New supply chain attack hits npm registry, compromising 40+ packages
New supply chain attack hits npm registry, compromising 40+ packages Pierluigi Paganini September 16, 2025 Researchers uncovered a new supply...
chain
Self-Replicating Worm Compromising Hundreds of NPM Packages
An ongoing supply chain attack dubbed "Shai-Hulud" has compromised hundreds of packages in the npm repository with a self-replicating worm...
Ongoing npm Software Supply Chain Attack Exposes New Risks
Last updated 7:00 p.m. ET on September 16, 2025 The post Ongoing npm Software Supply Chain Attack Exposes New Risks...
Supply chain attack targets npm, +2 Billion weekly npm downloads exposed
Supply chain attack targets npm, +2 Billion weekly npm downloads exposed Pierluigi Paganini September 09, 2025 Multiple popular npm packages...
GitHub Account Compromise Led to Salesloft Drift Breach Affecting 22 Companies
Sep 08, 2025Ravie LakshmananSupply Chain Attack / API Security Salesloft has revealed that the data breach linked to its Drift...
How Interlock Ransomware Affects the Defense Industrial Base Supply Chain
How Interlock Ransomware Affects the Defense Industrial Base Supply Chain Pierluigi Paganini May 13, 2025 Interlock Ransomware ‘s attack on...
Sansec uncovered a supply chain attack via 21 backdoored Magento extensions
Sansec uncovered a supply chain attack via 21 backdoored Magento extensions Pierluigi Paganini May 05, 2025 Supply chain attack via...
The widely-used xrpl.js Ripple digital currency library was breached in a supply chain infiltration
The frequently utilized xrpl.js Ripple digital currency library was compromised during a supply chain breach Pierluigi Paganini April 23, 2025...
Developers Cautioned: Slopsquatting & Vibe Coding May Heighten Risk of AI-Powered Breaches
Concerns are being raised by security analysts and developers about the dangers of "slopsquatting," a novel type of supply chain...
GitHub Supply Chain Attack Root Cause Identified as SpotBugs Access Token Theft
A sequence of supply chain attack starting with Coinbase and extending to users of the "tj-actions/changed-files" GitHub Action has been...
AceSpot Access Key Pilfering Detected as Main Reason of GitHub Supply Chain Breach
The successive supply chain assault that first aimed at Coinbase before spreading wider to target users of the "tj-actions/changed-files" GitHub...
⚡ Weekly Tidings from THN: GitHub Supply Chain Security Breach, Artificial Intelligence Malicious Software, Bring Your Own Vulnerable Device Strategies, and Beyond
Subtle modifications in a widely-used open-source application paved the way for a breach in the supply chain—a deliberate attack swiftly...
A Supply Chain Assault on Coinbase with GitHub Actions; Leaked CI/CD Secrets from 218 Repositories
The GitHub Action "tj-actions/changed-files" was at the center of the supply chain breach, commencing as a precise strike against one...
A Fresh Infiltration Technique Identified as ‘Rules File Backdoor’ Assault Gives Intruders Ability to Infuse Corrupt Code through AI Code Editors
Innovative security analysts have revealed insights about a recent method of supply chain attack known as Rules File Backdoor that...
Harnessing the Potential of DeepSeek-R1: Unraveling Security Vulnerabilities in Chain of Thought
Harnessing the Potential of DeepSeek-R1: Unraveling Security Vulnerabilities in Chain of Thought | Trend Micro (US) Your Folio Has Received...
