GlassWorm Returns with 24 Malicious Extensions Impersonating Popular Developer Tools
Dec 02, 2025Ravie LakshmananMalware / Blockchain The supply chain campaign known as GlassWorm has once again reared its head, infiltrating...
supply
Malicious npm Package Uses Hidden Prompt and Script to Evade AI Security Tools
Dec 02, 2025Ravie LakshmananAI Security / Software Supply Chain Cybersecurity researchers have disclosed details of an npm package that attempts...
Shai-Hulud v2 Campaign Spreads From npm to Maven, Exposing Thousands of Secrets
The second wave of the Shai-Hulud supply chain attack has spilled over to the Maven ecosystem after compromising more than...
Shai-Hulud 2.0: over 14,000 secrets exposed
TL;DR: A new wave of the Shai-Hulud supply chain attack targeting NPM packages, dubbed “The Second Coming” by the...
BadAudio malware: how APT24 scaled its cyberespionage through supply chain attacks
BadAudio malware: how APT24 scaled its cyberespionage through supply chain attacks Pierluigi Paganini November 22, 2025 APT24 used supply chain...
CISO’s Expert Guide To AI Supply Chain Attacks
AI-enabled supply chain attacks jumped 156% last year. Discover why traditional defenses are failing and what CISOs must do now...
Researchers Detect Malicious npm Package Targeting GitHub-Owned Repositories
Nov 11, 2025Ravie LakshmananSoftware Supply Chain / Malware Cybersecurity researchers have discovered a malicious npm package named "@acitons/artifact" that typosquats...
Critical React Native CLI Flaw Exposed Millions of Developers to Remote Attacks
Nov 04, 2025Ravie LakshmananVulnerability / Supply Chain Security Details have emerged about a now-patched critical security flaw in the popular...
Cybercriminals Exploit Remote Monitoring Tools to Infiltrate Logistics and Freight Networks
Nov 03, 2025Ravie LakshmananCybercrime / Supply Chain Attack Bad actors are increasingly training their sights on trucking and logistics companies...
SilentSync RAT Delivered via Two Malicious PyPI Packages Targeting Python Developers
Sep 18, 2025Ravie LakshmananMalware / Supply Chain Attack Cybersecurity researchers have discovered two new malicious packages in the Python Package...
New supply chain attack hits npm registry, compromising 40+ packages
New supply chain attack hits npm registry, compromising 40+ packages Pierluigi Paganini September 16, 2025 Researchers uncovered a new supply...
Self-Replicating Worm Compromising Hundreds of NPM Packages
An ongoing supply chain attack dubbed "Shai-Hulud" has compromised hundreds of packages in the npm repository with a self-replicating worm...
Ongoing npm Software Supply Chain Attack Exposes New Risks
Last updated 7:00 p.m. ET on September 16, 2025 The post Ongoing npm Software Supply Chain Attack Exposes New Risks...
Supply chain attack targets npm, +2 Billion weekly npm downloads exposed
Supply chain attack targets npm, +2 Billion weekly npm downloads exposed Pierluigi Paganini September 09, 2025 Multiple popular npm packages...
How Interlock Ransomware Affects the Defense Industrial Base Supply Chain
How Interlock Ransomware Affects the Defense Industrial Base Supply Chain Pierluigi Paganini May 13, 2025 Interlock Ransomware ‘s attack on...
