Tag: supply chain
820 articles

Vulnerabilities Remain Unaddressed Despite Swift Remediation Efforts
Malicious npm packages have skyrocketed 451% year-over-year, highlighting a disturbing trend where old vulnerabilities continue to resurface and supply-chain abuse is scaling rapidly, putting organizations at risk. Despite swift remediation efforts, many critical vulnerabilities remain unaddressed.

Microsoft Blocks Windows Updates on Dell PCs Due to Shutdowns
Microsoft has temporarily blocked a crucial Windows 11 security update for certain Dell PCs due to reports of unexpected shutdowns and performance issues. The move comes after a previous preview update caused problems with the Intel Innovation Platform Framework Processor Participant driver.

SonicWall Zero-Days Exploited, Enable Admin Command Execution
SonicWall is urging immediate action to fix two zero-day vulnerabilities in its Secure Mobile Access (SMA) 1000 series appliances, which are being actively exploited by attackers to execute admin-level commands. These critical flaws, tracked as CVE-2026-15409 and CVE-2026-15410, could compromise your system's security if not patched right away.

US Army Munitions Plant Falters, Fails to Produce 155mm Parts
The US Army's goal of producing 100,000 155mm artillery rounds per month is at risk due to a production shortfall at a key munitions plant in Texas. A critical facility has failed to deliver 30,000 essential projectile metal parts, crippling the Army's artillery production capabilities.

Claude for Chrome Flaw Exposes Gmail, Google Docs to Rogue Extensions
A security flaw in Claude for Chrome could put your Gmail, Google Docs, and Calendar at risk of being accessed by rogue extensions, with researchers rating the vulnerability as high-severity. A simple script with just six lines of code can trick the extension into treating a fake click as a genuine user action.

SAP Patches High-Severity Flaws in NetWeaver, Commerce Cloud
SAP has urgently patched a critical vulnerability in NetWeaver Application Server ABAP, known as CVE-2026-44747, which could allow attackers to corrupt memory, exposing sensitive data or bringing systems to a grinding halt. This high-severity flaw, scoring 9.9 under CVSS, highlights the importance of updating your systems ASAP to prevent potential chaos.

GitHub Repos Impersonate Legit Software to Spread Infostealer Malware
Malicious actors have created 292 fake GitHub repositories that masquerade as legitimate software and security projects, tricking visitors into downloading infostealer malware. These impostor repositories impersonated popular security products, cryptocurrency services, and gaming software, with many still active despite efforts to take them down.

Progress Confirms Zero-Day Flaw Behind ShareFile Shutdown
A critical zero-day flaw allowed hackers to access sensitive files, write malicious content, and map server files - prompting Progress Software to urgently shut down ShareFile Storage Zone Controller Windows servers to protect customer data. The emergency move came after a credible external security threat was flagged, temporarily disabling access to all affected ShareFile accounts.

Phishers Target LastPass, Bitwarden Users with Fake Security Alerts
Beware of fake security alerts! LastPass and Bitwarden users are being targeted by phishers with convincing emails that mimic real corporate communications, trying to trick you into visiting fraudulent websites.

RabbitMQ Flaws Expose OAuth Secrets, Cross-Tenant Data
Critical flaws in RabbitMQ, known as CVE-2026-57219, can expose sensitive OAuth secrets to attackers in just one request, putting your messaging infrastructure at risk of a full takeover. Two newly disclosed access-control flaws threaten OAuth client secrets and cross-tenant isolation, affecting RabbitMQ releases from 3.13.0 and later.

Australia's Northern Defense Strategy Tests Bandiana Stockpile's Value
Can a proposed US Marine Corps war reserve stockpile at Bandiana be the game-changer that supercharges Australia's northern defense strategy, or will it become just another warehouse too far from the action? The $42 million facility's true value hangs in the balance.

US Treasury Disrupts Ransomware Networks with Sanctions on VPN, Malware Providers
The US Treasury has cracked down on ransomware networks by sanctioning a VPN provider and its administrator, who allegedly helped cybercrime groups hide their tracks and evade detection. This move aims to disrupt the tools and services that enable devastating attacks causing billions of dollars in losses to US critical infrastructure providers.

Lidl Data Breach Exposes Customer Info Across Europe
Lidl has warned customers in Belgium and the Netherlands that a data breach exposed their personal info, after unidentified individuals briefly accessed a file containing customer data stored with a third-party IT provider. The breach affected online customers in Germany, Belgium, and the Netherlands, but Lidl stresses that its online shop system itself was not compromised.

Ukraine Deploys Armed Robot Behind Russian Lines via Drone Boat
In a groundbreaking operation, Ukraine's 123rd Separate Territorial Defense Brigade has successfully deployed an armed robot behind Russian lines using a drone boat, marking a new era in modern warfare. The daring mission was captured on video, showing the robot, armed with a 7.62mm machine gun, engaging a target on the occupied Kinburn Spit.

Jscrambler npm Package Infected with Infostealer Malware
A malicious version of the Jscrambler npm package was published, infecting nearly 1,500 downloads with infostealer malware within a two-hour window before being removed and replaced with a safe version. The incident was quickly contained, but users who downloaded the compromised package between releases 8.14 and 8.20 may be at risk.

Citrix Bleed 2 Exploit Fuels Ransomware Attacks
Ransomware attacks are on the rise, fueled by a new exploit that has already made a significant impact, and now a major software company has ordered its customers to take critical systems offline due to a credible security threat. Progress has urged customers to shut down vulnerable Windows servers to prevent potential breaches.

Chinese and Indian Spies Target Pakistani Police Systems
Suspected Chinese and Indian spies launched a targeted attack on Pakistani police systems, specifically focusing on the Balochistan Police, between February 2024 and April 2026. The intrusion campaigns compromised sensitive data, including biometric records, criminal case files, and national identity information.

Lidl Online Shop Breach Exposes Customer Data After Service Provider Hack
Lidl's online shop was hit by a data breach after a service provider was hacked, exposing customer information - but fortunately, the online shop's system itself remained secure. The company has notified affected customers and taken steps to address the issue.

Infostealer Infection Enables Argentine FA Breach
A single compromised computer with high-level access likely gave hackers the keys to the Argentine Football Association's database and internal email system, thanks to an infostealer infection that went undetected for months. The breach, traced back to September 8, 2025, highlights the devastating impact of a simple infection on a high-privilege machine.

Russian Hackers Target Routers Globally, Warn Cybersecurity Agencies
A brazen plot by Russian hackers to disrupt global networks was thwarted, but not before cybersecurity agencies warned of a potentially catastrophic attack that could have left 500,000 citizens shivering in the dark. The hackers, linked to Russia's Federal Security Service, targeted vulnerable routers worldwide using simple and easily exploitable passwords.

Compromised jscrambler NPM Package Drops Rust Infostealer
A malicious version of the jscrambler NPM package, 8.14.0, was published on July 11, 2026, and could silently infect your system with a Rust-based infostealer just by installing it, no extra steps required. Merely running the install command was enough to trigger the payload on vulnerable systems.

U-Boot Flaws Expose Devices to Code Execution, Crashes
Six newly discovered flaws in U-Boot, a widely used bootloader, leave devices from home routers to data-center servers vulnerable to code execution and crashes, posing a significant risk to everything that loads after it. These vulnerabilities can be exploited before the operating system even starts, undermining the entire security chain.

GitHub Compromise Injects Malicious npm Packages with Wallet-Key-Stealing Code
A malicious actor hijacked a trusted GitHub account and used it to inject wallet-key-stealing code into 18 npm packages, including Injective Labs' SDK, by exploiting the project's pipeline. This sneaky move allowed the attacker to spread the backdoor through a series of seemingly legitimate updates.

AI Agents Expose Identity Security Gap
The alarming truth is that security systems, designed with people in mind, are failing to protect against AI agents - and the consequences are stark. A single compromised machine identity can become a gateway to a vast array of sensitive information, as a recent breach involving an OAuth token and hundreds of organizations painfully illustrates.