Tag: supply chain
501 articles
Zephyr Energy Hit by $900K Cyber Heist via Contractor Payment Redirect
Zephyr Energy plc lost a staggering £700,000 in a shocking cyber heist, where attackers cleverly redirected a single payment meant for a contractor into their own account. This brazen attack serves as a stark reminder of the devastating consequences of cyber risk.
Google Exposes New Extortion Group Targeting BPOs and Helpdesks
A new extortion group, uncovered by Google's threat intelligence team, is setting its sights on Business Process Outsourcing (BPO) companies and helpdesks, posing a significant threat to the service layers that many businesses rely on. This emerging threat, possibly linked to the notorious "Raccoon" persona, has the potential to create widespread pressure points across multiple organizations.
Malicious Code Infiltrates Python Package Index
A recent supply-chain attack on a popular Python package has raised a critical question: how much trust do you really have in the software that quietly powers your work? A malicious .pth file hidden in the litellm package version 1.82.8 can automatically execute malicious code on every Python startup.
OT Cybersecurity Sector Fears AI Exclusion
As artificial intelligence revolutionizes software security, the operational technology cybersecurity sector is sounding the alarm: will experts who safeguard factories, grids, and industrial sites be left behind? Pure-play OT security firms are pushing for a seat at the table, fearing they may be sidelined by the latest AI-driven initiatives.
Hackers Conceal Credit Card Stealer in Tiny SVG Images
One tiny pixel can cause massive damage: hackers have successfully hidden credit card-stealing code inside a nearly invisible, one-pixel Scalable Vector Graphics (SVG) image, putting almost 100 Magento-based online stores at risk. This sneaky tactic allowed the malicious code to blend in with normal site assets, evading detection.
France Fortifies Solar Sector with Curbs on Chinese Components
France is taking a bold step towards a cleaner future by launching a new wave of government-backed solar energy projects, while also setting strict rules to exclude Chinese-made photovoltaic components and ensure top-notch cybersecurity. By combining protectionist measures with tough tech requirements, Paris is pushing the boundaries of how nations can promote renewable energy while safeguarding their interests.
Apache ActiveMQ Flaw Exposes Systems to Remote Code Execution
A critical security flaw in Apache ActiveMQ Classic, hidden for over 13 years, allows remote code execution, putting vulnerable systems at risk of arbitrary command execution. This long-undetected vulnerability highlights the importance of staying vigilant and proactive in identifying and addressing potential security threats.
CISA Warns of Iranian Cyber Actors Targeting US Infrastructure
The Cybersecurity and Infrastructure Security Agency (CISA) has sounded the alarm: Iranian-linked cyber actors are targeting US critical infrastructure, posing a threat to public safety, services, and commerce. American organizations must take immediate action to assess their risk and bolster defenses.
Ransomware Attack Cripples Dutch Healthcare Software Vendor ChipSoft
A ransomware attack has taken down ChipSoft, a Dutch healthcare software vendor, leaving many questions unanswered - but one thing is certain, the company's website is currently offline and its email system is still functioning. The extent of the damage and the identity of the perpetrators remain unclear.
Anthropic's AI Model Exposes Thousands of Zero-Day Flaws in Major Systems
Anthropic's cutting-edge AI model, Claude Mythos, has made a groundbreaking discovery - uncovering thousands of zero-day flaws in major systems, giving us a glimpse into the hidden vulnerabilities of our digital world. This breakthrough is the result of Anthropic's innovative Project Glasswing initiative, which aims to revolutionize cybersecurity.
Myanmar Junta Exploits Shadow Networks for Jet Fuel Lifeline
In a desperate bid to maintain its grip on power, Myanmar's junta relies on a clandestine network to keep its aircraft fueled and flying, delivering devastating air strikes on its own people. A recent investigation, From Tehran to Naypyidaw, exposes the shadowy supply chains that provide the regime's strategic lifeline: imported jet fuel.
Askul ransomware attack: Stunning, Risky supply-chain hit
When Muji paused online orders after logistics partner Askul was hit by ransomware, it exposed a stark truth: a single third-party breach can freeze entire retail operations. This outage is a wake-up call for brands to map dependencies, tighten vendor security, and treat supply-chain risk as an ongoing priority.
Linux rootkits: Stunning, Dangerous Threats
From F5 supply-chain compromises to stealthy Linux kernel rootkits and pixnapping of media, attackers are increasingly able to live unseen inside systems for months. Now more than ever, teams should treat vendor appliances as high-risk, elevate kernel-level detection, and assume breach to stop quiet, long-lived exfiltration.
firewall vulnerabilities: Exclusive Risky Flaws Exposed
Senator Cassidy has blasted Cisco with a pointed letter after critical firewall flaws were reportedly used to breach at least one federal agency, asking whether the vendor delayed disclosure or patches while networks stayed exposed. His probe spotlights urgent questions about vendor transparency, coordinated disclosure, and who’s accountable when core defenses fail.
ransomware attack: Exclusive Risky Breach Shakes Trust
Japan’s biggest brewer warns a recent ransomware attack may have reached customer databases — turning missed deliveries into a potential privacy crisis that tests corporate accountability and consumer trust.
semiconductor sovereignty: Must-Have Defense or Risky Move
When the Netherlands slapped special measures on Nexperia, it turned a wafer fab into a test case for Europe’s chip sovereignty — a move meant to stop sensitive know‑how from slipping overseas while forcing a rethink of how to balance open investment with national security. The decision signals tougher oversight ahead, with big implications for investors, manufacturers and Europe’s tech future.
malicious npm packages: Stunning Critical Threat Revealed
Researchers uncovered Beamglea — 175 malicious npm packages downloaded about 26,000 times — that quietly hosted credential‑harvesting phishing campaigns against 135+ organizations, a stark reminder that the convenience of open-source packages can become a gateway for large‑scale theft.
Qilin ransomware: Stunning Risky Breach at Asahi
When ransomware group Qilin claimed to have stolen sensitive data from brewer Asahi, it wasn’t just a scare headline — it laid bare how even beloved brands can be vulnerable, putting employee privacy, proprietary recipes and supply chains at risk. The incident is a wake-up call: strong backups, multifactor authentication, network segmentation and smarter public-private cooperation aren’t optional anymore if companies want to stay trusted and resilient.
consulting GitLab instance: Must-Have Risky Breach Fixes
Red Hat confirmed that an unauthorized party accessed a consulting GitLab instance and exfiltrated data, spotlighting how even non-core environments can expose customers to serious risk. Act now: audit access logs, rotate credentials and secrets, isolate consulting projects, and enforce least-privilege and stronger identity controls to stop lateral attacks.
Renault UK cyberattack: Urgent Exclusive Risky Data Breach
Renault UK is investigating after a supplier breach exposed customers’ names, phone numbers and registration plates and says it will contact anyone affected while urging extra caution against phishing. It’s a reminder that third‑party systems can put your identity at risk — watch for suspicious messages and keep an eye on accounts and vehicle paperwork.
Red Hat repositories Exclusive Critical Leak
Red Hat is scrambling after a hacking group called the Crimson Collective claims to have leaked roughly 570 GB from about 28,000 private repositories — including source code, internal notes and customer documents — a breach that could upend supply chains and privacy protections. If confirmed, assume exposure: rotate credentials, audit CI/CD and follow Red Hat’s guidance while investigators work to assess the full scope.
Battering RAM vulnerability: Stunning, Dangerous Risk
A $50 interposer called Battering RAM can sit between a server and its memory, pass startup trust checks, and quietly subvert Intel and AMD cloud protections—showing how a tiny piece of hardware or a supply-chain slip can defeat even modern defenses. Cloud customers and providers should take notice and push for stronger hardware attestation, supply‑chain transparency, and tamper‑resistant measures.
typosquatted npm package: Shocking Dangerous Heist
A single malicious line in a typosquatted npm package quietly CC’d thousands of Postmark emails to an attacker—turning a routine dependency into a stealthy data leak. It’s a wake‑up call: strong dependency hygiene, provenance checks, and runtime protections are essential to keep outbound messaging safe.
supply chain breach: Risky Harrods Alert — Must-Read
If you shopped online at Harrods, a supply‑chain breach may have exposed customer data — a reminder that even luxury brands aren’t immune when a trusted vendor is compromised. Check your accounts, enable MFA, and watch for phishing while retailers tighten vendor security and transparency.