain Backdoor Detections
Hackers may have breached FBI wiretap network via supply chain
Microsoft Warns Developers of Fake Next.js Job Repos Delivering In-Memory Malware
Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens
Malicious MoltBot skills used to push password-stealing malware
The Chrysalis Backdoor: A Deep Dive into Lotus Blossom’s toolkit
Notepad++ update service hijacked in targeted state-linked attack
eScan Antivirus Update Servers Compromised to Deliver Multi-Stage Malware
AV vendor goes to war with security shop over update server scare