Sansec uncovered a supply chain attack via 21 backdoored Magento extensions
Sansec uncovered a supply chain attack via 21 backdoored Magento extensions Pierluigi Paganini May 05, 2025 Supply chain attack via...
supply
How to Handle CMMC Scoping for Remote Employees
CMMC mandates that companies working as part of the government supply line need to comply with a level of security...
Mobile and third-party risk: How legacy testing leaves you exposed
Risks to software supply chains from mobile applications are increasing, largely due to a lack of deeper visibility into their...
Operation SyncHole: Lazarus APT targets supply chains in South Korea
Operation SyncHole: Lazarus APT targets supply chains in South Korea Pierluigi Paganini April 25, 2025 The Lazarus Group, linked to...
The widely-used xrpl.js Ripple digital currency library was breached in a supply chain infiltration
The frequently utilized xrpl.js Ripple digital currency library was compromised during a supply chain breach Pierluigi Paganini April 23, 2025...
Developers Cautioned: Slopsquatting & Vibe Coding May Heighten Risk of AI-Powered Breaches
Concerns are being raised by security analysts and developers about the dangers of "slopsquatting," a novel type of supply chain...
Exploring the Latest Cyber Dangers Encountered by Supply Chains, Including Third-Party Suppliers and U.S. Trade Tariffs
Overview Businesses in various sectors are now increasingly worried about the cyber hazards that are targeting their supply chains. With...
GitHub Supply Chain Attack Root Cause Identified as SpotBugs Access Token Theft
A sequence of supply chain attack starting with Coinbase and extending to users of the "tj-actions/changed-files" GitHub Action has been...
AceSpot Access Key Pilfering Detected as Main Reason of GitHub Supply Chain Breach
The successive supply chain assault that first aimed at Coinbase before spreading wider to target users of the "tj-actions/changed-files" GitHub...
⚡ Weekly Tidings from THN: GitHub Supply Chain Security Breach, Artificial Intelligence Malicious Software, Bring Your Own Vulnerable Device Strategies, and Beyond
Subtle modifications in a widely-used open-source application paved the way for a breach in the supply chain—a deliberate attack swiftly...
A Supply Chain Assault on Coinbase with GitHub Actions; Leaked CI/CD Secrets from 218 Repositories
The GitHub Action "tj-actions/changed-files" was at the center of the supply chain breach, commencing as a precise strike against one...
CISA Alerts Regarding Ongoing Exploitation in GitHub Action Supply Chain Breach
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a warning on Tuesday about a security vulnerability related to the...
A Fresh Infiltration Technique Identified as ‘Rules File Backdoor’ Assault Gives Intruders Ability to Infuse Corrupt Code through AI Code Editors
Innovative security analysts have revealed insights about a recent method of supply chain attack known as Rules File Backdoor that...
Deleterious Go Package Manipulates Module Reflective Storage for Enduring Distant Control
Experts in Cybersecurity have highlighted a cyberattack on software distribution channels that aims at the Go environment. This attack utilizes...
Ultralytics AI Library Compromised: Cryptocurrency Miner Found in PyPI Versions
Security Breach: Cryptocurrency Mining Malware Detected in PyPI Releases of Ultralytics AI LibraryAnother incident of a breach in the software...
