Supply Chain Attacks
supply chain vulnerability: Harrowing Risky Threat
ProPublica’s reporting reveals a startling weak link: engineers in China maintaining U.S. Defense Department systems create a human-powered supply chain vulnerability that could be exploited by adversaries. It’s time for stricter oversight, transparency, and technical safeguards so efficiency doesn’t come at the cost of national security.
npm package security: Must-Have Guide to Risky Breaches
A targeted phishing attack that slipped malicious code into five npm packages shows how easily supply chains can be weaponized. Treat publish tokens like private keys—enable 2FA, rotate credentials, and demand package signing and provenance to stop the next breach.
Malicious Pull Request Hits 6,000 Developers Through Ethcode Extension
A sophisticated supply chain attack compromised the Ethcode extension for VS Code, silently infecting over 6,000 developers with malicious code and exposing critical blockchain projects to severe security risks. This breach highlights the urgent need for vigilant verification in software supply chains, where trust can be weaponized to devastating effect.
Unveiling Russian Aviation Supply Chains: Moscow, a Real Estate Agent, and Alain Delon’s Ex-Pilot in Thailand
Explore the intricate web of Russian aviation supply chains involving Moscow, a real estate agent, and Alain Delon’s former pilot in Thailand.
UNFI Recovers Core Systems Following Cyberattack on Whole Foods Supplier
UNFI restores core systems after a cyberattack impacting Whole Foods supply chain, ensuring operational stability and data security for customers.
Major Vulnerability in Open VSX Registry Puts Millions of Developers at Risk of Supply Chain Attacks
A major vulnerability in the Open VSX Registry threatens millions of developers, exposing them to potential supply chain attacks and security risks.
Glasgow Council Services and Data Threatened by Supply Chain Incident
Glasgow Council faces potential data threats following a supply chain incident, impacting essential services and data security measures.
Surge in Supply Chain Attacks Leaves Organizations Unaware of Dependencies
“Explore the rising threat of supply chain attacks and how organizations remain oblivious to their critical dependencies and vulnerabilities.”
Kazakh Titanium Lawsuit Poses Risk to Western Supply Chains in France and Kazakhstan
Kazakh Titanium lawsuit threatens Western supply chains, impacting operations in France and Kazakhstan amid rising legal and trade uncertainties.
ISMG Editors: Supply Chain Attacks Are Spiking – Here’s Why
ISMG Editors report a surge in supply chain attacks—exploring the causes and cybersecurity implications driving this alarming trend.
NCCoE Unveils New Tech Partners for Software Supply Chain and DevOps Security Initiative
NCCoE reveals new tech partners to boost software supply chain security and enhance DevOps defenses, driving industry innovation.
Supply Chain Attacks Really Are Surging
Supply Chain Attacks are surging. Discover emerging tactics, evolving threats, and strategies to effectively safeguard your organization.
Cyberattack Disrupts Operations at Major Whole Foods Supplier
Cyberattack upends operations at a major Whole Foods supplier, causing supply chain disruptions and prompting security investigations.
SentinelOne Confirms No Breach Despite Hardware Supplier Cyberattack
SentinelOne confirms no breach amid a hardware supplier cyberattack, emphasizing strong security measures and uninterrupted protection.
Grocery wholesale giant United Natural Foods hit by cyberattack
Grocery wholesale giant United Natural Foods hit by a disruptive cyberattack, sparking alarms over operations and supply chain security.
Malicious Code Discovered in Popular NPM Packages with 1 Million Weekly Downloads
Malicious code found in popular NPM packages (1M+ weekly downloads). Secure your dependencies now to prevent potential security risks.
Global Supply Chain Cyberattack Targets npm and PyPI, Impacting Millions Worldwide
Global cyberattack on npm & PyPI disrupts supply chains, impacting millions worldwide. Uncover breach details now.
Supply chain attack hits Gluestack NPM packages with 960K weekly downloads
Supply chain attack strikes Gluestack’s NPM packages with 960K weekly downloads, exposing vulnerabilities that threaten project security and developer trust.
Malicious PyPI, npm, and Ruby Packages Exposed in Ongoing Open-Source Supply Chain Attacks
Malicious PyPI, npm, and Ruby packages jeopardize open-source supply chains. Secure your projects by updating dependencies and managing risks.
#Infosec2025: Half of Firms Suffer Two Supply Chain Incidents in Past Year
At #Infosec2025, half of firms reported two supply chain incidents in the past year, exposing vulnerabilities and driving urgent cybersecurity action.
More than 40% of Fintech Breaches Linked to Third-Party Vendors
Over 40% of Fintech breaches involve third-party vendors. Discover critical risks and solutions for a secure financial ecosystem.
Dozens of malicious packages on NPM collect host and network data
Dozens of malicious NPM packages are covertly collecting host and network data, exposing developers to critical security risks and data breaches.
Russian Cyber Operatives Shadow Western Supply Chains
Russian cyber operatives stealthily exploit weaknesses in Western supply chains, threatening economic, political, and national security.
Earth Ammit Exploits ERP Vulnerabilities to Disrupt Drone Supply Chains in VEN
Earth Ammit exploits ERP vulnerabilities to disrupt VEN drone supply chains, triggering urgent security concerns and operational instability.