Skip to main content

Tag: supplychainattack

56 articles

authentication tokens Risky Fallout: Stunning Wake-Up

authentication tokens Risky Fallout: Stunning Wake-Up

When Salesloft’s stolen authentication tokens turned into a supply‑chain free‑for‑all, hundreds of companies woke up to the scary truth that machine identities are as precious as passwords. Now’s the time to rotate keys, audit integrations, and rethink how we trust the apps that sit between our teams and their data.

Analyst 207
developer AI assistants Risky: Stunning Supply-Chain Threat

developer AI assistants Risky: Stunning Supply-Chain Threat

A newly discovered supply‑chain attack on the Nx npm package used AI‑enabled malware to siphon developer secrets and crypto, showing how trusted code helpers can be turned into attack vectors. Treat AI suggestions as untrusted—use package signing, strict dependency pinning, least‑privilege environments, and thorough scans to keep your toolchain safe.

Analyst 207
data breach: Stunning Risky Leak Hits 4.5M

data breach: Stunning Risky Leak Hits 4.5M

TransUnion says a vendor’s hacked app exposed data for about 4.5 million U.S. consumers — a stark reminder that third-party flaws can put your most sensitive financial information at risk. If you’re affected, check your credit, consider freezes or alerts, and watch for notifications about monitoring and identity restoration.

Analyst 207
APCS data breach: Exclusive Devastating Risk Exposed

APCS data breach: Exclusive Devastating Risk Exposed

APCS — a major UK criminal‑records checker — was caught up in a supply‑chain breach at a third‑party developer, raising urgent questions about which sensitive records were exposed. Employers, applicants and regulators now need clear answers and stronger vendor security to restore trust.

Analyst 207
supply chain attacks: Risky npm compromise – Must-Have alert

supply chain attacks: Risky npm compromise – Must-Have alert

When a trusted npm package—eslint-config-prettier—was hijacked to deliver the Scavenger RAT, it turned the open-source supply chain into an attack highway. Developers and teams must treat dependencies as potential threats: pin versions, enable 2FA, rotate secrets, and hunt for compromises before convenience becomes a vulnerability.

Analyst 207
Taiwanese web hosting Exclusive: Critical Espionage Risk

Taiwanese web hosting Exclusive: Critical Espionage Risk

Imagine an invisible enemy living inside the servers that power your websites and email — Cisco Talos found a Chinese‑linked APT using a Taiwanese web host to intercept traffic, harvest credentials and stage persistent espionage. This supply‑chain breach is a wake‑up call: treat hosts as critical infrastructure and demand stronger controls, logging and incident guarantees now.

Analyst 207
Workday CRM breach: Stunning Critical Risk Revealed

Workday CRM breach: Stunning Critical Risk Revealed

Workday says attackers accessed vendor-run CRM tools that support its customers, potentially exposing contact and support data — a stark reminder that even trusted platforms can be vulnerable through third-party integrations. If you use Workday, assume elevated risk, tighten vendor controls, and watch for suspicious communications while the investigation continues.

Analyst 207
Kaseya ransomware: Stunning Risky State-Linked Claims

Kaseya ransomware: Stunning Risky State-Linked Claims

Was the July 2021 Kaseya REvil attack just criminal profit-seeking or something far more dangerous—potentially state-enabled? New evidence presented at DEF CON 33 suggests probable Russian government involvement, a claim that would radically change how governments, businesses, and MSPs respond to future supply-chain cyberattacks.

Analyst 207