Sansec uncovered a supply chain attack via 21 backdoored Magento extensions
Sansec uncovered a supply chain attack via 21 backdoored Magento extensions Pierluigi Paganini May 05, 2025 Supply chain attack via...
attack
Use AI-Driven Reconnaissance to Identify Cyber Threats
Surviving in the digital world is not about stopping the next attack. It’s about preventing any new attack from surfacing....
Finding Minhook in a sideloading attack – and Sweden too
Late in 2023 and during the first half of 2024, we monitored an attack campaign targeting several of our customers...
i-SOON Data Breach: Salient Points
Opening Notes i-SOON (上海安洵), a well-known supplier for several Chinese governmental organizations like the Ministry of Public Security, Ministry of...
Golden Badges: an emerging thriving market
Upon witnessing a menace actor seizing control of the Golden account of Google's Mandiant division and promoting a cryptocurrency hoax,...
i-SOON Data Breach: Key Aspects
Overview i-SOON (上海安洵), a well-known contractor for various Chinese governmental organizations like the Ministry of Public Security, Ministry of State...
X Golden Awards: an emerging expanding market
Upon witnessing a malevolent actor seizing control of Google's Mandiant division's X account and promoting a cryptocurrency hoax, my interest...
The widely-used xrpl.js Ripple digital currency library was breached in a supply chain infiltration
The frequently utilized xrpl.js Ripple digital currency library was compromised during a supply chain breach Pierluigi Paganini April 23, 2025...
Observing Leads to Trust: Lessons From Al Roker AI Deepfake Deception
Contrary to reality, Al Roker was showcased in a deceptive deepfake video across Facebook, depicting health issues he never experienced....
Gamaredon Harnesses Compromised Portable Drives to Infiltrate Western Military Operation in Ukraine
The cybercriminal group associated with Russia, referred to as Gamaredon (also known as Shuckworm), has been linked to a digital...
GitHub Supply Chain Attack Root Cause Identified as SpotBugs Access Token Theft
A sequence of supply chain attack starting with Coinbase and extending to users of the "tj-actions/changed-files" GitHub Action has been...
AceSpot Access Key Pilfering Detected as Main Reason of GitHub Supply Chain Breach
The successive supply chain assault that first aimed at Coinbase before spreading wider to target users of the "tj-actions/changed-files" GitHub...
Impact of SSL Configuration Errors on Your Vulnerability Scope
Special consideration is given to encryption-related problems (particularly SSL misconfigurations) when evaluating an entity's external vulnerability scope. Why is this...
Latest SparrowDoor Backdoor Versions Discovered in Incidents on U.S. and Mexican Entities
It has been discovered that the renowned Chinese hacker group, FamousSparrow, has been associated with a digital assault aimed at...
A Supply Chain Assault on Coinbase with GitHub Actions; Leaked CI/CD Secrets from 218 Repositories
The GitHub Action "tj-actions/changed-files" was at the center of the supply chain breach, commencing as a precise strike against one...
