chain

Popular GitHub Action Tags Redirected to Imposter Commit to Steal CI/CD Credentials

AndyC 19 May 2026

Ravie LakshmananMay 19, 2026Software Security / Malware In yet another software supply chain attack, threat actors have compromised the popular...

Mini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer Account

AndyC 19 May 2026

Cybersecurity researchers have discovered a fresh software supply chain attack campaign that has compromised various npm packages associated with the...

Developer Workstations Are Now Part of the Software Supply Chain

AndyC 19 May 2026

Supply chain attackers are not only trying to slip malicious code into trusted software. They are trying to steal the...

Four Malicious npm Packages Deliver Infostealers and Phantom Bot DDoS Malware

AndyC 19 May 2026

Ravie LakshmananMay 18, 2026Supply Chain Attack / Botnet Cybersecurity researchers have discovered four new npm packages containing information-stealing malware, one...

OpenAI Warns Mac Users to Update Apps After Supply-Chain Attack

AndyC 16 May 2026

OpenAI is telling Mac users to update its apps by June 12 after a developer-focused supply chain attack exposed code-signing...

RubyGems Suspends New Signups After Hundreds of Malicious Packages Are Uploaded

AndyC 13 May 2026

Ravie LakshmananMay 12, 2026Supply Chain Attack / Software Security RubyGems, the standard package manager for the Ruby programming language, has...

Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages

AndyC 13 May 2026

TeamPCP, the threat actor behind the recent supply chain attack spree, has been linked to the compromise of the npm and...

TeamPCP Compromises Checkmarx Jenkins AST Plugin Weeks After KICS Supply Chain Attack

AndyC 12 May 2026

Ravie LakshmananMay 11, 2026Supply Chain Attack / DevSecOps Checkmarx has confirmed that a modified version of the Jenkins AST plugin...

Fake OpenAI Privacy Filter Repo Hits #1 on Hugging Face, Draws 244K Downloads

AndyC 12 May 2026

Ravie LakshmananMay 11, 2026Supply Chain Attack / Threat Intelligence A malicious Hugging Face repository managed to take a spot in...

DAEMON Tools Supply Chain Attack Compromises Official Installers with Malware

AndyC 6 May 2026

Ravie LakshmananMay 05, 2026Endpoint Security / Software Security A newly identified supply chain attack targeting DAEMON Tools software has compromised...

3 easy-to-miss cybersecurity risks for small businesses

PhantomRaven Wave 5: New Undocumented NPM Supply Chain Campaign Targets DeFi, Cloud, and AI Developers

AndyC 4 May 2026

The post PhantomRaven Wave 5: New Undocumented NPM Supply Chain Campaign Targets DeFi, Cloud, and AI Developers appeared first on...

1,800 Developers Hit in Mini Shai-Hulud Supply Chain Attack Across PyPI, NPM, and PHP

AndyC 3 May 2026

What happened A supply chain attack campaign attributed to TeamPCP, dubbed Mini Shai-Hulud, has compromised packages across the PyPI, NPM,...

Poisoned Ruby Gems and Go Modules Exploit CI Pipelines for Credential Theft

AndyC 2 May 2026

Ravie LakshmananMay 01, 2026Supply Chain Attack / Malware A new software supply chain attack campaign has been observed using sleeper...

PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials

AndyC 1 May 2026

Ravie LakshmananApr 30, 2026Supply Chain Attack / Malware In yet another software supply chain attack, threat actors have managed to...

SAP-Related npm Packages Compromised in Credential-Stealing Supply Chain Attack

AndyC 30 April 2026

Ravie LakshmananApr 29, 2026Supply Chain Attack / Malware Cybersecurity researchers are sounding the alarm about a new supply chain attack...

chain

Popular GitHub Action Tags Redirected to Imposter Commit to Steal CI/CD Credentials

Mini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer Account

Developer Workstations Are Now Part of the Software Supply Chain

Four Malicious npm Packages Deliver Infostealers and Phantom Bot DDoS Malware

OpenAI Warns Mac Users to Update Apps After Supply-Chain Attack

RubyGems Suspends New Signups After Hundreds of Malicious Packages Are Uploaded

Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages

TeamPCP Compromises Checkmarx Jenkins AST Plugin Weeks After KICS Supply Chain Attack

Fake OpenAI Privacy Filter Repo Hits #1 on Hugging Face, Draws 244K Downloads

DAEMON Tools Supply Chain Attack Compromises Official Installers with Malware

PhantomRaven Wave 5: New Undocumented NPM Supply Chain Campaign Targets DeFi, Cloud, and AI Developers

1,800 Developers Hit in Mini Shai-Hulud Supply Chain Attack Across PyPI, NPM, and PHP

Poisoned Ruby Gems and Go Modules Exploit CI Pipelines for Credential Theft

PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials

SAP-Related npm Packages Compromised in Credential-Stealing Supply Chain Attack

Protecting legacy OT systems against modern cyberthreats

Lessons for life: Why children’s data is a long-term identity risk

This month in security with Tony Anscombe – May 2026 edition

ESET APT Activity Report Q4 2025–Q1 2026

What to consider before asking an AI chatbot for health advice

BTMOB: A stealthy RAT burrowing deep into Android devices

Donate Bitcoin to this address

Donate Ethereum to this address

Smashing Security podcast #472: AI gets hacked, and BitLocker gets bypassed

Smashing Security podcast #472: AI gets hacked, and BitLocker gets bypassed

Smashing Security podcast #472: AI gets hacked, and BitLocker gets bypassed

Smashing Security podcast #472: AI gets hacked, and BitLocker gets bypassed

Smashing Security podcast #472: AI gets hacked, and BitLocker gets bypassed

Donate Bitcoin to this address

Donate Ethereum to this address

You may have missed