Tag: supply chain attack
79 articles

Armenian National Pleads Guilty to Ryuk Ransomware Conspiracy
Karen Serobovich Vardanyan, an Armenian national, has pleaded guilty to conspiracy charges for his role in a massive Ryuk ransomware scheme that raked in over $15 million in ransom payments from US-based organizations. The guilty plea marks a major win in the fight against cybercrime, as Vardanyan admitted to his part in the global extortion plot.

Malicious SDKs Target Paysafe, Skrill Users with Credential Theft
Beware of malicious software development kits (SDKs) masquerading as legitimate Paysafe, Skrill, and Neteller tools, designed to secretly steal your credentials. Researchers uncovered 17 fake packages on popular platforms, putting users at risk of credential theft.

AI Coding Assistants Exposed to HalluSquatting Botnet Attack
Researchers have uncovered a sneaky new attack method called HalluSquatting that targets AI coding assistants, exploiting their tendency to invent names and run code with minimal human oversight. This clever tactic chains together AI behaviors like hallucination and prompt injection to deliver malware efficiently.

US Government Entity Pays $1 Million to Thwart Data Leak
A US government entity was forced to pay a hefty $1 million ransom to prevent a massive data leak, after a group called Kairos threatened to release 1.6 million files unless their demand was met. The payment was the culmination of a month-long negotiation that began with a $3 million opening demand.

Hackers Inject Malicious Script in Polymarket Supply-Chain Attack
Polymarket has pledged to fully reimburse customers who lost around $3 million in a shocking supply-chain attack that injected malicious JavaScript into the platform's frontend via a third-party vendor breach. The incident highlights the vulnerability of even major players to these types of attacks.
UK Cyber Monitoring Centre Probes Canvas Breach Impact
The UK's Cyber Monitoring Centre is investigating a massive breach of Canvas, a popular learning management system, that exposed sensitive data at nearly 160 UK universities and colleges, as part of a global incident affecting around 9,000 educational institutions. The breach was caused by a notorious cybercrime group that exploited vulnerabilities on April 29 and again on May 7.

GitHub Phishing Kit Targets Mexican Banks via Cloud Services
A sneaky GitHub phishing kit called "GitBait" has been targeting customers of 12 Mexican banks for three years, cleverly using cloud services like GitHub Pages and Google Sheets to stay under the radar. This cunning operation relied on over 100 GitHub-hosted domains to steal credentials, making it a challenging case for investigators.

Mastra Packages Compromised in Software Supply Chain Attack
A massive software supply chain attack just hit Mastra, with over 140 malicious packages published in a single day by a compromised npm account. The swift and coordinated assault, dubbed easy-day-js, unfolded over just two days, catching defenders scrambling to respond.

Maine Breach Portal Exposed to Fake Data Breach Disclosures
A fake data breach notice was recently submitted to Maine's breach disclosure portal using VRChat's name, but the company quickly reassured fans that their data and systems are safe. The incident highlights a vulnerability in the portal's submission process, which allows anyone to post a breach notice without verification.

ShinyHunters Exploits Oracle PeopleSoft Vulnerability in Education Sector Attacks
ShinyHunters hackers have exploited a critical Oracle PeopleSoft vulnerability, CVE-2026-35273, to launch targeted attacks on US organizations, particularly in the higher education sector. The attacks, which involved data theft and extortion, hit a whopping 68% of US higher education institutions.

Miasma Worm Exposes GitHub Repositories in Supply Chain Attack
A sneaky Miasma worm has infiltrated 73 Microsoft GitHub repositories, putting countless projects at risk in a self-replicating supply chain attack. This malicious campaign is a stark reminder of the rapidly evolving threats lurking in the shadows of our digital supply chains.

Miasma Worm Targets Microsoft GitHub Repositories in Supply Chain Attack
GitHub has taken swift action, disabling access to 73 Microsoft repositories across four organizations after a sneaky supply chain attack by the Miasma Worm compromised code on the platform. The disruption was triggered when the malware targeted Microsoft's GitHub repositories, prompting site-wide warnings and restricted access.

Polyfill Compromise Targets Major Websites with Rogue Login Prompts
Major websites, including Toshiba and Muji, have been compromised by a rogue login prompt scam through polyfill.io, tricking visitors into entering sensitive information. If you encountered the fake sign-in screen, be sure to cancel and change your password to protect your account.

Hola Browser Compromised to Deliver Cryptominer in Supply Chain Attack
Hola's CEO, Avi Raz Cohen, assured users that the company has taken swift action to prevent future breaches, rebuilding its distribution pipeline and implementing robust security measures. The move comes after a supply chain attack compromised the Hola Browser, secretly delivering a cryptominer to unsuspecting users.

Miasma Supply Chain Attack Targets Red Hat npm Packages
A new supply-chain campaign, codenamed Miasma, has compromised multiple Red Hat npm packages to steal sensitive credentials and deliver a self-propagating worm, putting developer machines at risk. This sneaky attack uses clever tactics like install-time execution and encrypted exfiltration to harvest secrets and spread its reach.

Malicious NuGet Package Exfiltrates Sicoob Banking Credentials
A malicious NuGet package, masquerading as a C# SDK for a major Brazilian financial system, was designed to steal sensitive banking credentials, including client IDs, PFX passwords, and certificate bytes, from unsuspecting developers. This rogue package, downloaded nearly 500 times, put automation and security at risk.

Hackers Exploit FortiClient Flaw to Deliver Infostealer Malware
Hackers are exploiting a vulnerability in FortiClient Enterprise Management Server to deliver infostealer malware, cleverly disguising the payload as a legitimate Fortinet endpoint update. This sneaky tactic uses FortiClient-managed VPN scripting workflows to execute the malicious code, putting security teams on high alert.

GitHub-Hosted Malware Targets PHP Packages in Coordinated Supply Chain Attack
Malicious code was injected into eight PHP packages on Packagist, triggering a Linux binary download from GitHub Releases via JavaScript lifecycle hooks in package.json postinstall scripts. The attack was swiftly contained, with the malicious versions removed from Packagist.

Grafana GitHub Breach Exposes Source Code in TanStack npm Attack
Grafana Labs recently reported a security breach that exposed source code and internal data, but fortunately, there's no evidence that customer production systems were compromised. The breach, detected on May 11, was confined to the company's GitHub environment and involved both public and private source code and internal repositories.

Microsoft Disrupts Cybercrime Service Selling Code-Signing Certificates to Ransomware Gangs
Microsoft has disrupted a notorious cybercrime operation, dubbed Fox Tempest, that sold code-signing certificates to ransomware gangs, allowing them to disguise malware as legitimate Windows software. The operation, which created over 580 fake Microsoft accounts, has been linked to two individuals, John Doe 1 and John Doe 2, who allegedly traded in real, Microsoft-issued code-signing credentials.

Shai-Hulud Malware Targets 600 Npm Packages in Supply-Chain Attack
In a shocking supply-chain attack, malicious Shai-Hulud malware targeted a staggering 600 npm packages, with researchers uncovering nearly 640 tainted versions across 323 unique libraries in just one hour. The assault hit popular ecosystems like @antv and spread to widely-used packages, leaving a trail of poisoned code in its wake.

GitHub Actions Supply Chain Attack Exfiltrates CI/CD Credentials
A sneaky supply chain attack on GitHub Actions has led to the theft of CI/CD credentials, with hackers using a clever trick to redirect tags to fake commits that hide malicious code. By masquerading as legitimate commits, attackers were able to execute arbitrary code and evade pull request reviews.

OpenAI Breach Exposes Code-Signing Certificates in TanStack Supply Chain Attack
OpenAI revealed that two employee devices were compromised in a recent TanStack supply-chain attack, but fortunately, customer data, production systems, and intellectual property remained safe. The breach was limited to a small set of internal source code repositories and credentials.

Malware Targets TanStack npm Packages in Supply Chain Attack
Malware attackers have infiltrated the TanStack npm packages, modifying 84 artifacts in a supply chain attack that could compromise major developer ecosystems. The malicious code, aimed at stealing credentials, was published across 42 packages on May 11, with some, like @tanstack/react-router, downloaded over 12 million times weekly.