Supply Chain Attacks

Iberia Airlines Exclusive: Critical Supply Chain Breach
When Iberia alerts customers that a supplier was compromised, it’s a reminder that a single supply‑chain breach can ripple into delays, data exposure and broader operational headaches across modern travel. If you got the email, here’s what it means for your trip and what to look out for next.

North Korean Hackers Exclusive: Dangerous JSON Channels
What if your next dependency quietly pulled a malicious payload from an innocent-looking JSON? North Korean-linked actors are exploiting public JSON storage services like JSON Keeper, JSONsilo, and npoint.io to seed stealthy backdoors into developer supply chains and swap payloads on the fly to evade detection.

Cybercrims Exclusive: Critical .NET Time-Bomb Threat
Imagine a slow-burning digital time bomb hidden in trusted .NET NuGet packages—discovered in 2023, these malicious libraries can stay dormant for years before detonating, forcing a hard rethink of how we trust and protect the software supply chain.

Cybercrooks Exclusive: Devastating Cargo Heists Exposed
Meet the new face of cargo theft: software-savvy criminals breach freight systems and team up with on-the-ground hijackers to divert high‑value shipments—creating faster, stealthier heists that ripple through supply chains and national security.

Hackers Fuel Stunning, Dangerous Rise in Cargo Heists
Hackers have turned supply chains into easy prey, sparking a sharp, dangerous rise in cargo heists—here’s how this new threat works and what drivers and companies can do to stay one step ahead.

Security Leaders Exclusive: Critical Subsidiary Cyberattack
Imagine waiting in line as screens go dark—Envoy Air’s recent critical subsidiary cyberattack forced airports into paper processes and left passengers in limbo. Its a wake‑up call that a single vendor breach can ripple across the entire aviation system, spurring urgent containment, recovery and renewed focus on supply‑chain risk.

18 Popular Code Packages Hacked: Stunning Crypto Theft Risk
Imagine one convincing phishing email letting attackers slip crypto‑stealing code into 18 popular JavaScript packages — collectively downloaded billions of times each week. The breach lays bare how fragile the software supply chain is: a single compromised maintainer can push malicious updates into countless projects and developer environments.

GlassWorm Exclusive: Dangerous VS Code Supply-Chain Attack
Meet GlassWorm: a self‑propagating supply‑chain worm hiding in VS Code extensions (Open VSX and the Microsoft Marketplace) that uses install‑time scripts and stolen CI tokens to publish more malicious packages, turning developer convenience into a fast‑moving attack vector.

18 Popular Code Packages Rigged to Steal Crypto
Think your dependencies are safe? Eighteen popular packages were secretly rigged to siphon crypto—here’s how to spot, avoid, and clean up these sneaky supply‑chain attacks.

automotive chip crunch: Stunning Risk to Global Auto Supply
A diplomatic move in the Netherlands has triggered Beijing to curb some chip exports, leaving carmakers from Europe to Asia nervously bracing for fresh microcontroller shortages that could stall production and hike costs. With vehicles increasingly dependent on a handful of specialized suppliers, this spat shows how quickly geopolitics can gum up the global supply chain — and why automakers, suppliers and governments must scramble for practical fixes.

self-replicating worm: Shocking, Devastating NPM Breach
Imagine your everyday npm install quietly stealing your keys — researchers traced a self‑replicating worm to at least 187 NPM packages that exfiltrates developer credentials to GitHub each time an infected package is installed. This outbreak shows how fragile the software supply chain is and why immediate credential rotation, strict dependency hygiene, and better package vetting are essential.

JavaScript packages Risky: Exclusive Crypto-Theft Alert
Eighteen popular JavaScript packages — downloaded billions of times a week — were briefly compromised after a maintainer fell for a phishing email, with code added to steal crypto keys before it was quickly removed. The scare is a wake-up call: tighten maintainer access, adopt signing and provenance, and treat dependencies like critical third-party software.

Askul ransomware attack: Stunning, Risky supply-chain hit
When Muji paused online orders after logistics partner Askul was hit by ransomware, it exposed a stark truth: a single third-party breach can freeze entire retail operations. This outage is a wake-up call for brands to map dependencies, tighten vendor security, and treat supply-chain risk as an ongoing priority.

Chinese-linked cyber operators: Stunning Risky Breach
What do you do when a partner becomes a suspect? Researchers found Chinese-linked hackers quietly breached a Russian IT provider — a rare pivot that shows geopolitical alignment doesn’t guarantee immunity and underscores how dangerous supply-chain compromises can be.

Discord webhooks: Powerful but Risky Supply-Chain Threat
Imagine a trusted package quietly sending your API keys to a Discord channel — researchers found npm, PyPI, and RubyGems libraries doing exactly that by abusing Discord webhooks as a simple command-and-control. Protect your projects now: audit and pin dependencies, lock down secrets, and add egress controls before convenience becomes the next supply-chain disaster.

Asahi cyberattack: Stunning Risky Supply Crisis
When a cyberattack forced Asahi to halt orders and shipments across Japan, it turned a brewing hiccup into a nationwide supply-risk test — empty shelves, strained retailers and shaken confidence followed. It’s a wake-up call for companies and regulators to boost cyber hygiene, contingency plans and transparent communication before the next disruption hits.

typosquatted npm package: Shocking Dangerous Heist
A single malicious line in a typosquatted npm package quietly CC’d thousands of Postmark emails to an attacker—turning a routine dependency into a stealthy data leak. It’s a wake‑up call: strong dependency hygiene, provenance checks, and runtime protections are essential to keep outbound messaging safe.

high-end GPUs: Risky Bottleneck, Must-Have for AI
Alibaba’s audacious $53 billion AI push could redefine enterprise cloud across Europe and Asia — but it hinges on one vulnerable thing: access to scarce, high-end GPUs. With export controls and supply snags forcing regional bets, custom chips and clever software, the company’s success will come down to whether it can secure enough compute or out-engineer the shortage.

Indian suppliers Risky: Stunning Global Breach Threat
A new report shows 53% of Indian vendors suffered third‑party breaches last year, spotlighting how one compromised supplier can cascade into global cyber crises and why supply‑chain security must be a shared priority.

QR-code steganography: Exclusive Dangerous Threat
A malicious npm package called Fezbox has been hiding stolen browser credentials inside seemingly innocuous QR images, turning routine builds into quiet data leaks. Treat every dependency with suspicion—pin versions, scan for suspicious runtime behavior, and rotate tokens—to defend against clever supply‑chain tricks like this.

Nimbus Manticore: Exclusive Risky Supply-Chain Threat
A stealthy, Iran-linked cyber actor called Nimbus Manticore is quietly shifting from remote spying to targeting European aerospace, telecom and defense suppliers — and its patient, surgical intrusions threaten intellectual property, supply chains and national security unless industry and governments boost defenses and share threats quickly.

software supply chain Must-Have Fix for Risky Systems
The OpenSSF warns that the critical infrastructure powering npm, PyPI and other registries is underfunded and increasingly vulnerable—if we don’t invest now, supply‑chain attacks and outages will be far costlier later. It’s time for governments, companies, and the community to share the bill and make the software plumbing resilient.

production pause: Stunning Risky Supply-Chain Crisis
Jaguar Land Rover’s production pause — now extended to October 1 — lays bare how fragile global supply chains can halt both everyday SUVs and luxury icons, snarling deliveries and unsettling local jobs. As the industry scrambles for fixes from regional suppliers to chip investments, this pause is a wake-up call to rethink how cars are built in an age of electrification and scarce parts.

supply-chain cyber-attack: Devastating Airport Chaos
Day three of travel chaos as a supply‑chain cyberattack on a key avionics supplier snarls check‑in, baggage and departures across major European airports — a sharp reminder that our high‑tech travel system can grind to a halt when a single supplier is hit.