Skip to main content

Tag: supply chain

823 articles

Employees work in an office with one focused on a laptop and smartphone, surrounded by a blurred digital connector interface.

AI Connectors Exacerbate Security Risks in Enterprise Deployments

As AI connectors rapidly evolve, they can dramatically expand the risk of security breaches in enterprise deployments, introducing new vulnerabilities with each added integration. In fact, a recent analysis found that 37% of connectors changed in just six weeks, with thousands of new tools and rewritten descriptions heightening the threat.

Analyst 207
Dimly lit workstation with worn laptop showing distorted CAPTCHA prompt amidst clutter and broken office supplies.

Russian Hackers Exploit ClickFix CAPTCHAs to Spread Malware in Ukraine

Ukraine's Computer Emergency Response Team (CERT-UA) warns that Russian hackers, part of the notorious Sandworm group, are using manipulated CAPTCHAs to trick victims into downloading malware, specifically targeting Ukraine with data-stealing attacks. They've been linked to a series of social engineering scams that spread malware through legitimate websites.

Analyst 207
Concerned IT professionals stand in front of rows of computer servers and networking equipment in a brightly-lit network…

Hackers Exploit ViPNet Software to Target Russian Government Agencies

A sophisticated cyber attack, dubbed HelloNet, has been targeting high-profile Russian organizations, including government agencies, energy companies, and educational institutions, since at least May. The hackers are exploiting a popular networking software to deliver a powerful proxy and loader, allowing them to gain a foothold and spread their reach.

Analyst 207
Large Texas shipyard with cranes and partially built vessel on launchpad, set against a clear blue sky.

Saronic Unveils $3 Billion Texas Shipyard to Bolster US Vessel Production

Saronic is revolutionizing US shipbuilding with a massive $3 billion investment in Port Alpha, a game-changing shipyard in Texas that's set to become the largest in the Western Hemisphere. This cutting-edge facility will supercharge American vessel production, cementing the country's maritime industry for years to come.

Analyst 207
Medical device in a Cancer Diagnostics lab with a computer workstation in the background.

Abbott Labs Probes Two Cyber Incidents Amid Extortion Claims

Abbott Laboratories is investigating a cyber incident that involved unauthorized access to a limited number of internal systems within its Cancer Diagnostics business, and has activated incident response procedures to address the issue. The company confirms that its operations remain unaffected and that the affected systems are separate from its other businesses and systems.

Analyst 207
Cluttered developer workstation with laptop, coding tools, and subtle blockchain diagram in background.

Malicious Vite npm Packages Exploit Blockchain C2 for RAT Delivery

Security researchers have uncovered a sneaky campaign, dubbed ViteVenom, involving seven malicious npm packages that target Vite developers, executing malicious code as soon as they're imported. These packages, published in a matter of days, may have modest download counts, but their stealthy nature raises major red flags for the supply-chain community.

Analyst 207
Security analysts examine a laptop screen in a brightly-lit security operations center with rows of computer servers in the…

GoldenEyeDog Exploits DigiCert Breach for Code-Signing Certificates

In a chilling example of malware mastery, the GoldenEyeDog group exploited a DigiCert breach to snag code-signing certificates, which they then used to cloak their malicious software in a veneer of legitimacy. This brazen heist highlights the group's cunning and capabilities, which have been under scrutiny since at least 2015.

Analyst 207
Blurred office background with a single support document on a desk.

Ernst & Young Exposes Client Data in Third-Party Support System Hack

Ernst & Young suffered a data breach when hackers accessed a third-party support system, downloading sensitive client documents between March 28 and April 12. The breach was detected on April 23, prompting the company to alert affected clients and notify authorities.

Analyst 207
Man led away by border officers in airport departure hall.

US Misidentifies Russian Hacker in Extradition Bid

A Russian man named Aleksandr Ermakov has been wrongly detained in an Armenian jail on a US extradition request, with his lawyers claiming he is not the REvil ransomware suspect the US is actually after. His family and lawyers are now racing against time to clear his name and prevent his deportation to the US.

Analyst 207
Military personnel work on 3D printer and drones at a workshop bench overlooking a Pacific base.

US Military Tests Drones, 3D Printers to Overcome Pacific Distance Challenge

Imagine having manufacturing on demand, delivered at incredible speed and quality - that's what the US military is testing with drones and 3D printers to overcome vast distances in the Pacific. This game-changing approach could revolutionize the way the military gets the parts and supplies it needs, when and where it's needed.

Analyst 207
Empty dairy production facility with idle equipment and computers.

Ransomware Attack Disrupts Fairlife US Dairy Production

A ransomware attack has hit Fairlife, a US dairy production subsidiary of Coca-Cola, disrupting operations and prompting an immediate response from the company. The incident has triggered a thorough investigation, with outside experts and law enforcement working to contain the breach.

Analyst 207
Person working on laptop in brightly lit coffee shop with blurred screen.

Malware Lurks in Legitimate Tools, Services

Beware of malware hiding in plain sight: recent cases show how trusted tools and services like Chrome's sync feature can be repurposed as surveillance and infection vectors, leading to full compromise. Malicious packages, like 11 fake NuGet game utilities, can sneak in undetected, downloading second-stage payloads and wreaking havoc.

Analyst 207
Network equipment and monitoring screens in a dimly lit operations center.

China-Linked Malware Resurfaces in Taiwan with Advanced Backdoors

Meet Daxin, a sneaky kernel-mode rootkit that's been upgraded with advanced backdoors, allowing it to hijack legitimate connections and evade detection by blending into normal network activity. This China-linked malware has a unique trick up its sleeve, monitoring incoming TCP traffic to carry out encrypted communications undetected.

Analyst 207
Government building interior with laptop showing a website, hinting at vulnerability.

PhantomEnigma Campaign Exploits Hijacked Government Sites

The PhantomEnigma campaign has hijacked over 20 Brazilian government websites, turning them into malware delivery channels in a sophisticated multi-stage operation. This sneaky attack exploited trusted infrastructure to fly under the radar, using legitimate links and email accounts to spread malware.

Analyst 207
Officials from India and Australia meet in a conference room, surrounded by national flags and working documents.

India, Australia Forge PACTS to Bolster Cybersecurity Partnership

Australia and India have joined forces to supercharge their cybersecurity partnership with the launch of PACTS, a game-changing agreement that promises to streamline collaboration and drive real results. This bold new framework replaces previous initiatives, bringing together key dialogues and taskforces under one cohesive umbrella.

Analyst 207
Rows of equipment racks in a brightly-lit IT facility with a single, out-of-focus figure in the foreground.

CISA Mandates Patching of Exploited Oracle Flaw by Saturday

Federal cyber authorities are sounding the alarm: a high-risk flaw in Oracle E-Business Suite, already being exploited by hackers, must be patched by Saturday to prevent takeover of vulnerable systems. Over 1,000 Internet-exposed instances are at risk, with more than half located in the United States.

Analyst 207
Laptop on cluttered home office desk with video conferencing installer open, surrounded by papers and a smartphone.

Russian Hackers Trojanize WebEx, Zoom with Starland Malware

Beware of a sneaky new malware campaign that's been targeting over 40 cryptocurrency wallets and popular apps like WebEx and Zoom since June 2025. A financially motivated Russian threat actor is behind the attacks, using trojanized installers to spread the Starland malware.

Analyst 207
Refrigerated warehouse interior with frozen food storage units, some packages on floor, and a parked pallet jack.

Cyberattack Disrupts Japan's Frozen Food Supply Chain

A cyberattack has crippled Nichirei Group's operations, causing system failures and disrupting Japan's frozen food supply chain, with the company confirming it is struggling to resume shipments and operations. The incident has already impacted downstream customers, with Nichirei hoping to restore services by Friday.

Analyst 207
Rack-mounted SonicWall SMA1000 appliance in a typical office server closet.

Attackers Exploit Zero-Days in SonicWall Appliances

Cyber attackers are exploiting two zero-day vulnerabilities, CVE-2026-15409 and CVE-2026-15410, in SonicWall appliances, with ransomware attacks seemingly their ultimate goal. Rapid7's team has thwarted attempts at data exfiltration and encryption, but the threat remains.

Analyst 207
Compromised software development environment with laptop and papers, hinting at a supply-chain intrusion.

Malicious AsyncAPI Packages Target npm Users with Credential-Stealing Malware

On July 14, a supply-chain intrusion briefly introduced trojanized AsyncAPI packages into the npm ecosystem, putting users at risk of credential-stealing malware. Five malicious releases in the @asyncapi namespace were downloaded hundreds of thousands of times during a four-hour window.

Analyst 207
Internal computer components, including a motherboard and UEFI firmware chip, in a bright laboratory setting.

Vulnerabilities in UEFI Shims Expose Secure Boot Bypass Risk

Thousands of systems may be at risk of a Secure Boot bypass due to vulnerabilities in 11 UEFI shim bootloaders, all signed by Microsoft, that allow attackers to circumvent security measures. These weaknesses have the potential to create a broad attack surface, putting many devices at risk of compromise.

Analyst 207
Laptop with closed lid on a plain surface shows a faint heat gradient.

Microsoft Halts Patch Update for Dell Devices Over Overheating Risks

Microsoft has temporarily halted a critical patch update for certain Dell devices due to compatibility issues that can cause overheating, shutdowns, and poor performance. A fix is expected soon, with both companies working together to resolve the problem.

Analyst 207
Rows of computer equipment and cables in a bright, modern lab with a laptop screen in the foreground.

AI-Powered Tool Discovers Zero-Day in WordPress Plugin

Meet the AI-powered tool that just discovered a zero-day vulnerability in a popular WordPress plugin, and learn how its automated pipeline can detect and exploit weaknesses in code. This game-changing technology can extract sensitive data, like password hashes and secret tokens, from live databases.

Analyst 207
Windows computer screen with cursor on file system interface in bright workspace.

Cursor Flaw Enables Malicious Repositories to Execute Windows Code

A newly discovered flaw in Cursor allows malicious repositories to run Windows code simply by opening a project, exploiting a vulnerability that lets it execute any git.exe file found in the repository root without warning. This alarming exploit requires no prior access to the victim's machine, making it a serious security risk.

Analyst 207