Skip to main content

Tag: supply chain attack

79 articles

Third-Party Risk Exposes Hidden Weaknesses in Client Security Posture

Third-Party Risk Exposes Hidden Weaknesses in Client Security Posture

The next big security breach hitting your clients likely won't come from within their own walls, but from a blind spot they never suspected: their trusted third-party relationships with vendors, SaaS tools, and subcontractors. Most organizations are woefully underprepared for this expanding attack surface.

Analyst 207
Mercor Hit in Widespread LiteLLM Supply-Chain Attack

Mercor Hit in Widespread LiteLLM Supply-Chain Attack

Thousands of companies, including AI hiring startup Mercor, have been hit by a widespread LiteLLM supply-chain attack, marking the first publicly disclosed downstream casualty of a software supply-chain intrusion. This incident raises a critical question: how can organizations trust their tech toolchains when the chain itself can be compromised?

Analyst 207
Axios Library Compromised in North Korea-Linked Supply Chain Attack

Axios Library Compromised in North Korea-Linked Supply Chain Attack

A widely-used JavaScript library, Axios, has been compromised in a supply-chain attack linked to North Korea, allowing attackers to secretly inject malicious code into millions of applications and systems. This sneaky move has sent shockwaves through the open-source software community, highlighting the vulnerability of even the most trusted code.

Analyst 207
Hackers Compromise Axios Package to Spread RAT Malware

Hackers Compromise Axios Package to Spread RAT Malware

A recent breach of the popular Axios npm package has exposed a critical supply chain vulnerability: hackers hijacked a maintainer account to spread remote access trojans, putting thousands of applications and developers at risk.

Analyst 207
Cisco Hit by Alarming Code Heist After Trivy Breach

Cisco Hit by Alarming Code Heist After Trivy Breach

A shocking code heist has hit Cisco, with hackers making off with sensitive source code after infiltrating the company's internal development environment through a Trivy supply-chain attack. This brazen breach raises urgent questions about the hidden vulnerabilities lurking in today's interconnected development ecosystems.

Analyst 207
Malware Alert: Critical Axios NPM Hack Spreads Devastating Cross-Platform Threats

Malware Alert: Critical Axios NPM Hack Spreads Devastating Cross-Platform Threats

A critical security breach has hit Axios, a widely-used JavaScript library with over 100 million weekly downloads, leaving developers and users vulnerable to devastating cross-platform threats. This shocking incident raises a crucial question: can even the most trusted software sources be considered secure?

Analyst 207
Axios Backdoor: Critical npm Supply Chain Attack Unleashes Devastating RAT Malware

Axios Backdoor: Critical npm Supply Chain Attack Unleashes Devastating RAT Malware

A single compromised account has triggered a critical supply chain attack on Axios, a widely-used JavaScript library, unleashing devastating RAT malware and putting millions of developers worldwide at risk. This shocking breach highlights the urgent need for more stringent security measures to protect our global software ecosystem.

Analyst 207
Axios Hit by Critical Supply Chain Attack

Axios Hit by Critical Supply Chain Attack

A critical supply chain attack has hit Axios, a popular HTTP client, compromising the integrity of its npm package and raising fresh concerns about the security of our digital infrastructure. Malicious versions of the Axios package were published, injecting a fake dependency that put users at risk.

Analyst 207
Malicious PyPI Packages Spread Devastating Malware

Malicious PyPI Packages Spread Devastating Malware

Malicious actors have struck again, this time infiltrating the Python Package Index (PyPI) with tainted versions of popular packages Telnyx and LiteLLM, putting developers' sensitive credentials at risk. Can we trust the software supply chain when even seemingly secure systems can be breached?

Analyst 207
Crypto Scam ShieldGuard Dismantled in Stunning Malware Bust

Crypto Scam ShieldGuard Dismantled in Stunning Malware Bust

The ShieldGuard Chrome extension, sold as a crypto safeguard, quietly stole private keys and drained wallets — a stark reminder that a browser helper can easily become a thief. Find out how investigators tore it down and what steps to take now to protect your assets.

Analyst 207
North Korea’s APT37 Exclusive: Dangerous Tool Hits Air-Gap

North Korea’s APT37 Exclusive: Dangerous Tool Hits Air-Gap

Think the most isolated machines are untouchable? North Korea’s APT37 has broadened its toolkit — combining believable lures with new utilities that can defeat air‑gap protections and put highly sensitive systems at fresh risk.

Analyst 207
eScan Antivirus Exclusive: Servers Breached, Severe Malware

eScan Antivirus Exclusive: Servers Breached, Severe Malware

Imagine your antivirus becoming the delivery system for malware — that’s what happened when eScan antivirus update servers pushed persistent downloaders and staged payloads to thousands of systems. The breach shows how trusted update channels and elevated security privileges can turn supply‑chain risk into a widespread disaster.

Analyst 207
Trust Wallet Chrome Extension Breach: Critical $7M Loss

Trust Wallet Chrome Extension Breach: Critical $7M Loss

If you use the Trust Wallet Chrome extension, update it immediately—version 2.68 was compromised and has already led to roughly $7 million in losses across about a million users. Take a moment to review connected sites, revoke suspicious approvals, and secure your seed phrase.

Analyst 207
Coupang Breach: Stunning Damage Hits 34M, Leaders React

Coupang Breach: Stunning Damage Hits 34M, Leaders React

Coupang breach jolted roughly 34 million customers after attackers used vishing and compromised vendor channels to steal—and then extort—sensitive data; here’s what went wrong and what customers and companies need to do next.

Analyst 207
Logitech Breach Prompts Stunning Critical Security Response

Logitech Breach Prompts Stunning Critical Security Response

The confirmed Logitech breach is a wake‑up call for anyone with vendor integrations. Security leaders recommend treating third‑party access as an attack vector — audit entitlements, tighten tokens and OAuth scopes, and boost detection to stop downstream damage.

Analyst 207
PickleScan Exclusive: Critical Flaws Rock AI Supply Chains

PickleScan Exclusive: Critical Flaws Rock AI Supply Chains

Researchers disclosed three critical PickleScan zero-days that let attackers stealthily swap or tamper with local AI models—injecting misinformation, bias, or even exfiltrating data from Python/PyTorch model runners. Exploitable via drive-by browser-origin attacks against assumed-safe local admin endpoints, these flaws show how our trusted AI tooling can become the weakest link in the supply chain.

Analyst 207
Cyber-Attack Exclusive: Severe OnSolve CodeRED Outage

Cyber-Attack Exclusive: Severe OnSolve CodeRED Outage

Imagine the sirens going silent: when INC Ransom hit OnSolve’s CodeRED, communities missed vital alerts and scrambled to improvise slow, unreliable backups. The outage — and exposed user data — lays bare how dangerously dependent public safety has become on just a few commercial providers.

Analyst 207
Russian-linked Malware: Dangerous, Stunning Blender Threat

Russian-linked Malware: Dangerous, Stunning Blender Threat

Think twice before opening that .blend—Morphisec found Russian-linked StealC V2 hidden inside Blender project files, so importing a shared 3D asset can trigger a stealthy multi-stage stealer. Artists and studios should start treating downloaded .blend files like potential executables until vetting becomes routine.

Analyst 207
Gainsight Exclusive: Critical Hack Risks Salesforce Clients

Gainsight Exclusive: Critical Hack Risks Salesforce Clients

Urgent heads-up: a critical Gainsight hack could expose Salesforce clients’ data—here’s what happened and how to protect your systems.

Analyst 207
SEC Stunning Move Drops SolarWinds Case, Costly Fallout

SEC Stunning Move Drops SolarWinds Case, Costly Fallout

The SEC’s abrupt request to dismiss its high‑profile lawsuit over the 2020 SolarWinds supply‑chain breach has left investors, technologists and policymakers wondering what it signals about enforcement, deterrence and the limits of cyber regulation. After years of litigation that promised to redefine how securities law treats cybersecurity, the surprising reversal raises urgent questions about accountability and how companies should disclose cyber risk.

Analyst 207
GlobalLogic Exclusive: Severe Oracle EBS Cl0p Attack

GlobalLogic Exclusive: Severe Oracle EBS Cl0p Attack

GlobalLogic pulls back the curtain on a severe Cl0p Oracle EBS attack. Learn what went wrong, who’s at risk, and the simple steps you can take now to protect your systems.

Analyst 207
Dark smartphone screen with cracked lock and eerie shadows, glowing thread weaving through cityscape, symbolizing malware…

Malware-Laden Apps: Stunning Threat in 41M Play Store Installs

Think the Play Store is safe? Researchers found hundreds of malicious Android apps that slipped past vetting and amassed tens of millions of installs—using hijacked SDKs, repackaged binaries and delayed activation to turn everyday apps into stealthy attack platforms.

Analyst 207
Invisible npm malware: Exclusive, Dangerous Token Theft

Invisible npm malware: Exclusive, Dangerous Token Theft

PhantomRaven quietly slipped into the npm registry, turning routine installs into token theft by harvesting credentials during install and letting attackers publish malicious updates without touching your code. One stolen token can cascade through thousands of projects—here’s why supply‑chain hygiene and MFA matter now.

Analyst 207
Shaq’s new ride Exclusive: Costly Hijack Exposed

Shaq’s new ride Exclusive: Costly Hijack Exposed

Shaq’s new ride reveals a surprising weak spot: when celebrities rely on niche customization shops for bespoke engineering, those small specialists — holding valuable blueprints and client data — become prime targets for savvy criminals. A breach can mean leaked designs, stolen invoices and lucrative leverage for extortion.

Analyst 207