Tag: supply chain
501 articles
CISA Warns of Active Exploitation of Apache ActiveMQ Flaw
A high-severity vulnerability in Apache ActiveMQ, hidden for 13 years, is now being actively exploited by attackers just days after a patch was released, putting organizations that rely on the software at risk. The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning, urging companies to take immediate action to protect themselves.
US Nationals Sentenced for Aiding North Korea's Tech Worker Scam
Two US nationals have been sentenced for their role in a brazen scam that helped North Korean operatives land jobs at over 100 American companies by creating shell companies and fake laptop farms. This shocking case exposes the surprising ease with which the duo was able to facilitate a transnational labor operation.
European Firms Launch Sovereign Disaster Recovery Offering
Four European tech firms have teamed up to offer a game-changing solution: a fully sovereign disaster recovery pack that lets businesses safeguard their critical technology from external threats, giving them peace of mind in an uncertain world. This innovative stack is designed to sit on corporate premises, shielding users from potential disruptions and ensuring business continuity.
Hackers exploit Marimo flaw to spread NKAbuse malware via Hugging Face
Hackers are exploiting a critical flaw in Marimo's reactive Python notebook to spread a new variant of NKAbuse malware, sneaking malicious payloads onto Hugging Face Spaces, a popular platform for sharing machine learning models. This alarming attack highlights the need for vigilance when it comes to defending against malware disguised as code-sharing tools.
US Military Vows to Intercept Iran-Linked Ships Worldwide
The US military has issued a bold warning: it will actively pursue and intercept any Iranian-flagged vessel or ship providing material support to Iran, no matter where it is in the world. This vow from Chairman of the Joint Chiefs of Staff Gen. Dan Caine has significant implications for international shipping, naval operations, and global trade.
Zero-Day Exploits Multiply as Hacker Creativity Surges
Feeling overwhelmed by the endless stream of cybersecurity threats? Every Thursday morning, you're faced with a daunting question: how to stay informed without getting bogged down by a never-ending parade of old and new threats.
AI Code Reviewer Vulnerable to Git Identity Spoofing
Imagine a security system that can be tricked into trusting a foe as a friend with just two lines of code - that's what happened with Anthropic's AI code reviewer, Claude, which was vulnerable to Git identity spoofing. This simple hack allowed researchers to forge a trusted developer's identity and get hostile code approved in no time.
Taboola Exploits Banking Sessions to Route Users to Temu Tracking Endpoint
Imagine a single line of code secretly redirecting people logged into their bank accounts to a commercial tracking site - that's what happened when a bank unknowingly approved a Taboola pixel that sent users to a Temu tracking endpoint. This sneaky exploit slipped past security controls, leaving both the bank and its users none the wiser.
MCP Protocol Flaw Exposes Millions to Server Vulnerability
A newly discovered flaw in the widely-used MCP protocol has been exposed, putting a staggering 150 million downloads and up to 200,000 servers at risk of vulnerability. This systemic weakness, identified by Ox Security, has far-reaching implications for the security of millions of users worldwide.
Ransomware Targets Carmakers with Growing Ferocity
Ransomware attacks on carmakers have doubled in just one year, now accounting for over two-fifths of all cyber-attacks targeting the industry, signaling a significant shift in the threat landscape. This rapid escalation demands a new level of resilience from firms that design, build, and sell motor vehicles.
Freight Hackers Exploit Code-Signing Service to Bypass Security Defenses
Thieves have found a sneaky way to disguise their malicious tools as trusted software by using a third-party code-signing service, making it harder for defenders to spot the threat. This new tactic allows them to cloak their malware in legitimacy, complicating the work of security teams trying to keep cargo safe from theft.
US Nationals Jailed for Aiding DPRK IT Workers in Large-Scale Fraud Scheme
Two US nationals have been jailed for helping North Korean IT workers impersonate American residents and land remote jobs at over 100 companies, including many Fortune 500 firms, in a massive fraud scheme that raises serious questions about remote hiring practices. This brazen case exposes vulnerabilities in verifying remote workers' identities and locations.
US Chip Smuggling Network Uncovered Across Southeast Asia
A massive chip smuggling network across Southeast Asia has been uncovered, revealing a sophisticated infrastructure that manufactures, disguises, and channels counterfeit hardware into global markets. Recent federal indictments have exposed just the tip of the iceberg, hinting at a much larger problem lurking beneath the surface.
US-Iran Conflict Escalates China's Energy Worries
As the US-Iran conflict intensifies, China's energy concerns are reaching a boiling point - who will ultimately dictate the impact on global energy markets? The escalating tensions are sparking a heated contest over interpretation, shipments, and supplies between the US and China.
Netgear Sidesteps Router Ban with FCC Waiver
Netgear has scored a major win with the FCC granting it a temporary waiver, allowing the company to import consumer routers until 2027 despite a broader ban on foreign-made networking hardware. This move marks a significant exception to the rule, with Netgear becoming the first consumer brand to sidestep the import restriction.
WordPress Plugin Suite Compromised, Malware Deployed on Thousands of Sites
Thousands of websites have been unwittingly turned into malware gateways due to a massive compromise of over 30 WordPress plugins in the EssentialPlugin package, highlighting a disturbing vulnerability in the internet ecosystem. This security breach has left countless sites exposed, raising urgent questions about accountability and prevention.
n8n Workflow Automation Platform Exploited to Deliver Malware via Phishing Emails
Imagine a tool designed to streamline your work being turned against you - that's what happened when threat actors exploited the popular n8n workflow automation platform to deliver malware via phishing emails, starting as early as October 2025. This clever tactic uses trusted infrastructure to evade defenses, turning productivity tools into a conduit for harm.
Ransomware Disrupts Autovista's Automotive Data Services
A ransomware infection has crippled Autovista's automotive data services in Europe and Australia, forcing customers to choose between isolating the affected vendor or patiently waiting for a resolution. Autovista has called in outside experts to help contain and clean up the breach.
Industrial Automation Systems Face Rising Cyber Threats Globally
As cyber threats escalate globally, industrial automation systems are becoming a prime target, leaving factories and control rooms vulnerable to attack - but who's sounding the alarm and answering the call? A recent industry snapshot for Q4 2025 sheds light on the rising threat landscape, revealing key infection vectors, malware trends, and regional hotspots.
Transportation Sector Grapples with Rising Cyber Risks from Connected Vehicles
As modern trucks transform into data centers on wheels, loaded with sensors and connectivity, they also become vulnerable to cyber threats - turning transportation into a pressing cybersecurity issue. With their expanding attack surfaces, the transportation sector is racing against time to tackle the fast-evolving risks of connected vehicles.
GitHub AI Agents Exposed to Credential Theft via Prompt Injection
Security researchers have uncovered a shocking vulnerability in popular GitHub AI agents, demonstrating how a simple prompt injection technique can be exploited to steal sensitive credentials, leaving users alarmingly exposed. The findings highlight a disturbing lack of transparency from vendors, putting automation and service access at risk.
Domestic Production Bolsters Mobile Artillery Capabilities
In today's fast-paced battles, mobile artillery is crucial for success - but can it keep up unless we rebuild its industrial base right here at home? By manufacturing these powerful guns domestically, we can ensure their availability and stay ahead of the game.
Microsoft Rushes Fixes for 167 Vulnerabilities Amid Zero-Day Exploits
Microsoft just rolled out urgent Patch Tuesday fixes for a whopping 167 vulnerabilities in Windows and related software, including zero-day exploits in SharePoint Server and Windows Defender. But with threats evolving at breakneck speed, can patches keep up to protect our increasingly software-reliant lives?
Malicious Chrome Extensions Infiltrate Web Store, Compromise User Data
Malicious Chrome extensions, masquerading as harmless tools, have infiltrated the official Web Store, putting millions of users' data at risk by stealing sensitive tokens, planting backdoors, and running ad fraud. Over 100 of these rogue add-ons have been identified, highlighting a growing threat in a marketplace we thought was safe.