CISA Warns of Actively Exploited Joomla JCE Flaw Allowing PHP Code Execution
Ravie LakshmananJun 17, 2026Vulnerability / Supply Chain Attack The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a...
supply
VS Code Adds 2-Hour Extension Auto-Update Delay to Limit Supply Chain Attacks
Ravie LakshmananJun 08, 2026Software Supply Chain / Malware Microsoft has announced that Visual Studio Code (VS Code) will apply a...
Miasma Supply Chain Attack Compromises Red Hat npm Packages with Credential-Stealing Worm
A new Mini Shai-Hulud supply chain attack campaign, codenamed Miasma, has compromised @redhat-cloud-services packages to steal credentials and secrets from...
OpenAI Codex Authentication Tokens Stolen in codexui-android npm Supply Chain Attack
Cybersecurity researchers have disclosed details of a new malicious supply chain campaign that's targeting developers using OpenAI Codex through a...
Malicious npm Package Stole Files From Claude AI User Directory via GitHub
Ravie LakshmananMay 27, 2026Threat Intelligence / Supply Chain Attack Cybersecurity researchers have discovered a new malicious package on the npm...
TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO
A new coordinated cross-ecosystem software supply chain attack campaign has targeted npm, PyPI, and Crates.io to distribute credential-stealing malware. The...
npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks
Ravie LakshmananMay 23, 2026Software Supply Chain / DevSecOps GitHub has rolled out new controls for npm to improve the security...
Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware
Ravie LakshmananMay 23, 2026Malware / DevSecOps A new "coordinated" supply chain attack campaign has impacted eight packages on Packagist including...
Popular GitHub Action Tags Redirected to Imposter Commit to Steal CI/CD Credentials
Ravie LakshmananMay 19, 2026Software Security / Malware In yet another software supply chain attack, threat actors have compromised the popular...
Mini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer Account
Cybersecurity researchers have discovered a fresh software supply chain attack campaign that has compromised various npm packages associated with the...
Developer Workstations Are Now Part of the Software Supply Chain
Supply chain attackers are not only trying to slip malicious code into trusted software. They are trying to steal the...
OpenAI Warns Mac Users to Update Apps After Supply-Chain Attack
OpenAI is telling Mac users to update its apps by June 12 after a developer-focused supply chain attack exposed code-signing...
DAEMON Tools Supply Chain Attack Compromises Official Installers with Malware
Ravie LakshmananMay 05, 2026Endpoint Security / Software Security A newly identified supply chain attack targeting DAEMON Tools software has compromised...
PhantomRaven Wave 5: New Undocumented NPM Supply Chain Campaign Targets DeFi, Cloud, and AI Developers
The post PhantomRaven Wave 5: New Undocumented NPM Supply Chain Campaign Targets DeFi, Cloud, and AI Developers appeared first on...
1,800 Developers Hit in Mini Shai-Hulud Supply Chain Attack Across PyPI, NPM, and PHP
What happened A supply chain attack campaign attributed to TeamPCP, dubbed Mini Shai-Hulud, has compromised packages across the PyPI, NPM,...
