Skip to main content

Tag: supply chain attack

79 articles

Man sits somberly in a courtroom or government agency setting, hands clasped or holding a document.

Armenian National Pleads Guilty to Ryuk Ransomware Conspiracy

Karen Serobovich Vardanyan, an Armenian national, has pleaded guilty to conspiracy charges for his role in a massive Ryuk ransomware scheme that raked in over $15 million in ransom payments from US-based organizations. The guilty plea marks a major win in the fight against cybercrime, as Vardanyan admitted to his part in the global extortion plot.

Analyst 207
Developer workstation with laptop and coding items, hinting at vulnerability with faint shadow and ajar window.

Malicious SDKs Target Paysafe, Skrill Users with Credential Theft

Beware of malicious software development kits (SDKs) masquerading as legitimate Paysafe, Skrill, and Neteller tools, designed to secretly steal your credentials. Researchers uncovered 17 fake packages on popular platforms, putting users at risk of credential theft.

Analyst 207
Developer workstation with coding interface on laptop amidst office surroundings.

AI Coding Assistants Exposed to HalluSquatting Botnet Attack

Researchers have uncovered a sneaky new attack method called HalluSquatting that targets AI coding assistants, exploiting their tendency to invent names and run code with minimal human oversight. This clever tactic chains together AI behaviors like hallucination and prompt injection to deliver malware efficiently.

Analyst 207
Secure facility interior with a symbolic payment terminal or encrypted data storage device.

US Government Entity Pays $1 Million to Thwart Data Leak

A US government entity was forced to pay a hefty $1 million ransom to prevent a massive data leak, after a group called Kairos threatened to release 1.6 million files unless their demand was met. The payment was the culmination of a month-long negotiation that began with a $3 million opening demand.

Analyst 207
Brightly-lit office with rows of computer servers and a large screen displaying a blurred image.

Hackers Inject Malicious Script in Polymarket Supply-Chain Attack

Polymarket has pledged to fully reimburse customers who lost around $3 million in a shocking supply-chain attack that injected malicious JavaScript into the platform's frontend via a third-party vendor breach. The incident highlights the vulnerability of even major players to these types of attacks.

Analyst 207

UK Cyber Monitoring Centre Probes Canvas Breach Impact

The UK's Cyber Monitoring Centre is investigating a massive breach of Canvas, a popular learning management system, that exposed sensitive data at nearly 160 UK universities and colleges, as part of a global incident affecting around 9,000 educational institutions. The breach was caused by a notorious cybercrime group that exploited vulnerabilities on April 29 and again on May 7.

Analyst 207
Cloud computing setup with laptop and servers in a bright office, hint of phishing activity.

GitHub Phishing Kit Targets Mexican Banks via Cloud Services

A sneaky GitHub phishing kit called "GitBait" has been targeting customers of 12 Mexican banks for three years, cleverly using cloud services like GitHub Pages and Google Sheets to stay under the radar. This cunning operation relied on over 100 GitHub-hosted domains to steal credentials, making it a challenging case for investigators.

Analyst 207
Software development workspace with multiple computer screens and scattered papers.

Mastra Packages Compromised in Software Supply Chain Attack

A massive software supply chain attack just hit Mastra, with over 140 malicious packages published in a single day by a compromised npm account. The swift and coordinated assault, dubbed easy-day-js, unfolded over just two days, catching defenders scrambling to respond.

Analyst 207
Laptop screen displays data breach notice in government office setting.

Maine Breach Portal Exposed to Fake Data Breach Disclosures

A fake data breach notice was recently submitted to Maine's breach disclosure portal using VRChat's name, but the company quickly reassured fans that their data and systems are safe. The incident highlights a vulnerability in the portal's submission process, which allows anyone to post a breach notice without verification.

Analyst 207
University campus scene with administrative building, people walking, and laptop on a table.

ShinyHunters Exploits Oracle PeopleSoft Vulnerability in Education Sector Attacks

ShinyHunters hackers have exploited a critical Oracle PeopleSoft vulnerability, CVE-2026-35273, to launch targeted attacks on US organizations, particularly in the higher education sector. The attacks, which involved data theft and extortion, hit a whopping 68% of US higher education institutions.

Analyst 207
Dimly lit software development workspace with rows of computer workstations and coding materials.

Miasma Worm Exposes GitHub Repositories in Supply Chain Attack

A sneaky Miasma worm has infiltrated 73 Microsoft GitHub repositories, putting countless projects at risk in a self-replicating supply chain attack. This malicious campaign is a stark reminder of the rapidly evolving threats lurking in the shadows of our digital supply chains.

Analyst 207
GitHub repository page on laptop screen with error message and blurred software development workspace background.

Miasma Worm Targets Microsoft GitHub Repositories in Supply Chain Attack

GitHub has taken swift action, disabling access to 73 Microsoft repositories across four organizations after a sneaky supply chain attack by the Miasma Worm compromised code on the platform. The disruption was triggered when the malware targeted Microsoft's GitHub repositories, prompting site-wide warnings and restricted access.

Analyst 207
Laptop screen displays rogue login prompt with generic logo and username field.

Polyfill Compromise Targets Major Websites with Rogue Login Prompts

Major websites, including Toshiba and Muji, have been compromised by a rogue login prompt scam through polyfill.io, tricking visitors into entering sensitive information. If you encountered the fake sign-in screen, be sure to cancel and change your password to protect your account.

Analyst 207
Windows computer workstation with browser open, surrounded by technical books and office supplies.

Hola Browser Compromised to Deliver Cryptominer in Supply Chain Attack

Hola's CEO, Avi Raz Cohen, assured users that the company has taken swift action to prevent future breaches, rebuilding its distribution pipeline and implementing robust security measures. The move comes after a supply chain attack compromised the Hola Browser, secretly delivering a cryptominer to unsuspecting users.

Analyst 207
Developer workstation with open laptop showing code, surrounded by empty coffee cups and scattered notes, hinting at a…

Miasma Supply Chain Attack Targets Red Hat npm Packages

A new supply-chain campaign, codenamed Miasma, has compromised multiple Red Hat npm packages to steal sensitive credentials and deliver a self-propagating worm, putting developer machines at risk. This sneaky attack uses clever tactics like install-time execution and encrypted exfiltration to harvest secrets and spread its reach.

Analyst 207
Cluttered developer's workstation with coding interface on screen.

Malicious NuGet Package Exfiltrates Sicoob Banking Credentials

A malicious NuGet package, masquerading as a C# SDK for a major Brazilian financial system, was designed to steal sensitive banking credentials, including client IDs, PFX passwords, and certificate bytes, from unsuspecting developers. This rogue package, downloaded nearly 500 times, put automation and security at risk.

Analyst 207
Network device sits prominently in a server room with management console blurred in background.

Hackers Exploit FortiClient Flaw to Deliver Infostealer Malware

Hackers are exploiting a vulnerability in FortiClient Enterprise Management Server to deliver infostealer malware, cleverly disguising the payload as a legitimate Fortinet endpoint update. This sneaky tactic uses FortiClient-managed VPN scripting workflows to execute the malicious code, putting security teams on high alert.

Analyst 207
Laptop and development tools sit on a cluttered workspace surrounded by generic technology equipment.

GitHub-Hosted Malware Targets PHP Packages in Coordinated Supply Chain Attack

Malicious code was injected into eight PHP packages on Packagist, triggering a Linux binary download from GitHub Releases via JavaScript lifecycle hooks in package.json postinstall scripts. The attack was swiftly contained, with the malicious versions removed from Packagist.

Analyst 207
Laptop screen displays GitHub repository page on a clean workspace surface.

Grafana GitHub Breach Exposes Source Code in TanStack npm Attack

Grafana Labs recently reported a security breach that exposed source code and internal data, but fortunately, there's no evidence that customer production systems were compromised. The breach, detected on May 11, was confined to the company's GitHub environment and involved both public and private source code and internal repositories.

Analyst 207
Law enforcement officials in a secure facility render code-signing credentials invalid.

Microsoft Disrupts Cybercrime Service Selling Code-Signing Certificates to Ransomware Gangs

Microsoft has disrupted a notorious cybercrime operation, dubbed Fox Tempest, that sold code-signing certificates to ransomware gangs, allowing them to disguise malware as legitimate Windows software. The operation, which created over 580 fake Microsoft accounts, has been linked to two individuals, John Doe 1 and John Doe 2, who allegedly traded in real, Microsoft-issued code-signing credentials.

Analyst 207
Coding environment with lines of code on screen, surrounded by notes and diagrams.

Shai-Hulud Malware Targets 600 Npm Packages in Supply-Chain Attack

In a shocking supply-chain attack, malicious Shai-Hulud malware targeted a staggering 600 npm packages, with researchers uncovering nearly 640 tainted versions across 323 unique libraries in just one hour. The assault hit popular ecosystems like @antv and spread to widely-used packages, leaving a trail of poisoned code in its wake.

Analyst 207
Blurred computer terminal surrounded by development notes and empty coffee cups in a brightly-lit coding environment.

GitHub Actions Supply Chain Attack Exfiltrates CI/CD Credentials

A sneaky supply chain attack on GitHub Actions has led to the theft of CI/CD credentials, with hackers using a clever trick to redirect tags to fake commits that hide malicious code. By masquerading as legitimate commits, attackers were able to execute arbitrary code and evade pull request reviews.

Analyst 207
Cluttered software development workstation with laptop, monitor, and papers in an office environment.

OpenAI Breach Exposes Code-Signing Certificates in TanStack Supply Chain Attack

OpenAI revealed that two employee devices were compromised in a recent TanStack supply-chain attack, but fortunately, customer data, production systems, and intellectual property remained safe. The breach was limited to a small set of internal source code repositories and credentials.

Analyst 207
Developer workstation with laptop, coding environment, notes, and coffee cups, with daylight and cityscape in background.

Malware Targets TanStack npm Packages in Supply Chain Attack

Malware attackers have infiltrated the TanStack npm packages, modifying 84 artifacts in a supply chain attack that could compromise major developer ecosystems. The malicious code, aimed at stealing credentials, was published across 42 packages on May 11, with some, like @tanstack/react-router, downloaded over 12 million times weekly.

Analyst 207