PhantomRaven Wave 5: New Undocumented NPM Supply Chain Campaign Targets DeFi, Cloud, and AI Developers
The post PhantomRaven Wave 5: New Undocumented NPM Supply Chain Campaign Targets DeFi, Cloud, and AI Developers appeared first on...
supply
1,800 Developers Hit in Mini Shai-Hulud Supply Chain Attack Across PyPI, NPM, and PHP
What happened A supply chain attack campaign attributed to TeamPCP, dubbed Mini Shai-Hulud, has compromised packages across the PyPI, NPM,...
Poisoned Ruby Gems and Go Modules Exploit CI Pipelines for Credential Theft
Ravie LakshmananMay 01, 2026Supply Chain Attack / Malware A new software supply chain attack campaign has been observed using sleeper...
PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials
Ravie LakshmananApr 30, 2026Supply Chain Attack / Malware In yet another software supply chain attack, threat actors have managed to...
Artifact Poisoning: A Silent Threat to Enterprise Software Supply Chains
Software supply chains have quietly become one of the most critical and most vulnerable foundations of modern enterprises. Today, applications...
Checkmarx Confirms GitHub Repository Data Posted on Dark Web After March 23 Attack
Ravie LakshmananApr 27, 2026 Checkmarx has disclosed that its ongoing investigation tied to the supply chain security incident has revealed...
Researchers Uncover 73 Fake VS Code Extensions Delivering GlassWorm v2 Malware
Ravie LakshmananApr 27, 2026Malware / Software Supply Chain Cybersecurity researchers have flagged dozens of Microsoft Visual Studio Code (VS Code)...
Xinference PyPI Supply Chain Poisoning Warning
Overview Recently, NSFOCUS CERT detected that Xinference had suffered supply chain poisoning in its PyPI warehouse. The attacker stole the...
Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign
Bitwarden CLI has been compromised as part of the newly discovered and ongoing Checkmarx supply chain campaign, according to new...
Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign
Bitwarden CLI has been compromised as part of the newly discovered and ongoing Checkmarx supply chain campaign, according to new...
Supply Chain Attacks Are Getting Worse—How to Shrink Your Exposure
The post Supply Chain Attacks Are Getting Worse—How to Shrink Your Exposure appeared first on Fairwinds | Blog. In March...
GitHub Actions Supply Chain Attack: Trivy Breach & Workflow
The post GitHub Actions Supply Chain Attack: Trivy Breach & Workflow appeared first on Grip Security Blog. Since the end...
Why Software Supply Chain Security Requires a New Playbook
The post Why Software Supply Chain Security Requires a New Playbook appeared first on 2024 Sonatype Blog. Software is being...
Crushing the Axios supply chain threat with Tenable Hexa AI: Use cases for agentic AI
See how you can use Tenable Hexa AI to determine in minutes if you’re impacted by the Axios npm supply...
Crushing the Axios supply chain threat with Tenable Hexa AI: Use cases for agentic AI
See how you can use Tenable Hexa AI to determine in minutes if you’re impacted by the Axios npm supply...
