chain

GlassWorm Returns with 24 Malicious Extensions Impersonating Popular Developer Tools

AndyC 3 December 2025

Dec 02, 2025Ravie LakshmananMalware / Blockchain The supply chain campaign known as GlassWorm has once again reared its head, infiltrating...

North Korean Hackers Deploy 197 npm Packages to Spread Updated OtterCookie Malware

AndyC 29 November 2025

Nov 28, 2025Ravie LakshmananSupply Chain Attack / Malware The North Korean threat actors behind the Contagious Interview campaign have continued...

Shai-Hulud v2 Campaign Spreads From npm to Maven, Exposing Thousands of Secrets

AndyC 27 November 2025

The second wave of the Shai-Hulud supply chain attack has spilled over to the Maven ecosystem after compromising more than...

Dissecting a new malspam chain delivering Purelogs infostealer

AndyC 27 November 2025

Dissecting a new malspam chain delivering Purelogs infostealer Pierluigi Paganini November 26, 2025 The AISI Research Center’s Cybersecurity Observatory publishes...

Shai-Hulud 2.0: over 14,000 secrets exposed

AndyC 25 November 2025

TL;DR: A new wave of the Shai-Hulud supply chain attack targeting NPM packages, dubbed “The Second Coming” by the...

BadAudio malware: how APT24 scaled its cyberespionage through supply chain attacks

AndyC 23 November 2025

BadAudio malware: how APT24 scaled its cyberespionage through supply chain attacks Pierluigi Paganini November 22, 2025 APT24 used supply chain...

Infostealers: The silent doorway to identity attacks — and why proactive defense matters

AndyC 15 November 2025

Credential theft isn’t just an inconvenience. It’s often the first move in a chain reaction that ends in full-scale compromise. ...

CISO’s Expert Guide To AI Supply Chain Attacks

AndyC 12 November 2025

AI-enabled supply chain attacks jumped 156% last year. Discover why traditional defenses are failing and what CISOs must do now...

Researchers Detect Malicious npm Package Targeting GitHub-Owned Repositories

AndyC 12 November 2025

Nov 11, 2025Ravie LakshmananSoftware Supply Chain / Malware Cybersecurity researchers have discovered a malicious npm package named "@acitons/artifact" that typosquats...

Hidden Logic Bombs in Malware-Laced NuGet Packages Set to Detonate Years After Installation

AndyC 8 November 2025

Nov 07, 2025Ravie LakshmananSupply Chain Attack / Malware A set of nine malicious NuGet packages has been identified as capable...

Critical React Native CLI Flaw Exposed Millions of Developers to Remote Attacks

AndyC 5 November 2025

Nov 04, 2025Ravie LakshmananVulnerability / Supply Chain Security Details have emerged about a now-patched critical security flaw in the popular...

Cybercriminals Exploit Remote Monitoring Tools to Infiltrate Logistics and Freight Networks

AndyC 4 November 2025

Nov 03, 2025Ravie LakshmananCybercrime / Supply Chain Attack Bad actors are increasingly training their sights on trucking and logistics companies...

Elevating the Human Factor in a Zero-Trust World

AndyC 1 November 2025

“Humans are the weakest link in the cybersecurity kill chain” has become something of a tired cliche in today’s...

GitHub Mandates 2FA and Short-Lived Tokens to Strengthen npm Supply Chain Security

AndyC 24 September 2025

Sep 23, 2025Ravie LakshmananSupply Chain Attack / Malware GitHub on Monday announced that it will be changing its authentication and...

SilentSync RAT Delivered via Two Malicious PyPI Packages Targeting Python Developers

AndyC 19 September 2025

Sep 18, 2025Ravie LakshmananMalware / Supply Chain Attack Cybersecurity researchers have discovered two new malicious packages in the Python Package...

chain

GlassWorm Returns with 24 Malicious Extensions Impersonating Popular Developer Tools

North Korean Hackers Deploy 197 npm Packages to Spread Updated OtterCookie Malware

Shai-Hulud v2 Campaign Spreads From npm to Maven, Exposing Thousands of Secrets

Dissecting a new malspam chain delivering Purelogs infostealer

Shai-Hulud 2.0: over 14,000 secrets exposed

BadAudio malware: how APT24 scaled its cyberespionage through supply chain attacks

Infostealers: The silent doorway to identity attacks — and why proactive defense matters

CISO’s Expert Guide To AI Supply Chain Attacks

Researchers Detect Malicious npm Package Targeting GitHub-Owned Repositories

Hidden Logic Bombs in Malware-Laced NuGet Packages Set to Detonate Years After Installation

Critical React Native CLI Flaw Exposed Millions of Developers to Remote Attacks

Cybercriminals Exploit Remote Monitoring Tools to Infiltrate Logistics and Freight Networks

GitHub Mandates 2FA and Short-Lived Tokens to Strengthen npm Supply Chain Security

SilentSync RAT Delivered via Two Malicious PyPI Packages Targeting Python Developers

ESET Threat Report H2 2025

Black Hat Europe 2025: Was that device designed to be on the internet at all?

Black Hat Europe 2025: Was that device designed to be on the internet at all?

Black Hat Europe 2025: Was that device designed to be on the internet at all?

Black Hat Europe 2025: Was that device designed to be on the internet at all?

Black Hat Europe 2025: Was that device designed to be on the internet at all?

Donate Bitcoin to this address

Donate Ethereum to this address

SonicWall warns of actively exploited flaw in SMA 100 AMC

Why Venture Capital Is Betting Against Traditional SIEMs

CVE-2025-40602: SonicWall Secure Mobile Access (SMA) 1000 Zero-Day Exploited

The Hidden Cost of “AI on Every Alert” (And How to Fix It)

SonicWall Fixes Actively Exploited CVE-2025-40602 in SMA 100 Appliances

Donate Bitcoin to this address

Donate Ethereum to this address

You may have missed