Tag: supply chain
500 articles
PyPI Package elementary-data Compromised to Steal Developer Data
A malicious release of the popular elementary-data package on PyPI, which has over 1.1 million monthly downloads, allowed an attacker to steal developer data through a sneaky backdoor. This widely-used open-source tool for data observability in dbt pipelines became a prime target for the secrets-stealing campaign.
ADT Breach Exposes 5.5 Million in ShinyHunters Hack
A massive data breach at ADT has put 5.5 million people's personal info at risk, including names, phone numbers, addresses, and sensitive details like dates of birth and Social Security numbers. The breach, linked to the ShinyHunters extortion group, has left millions vulnerable to potential identity theft and scams.
npm Ecosystem Faces Rising Threat from Sophisticated Malware Campaigns
The npm ecosystem's security has reached a critical turning point, with sophisticated malware campaigns on the rise and a new baseline of threats emerging since September 2025. Malicious actors are now exploiting developer trust, transforming nuisance attacks into high-consequence supply-chain threats.
Mail Exploited to Track Dutch Naval Ship with Hidden Bluetooth Device
A clever journalist working for Omroep Gelderland successfully tracked a Dutch naval ship for nearly a day using a sneaky hidden Bluetooth tracker sent via postcard - all thanks to publicly available instructions on how to pull off the trick. This eye-opening experiment reveals just how easy it can be to compromise security with a little creativity and some off-the-shelf tech.
ADT Confirms Data Breach After ShinyHunters Extortion Threat
ADT confirmed a data breach after a threat from hackers known as ShinyHunters, who demanded an extortion payment. The breach exposed sensitive customer info, including names, phone numbers, addresses, and in some cases, dates of birth and Social Security numbers.
Supply-Chain Attacks Target Software Libraries
Supply-chain attacks are now using automation tools to spread malware at alarming speed, with recent incidents showing malicious code can go live in mere hours and be merged into projects in just minutes. This sinister trend highlights the dark side of modern software development's emphasis on speed and automation.
CISA Exposes Persistent FIRESTARTER Backdoor in Cisco Devices
CISA and NCSC have uncovered a sneaky FIRESTARTER backdoor lurking in Cisco devices, allowing hackers to regain control even after patches are applied. This persistent threat can leave devices vulnerable to re-entry, putting your entire network at risk.
NASA Targeted in Chinese Phishing Scheme for U.S. Defense Software
For years, unsuspecting NASA employees and collaborators were duped into sharing sensitive US defense software with a Chinese national masquerading as a colleague, in a brazen phishing scheme that went undetected for years. The scam funneled top-secret aerospace and defense tech to the imposter, violating US export control laws in the process.
US-Indonesia Ties Pivot to High-Stakes Partnership
The US-Indonesia partnership has leveled up, shifting from a focus on shared values to a high-stakes game of mutual benefit, where critical minerals, supply chains, and defense capabilities are on the table. The question is, can this new transactional relationship deliver the real results both countries are counting on?
Microsoft Update Disrupts Remote Desktop Security Warnings
Microsoft's latest update aimed at boosting Remote Desktop security may have an unintended consequence: a display-scaling bug that makes crucial security warnings hard to read or even unreadable. This glitch comes at a critical time, as the update was designed to protect against phishing attacks that exploit .rdp files.
Malware Targets Developers with Worm-Like Npm Supply Chain Attack
Malware is targeting developers through a sneaky npm supply chain attack, executing malicious code the moment a package is installed, and harvesting sensitive data to spread across ecosystems. Over 6,700 weekly downloads of one affected package show just how widespread the threat could be.
China Builds Covert Hacker Networks with Compromised Routers
China-nexus cyber actors have dramatically changed their game, ditching solo operations for massive networks of hacked devices - and it's a threat you need to know about. A joint advisory from top cyber agencies worldwide warns of this new tactic, urging vigilance in the face of large-scale cyber attacks.
Pentagon Pushes Modular Defense Acquisition With Multi-Sourcing, MOSA
The Department of Defense is shaking up its acquisition strategy with a bold move towards modular defense, embracing multi-sourcing and MOSA to boost resilience and reduce costs. By enforcing a "two-for-production" standard, it's aiming to revive second sourcing for critical content and break the habit of single-source suppliers.
Navy Overhauls Refueling Tactics Amid Iranian Attacks
When Iranian missile and drone attacks disrupted traditional refueling operations, the US Navy was forced to rethink its logistics strategy, shifting from fixed port hubs to a more agile approach using commercially chartered tankers to fuel ships at sea. This pivot, dubbed a move from port hubs to "tanker treadmills," has been a game-changer for keeping naval vessels operational in the region.
Vercel Breach Exposes Wider Fallout in Developer Ecosystem
A recent Vercel breach has sent shockwaves through the developer ecosystem, with threat intel revealing a sophisticated attack that distributed malware to hunt for valuable tokens and keys. The incident has had far-reaching consequences, impacting multiple downstream environments and a small number of accounts.
China-Linked Hackers Exploit Global Infrastructure in Covert Network Attacks
Be on high alert: China-linked hackers are secretly building global covert networks using compromised routers and devices, putting anyone who's a target at risk of devastating cyber attacks and data theft. This sinister plot, revealed by a joint advisory from 16 government agencies worldwide, has far-reaching implications for organizations and individuals alike.
Chinese Hackers Exploit IoT Devices to Obscure Nation-State Attacks
Chinese hackers are sneaking nation-state attacks under the radar by hijacking everyday IoT devices, such as home routers and smart cameras, to hide their digital footprints. This stealthy tactic allows them to evade accountability and strike from the shadows.
Cyberattacks Exploit Known Flaws in Supply Chain, AI Tools
A recent cyberattack exploited weaknesses in a company's infrastructure, resulting in a staggering $290 million heist from KelpDAO, highlighting the vulnerability of supply chains to targeted attacks. The attackers manipulated key nodes to gain control and siphon off funds.
Bitwarden CLI Compromised in Checkmarx Supply Chain Attack
A rogue version of the Bitwarden CLI package, identified as @bitwarden/cli@2026.4.0, was compromised in a supply chain attack, stealing sensitive data like GitHub tokens and cloud secrets. The malicious code, hidden in a file called bw1.js, has already been distributed to users, putting their security at risk.
Australia Bolsters Guided Weapons Program with $26 Billion Boost
Australia is supercharging its Guided Weapons Program with a whopping $26 billion boost, solidifying its national security and forging stronger global supply chains through diverse international partnerships. This massive investment surge is set to bolster the country's defense industry and pave the way for a more robust and resilient future.
Biobank Data Breach Exposes 500k Volunteers on Alibaba
A major data breach at UK-based Biobank has exposed the medical records of around 500,000 volunteers on the Chinese e-commerce site Alibaba, putting sensitive information at risk of being misused. The compromised dataset, described as one of the world's most comprehensive biomedical datasets, was listed for sale, sparking urgent concerns about data security.
Vercel Breach Exposes Additional Customer Accounts
A recent Vercel breach exposed additional customer accounts after a malicious chain of events began with a compromised employee account at Context.ai, which was likely triggered by a simple online search for Roblox scripts. The breach highlights the risks of malware distribution and token theft, with threat intel pointing to a sophisticated attack targeting valuable keys and account credentials.
US Navy Faces Sustained Strain as Industrial Base Lags
The US Navy is buckling under the weight of soaring demands with a dwindling workforce, sparking concerns about its ability to keep pace. With its fleet aging and the defense industrial base struggling to keep up, the pressure is on to find a solution.
Australia's Urea Reliance Exposes Food, Transport Systems to Gulf Risks
Australia's heavy reliance on urea imports, particularly from the Middle East, puts its food and transport systems at risk of disruption, making it vulnerable to shocks in the Gulf region. A urea shortage can have far-reaching consequences, from reduced crop yields to higher food prices, highlighting the urgent need for a more stable supply chain.