Tag: supply chain
820 articles

Saronic Unveils $3 Billion Texas Shipyard to Bolster US Vessel Production
Saronic is revolutionizing US shipbuilding with a massive $3 billion investment in Port Alpha, a game-changing shipyard in Texas that's set to become the largest in the Western Hemisphere. This cutting-edge facility will supercharge American vessel production, cementing the country's maritime industry for years to come.

Abbott Labs Probes Two Cyber Incidents Amid Extortion Claims
Abbott Laboratories is investigating a cyber incident that involved unauthorized access to a limited number of internal systems within its Cancer Diagnostics business, and has activated incident response procedures to address the issue. The company confirms that its operations remain unaffected and that the affected systems are separate from its other businesses and systems.

Malicious Vite npm Packages Exploit Blockchain C2 for RAT Delivery
Security researchers have uncovered a sneaky campaign, dubbed ViteVenom, involving seven malicious npm packages that target Vite developers, executing malicious code as soon as they're imported. These packages, published in a matter of days, may have modest download counts, but their stealthy nature raises major red flags for the supply-chain community.

GoldenEyeDog Exploits DigiCert Breach for Code-Signing Certificates
In a chilling example of malware mastery, the GoldenEyeDog group exploited a DigiCert breach to snag code-signing certificates, which they then used to cloak their malicious software in a veneer of legitimacy. This brazen heist highlights the group's cunning and capabilities, which have been under scrutiny since at least 2015.

Ernst & Young Exposes Client Data in Third-Party Support System Hack
Ernst & Young suffered a data breach when hackers accessed a third-party support system, downloading sensitive client documents between March 28 and April 12. The breach was detected on April 23, prompting the company to alert affected clients and notify authorities.

US Misidentifies Russian Hacker in Extradition Bid
A Russian man named Aleksandr Ermakov has been wrongly detained in an Armenian jail on a US extradition request, with his lawyers claiming he is not the REvil ransomware suspect the US is actually after. His family and lawyers are now racing against time to clear his name and prevent his deportation to the US.

US Military Tests Drones, 3D Printers to Overcome Pacific Distance Challenge
Imagine having manufacturing on demand, delivered at incredible speed and quality - that's what the US military is testing with drones and 3D printers to overcome vast distances in the Pacific. This game-changing approach could revolutionize the way the military gets the parts and supplies it needs, when and where it's needed.

Ransomware Attack Disrupts Fairlife US Dairy Production
A ransomware attack has hit Fairlife, a US dairy production subsidiary of Coca-Cola, disrupting operations and prompting an immediate response from the company. The incident has triggered a thorough investigation, with outside experts and law enforcement working to contain the breach.

Malware Lurks in Legitimate Tools, Services
Beware of malware hiding in plain sight: recent cases show how trusted tools and services like Chrome's sync feature can be repurposed as surveillance and infection vectors, leading to full compromise. Malicious packages, like 11 fake NuGet game utilities, can sneak in undetected, downloading second-stage payloads and wreaking havoc.

China-Linked Malware Resurfaces in Taiwan with Advanced Backdoors
Meet Daxin, a sneaky kernel-mode rootkit that's been upgraded with advanced backdoors, allowing it to hijack legitimate connections and evade detection by blending into normal network activity. This China-linked malware has a unique trick up its sleeve, monitoring incoming TCP traffic to carry out encrypted communications undetected.

PhantomEnigma Campaign Exploits Hijacked Government Sites
The PhantomEnigma campaign has hijacked over 20 Brazilian government websites, turning them into malware delivery channels in a sophisticated multi-stage operation. This sneaky attack exploited trusted infrastructure to fly under the radar, using legitimate links and email accounts to spread malware.

India, Australia Forge PACTS to Bolster Cybersecurity Partnership
Australia and India have joined forces to supercharge their cybersecurity partnership with the launch of PACTS, a game-changing agreement that promises to streamline collaboration and drive real results. This bold new framework replaces previous initiatives, bringing together key dialogues and taskforces under one cohesive umbrella.

CISA Mandates Patching of Exploited Oracle Flaw by Saturday
Federal cyber authorities are sounding the alarm: a high-risk flaw in Oracle E-Business Suite, already being exploited by hackers, must be patched by Saturday to prevent takeover of vulnerable systems. Over 1,000 Internet-exposed instances are at risk, with more than half located in the United States.

Russian Hackers Trojanize WebEx, Zoom with Starland Malware
Beware of a sneaky new malware campaign that's been targeting over 40 cryptocurrency wallets and popular apps like WebEx and Zoom since June 2025. A financially motivated Russian threat actor is behind the attacks, using trojanized installers to spread the Starland malware.

Cyberattack Disrupts Japan's Frozen Food Supply Chain
A cyberattack has crippled Nichirei Group's operations, causing system failures and disrupting Japan's frozen food supply chain, with the company confirming it is struggling to resume shipments and operations. The incident has already impacted downstream customers, with Nichirei hoping to restore services by Friday.

Attackers Exploit Zero-Days in SonicWall Appliances
Cyber attackers are exploiting two zero-day vulnerabilities, CVE-2026-15409 and CVE-2026-15410, in SonicWall appliances, with ransomware attacks seemingly their ultimate goal. Rapid7's team has thwarted attempts at data exfiltration and encryption, but the threat remains.

Malicious AsyncAPI Packages Target npm Users with Credential-Stealing Malware
On July 14, a supply-chain intrusion briefly introduced trojanized AsyncAPI packages into the npm ecosystem, putting users at risk of credential-stealing malware. Five malicious releases in the @asyncapi namespace were downloaded hundreds of thousands of times during a four-hour window.

Vulnerabilities in UEFI Shims Expose Secure Boot Bypass Risk
Thousands of systems may be at risk of a Secure Boot bypass due to vulnerabilities in 11 UEFI shim bootloaders, all signed by Microsoft, that allow attackers to circumvent security measures. These weaknesses have the potential to create a broad attack surface, putting many devices at risk of compromise.

Microsoft Halts Patch Update for Dell Devices Over Overheating Risks
Microsoft has temporarily halted a critical patch update for certain Dell devices due to compatibility issues that can cause overheating, shutdowns, and poor performance. A fix is expected soon, with both companies working together to resolve the problem.

AI-Powered Tool Discovers Zero-Day in WordPress Plugin
Meet the AI-powered tool that just discovered a zero-day vulnerability in a popular WordPress plugin, and learn how its automated pipeline can detect and exploit weaknesses in code. This game-changing technology can extract sensitive data, like password hashes and secret tokens, from live databases.

Cursor Flaw Enables Malicious Repositories to Execute Windows Code
A newly discovered flaw in Cursor allows malicious repositories to run Windows code simply by opening a project, exploiting a vulnerability that lets it execute any git.exe file found in the repository root without warning. This alarming exploit requires no prior access to the victim's machine, making it a serious security risk.

China's Economic Reset Propels New Phase of Growth
China is undergoing a significant economic reset, shifting from a low-cost labor market to a hub of skilled talent, with innovation-driven growth at the forefront of its 2026-2030 Five-Year Plan. This transformation is set to propel the country into a new phase of outward-facing, commercially sophisticated growth.

OkoBot Malware Targets Crypto Users Worldwide
Meet OkoBot, a sneaky malware framework that's got crypto users worldwide in its crosshairs, with over 20 malicious payloads and implants that can be assembled in different ways to wreak havoc. It spreads through clever tactics like ClickFix attacks and fake GitHub packages masquerading as legitimate software.

Compromised AsyncAPI Packages Deliver Multi-Stage Botnet Malware
Malicious actors have compromised several AsyncAPI packages, delivering a sophisticated multi-stage botnet malware that uses a command framework with six independent communication channels. The affected packages include @asyncapi/generator-helpers, @asyncapi/generator-components, @asyncapi/generator, and @asyncapi/specs in specific versions.