Ripple's xrpl.js npm Package Backdoored to Steal Private Keys in Major Supply Chain AttackXRPL.js, a popular JavaScript library, was compromised in a supply chain attack aimed at harvesting users' private keys.
Typosquatted packages delivering malware to Linux and macOS systemsA malicious campaign using typosquatted Go packages is targeting Linux and macOS systems to deliver malware.
Seven Malicious Go Packages Found Deploying Malware on Linux and macOS SystemsOngoing campaign targets Go ecosystem with typosquatted modules deploying malware on Linux and macOS.
A Catastrophic Hospital Hack Ends in a Leak of 300M Patient RecordsSnowflake targeted in supply chain attack, Kaspersky software banned in the US, AI startup under scrutiny, Amazon's face-recognition tools utilized in UK train stations.
Google Go Module Mirror Served Backdoor for 3+ YearsResearch uncovered a major supply chain attack in the Go ecosystem involving a backdoored package.The attack exploited caching in the Go Module Proxy, emphasizing security vulnerabilities in module management.
Separate supply chain attack tied to 23K pwned GitHub reposThe GitHub supply chain attack was likely initiated through a compromised GitHub Action, reviewdog/action-setup, leading to extensive data breaches.
Supply chain attack strikes array of Chrome ExtensionsA recent supply chain attack has impacted Chrome extension developers, compromising user data on a large scale.
Typosquatted packages delivering malware to Linux and macOS systemsA malicious campaign using typosquatted Go packages is targeting Linux and macOS systems to deliver malware.
Seven Malicious Go Packages Found Deploying Malware on Linux and macOS SystemsOngoing campaign targets Go ecosystem with typosquatted modules deploying malware on Linux and macOS.
A Catastrophic Hospital Hack Ends in a Leak of 300M Patient RecordsSnowflake targeted in supply chain attack, Kaspersky software banned in the US, AI startup under scrutiny, Amazon's face-recognition tools utilized in UK train stations.
Google Go Module Mirror Served Backdoor for 3+ YearsResearch uncovered a major supply chain attack in the Go ecosystem involving a backdoored package.The attack exploited caching in the Go Module Proxy, emphasizing security vulnerabilities in module management.
Separate supply chain attack tied to 23K pwned GitHub reposThe GitHub supply chain attack was likely initiated through a compromised GitHub Action, reviewdog/action-setup, leading to extensive data breaches.
Supply chain attack strikes array of Chrome ExtensionsA recent supply chain attack has impacted Chrome extension developers, compromising user data on a large scale.
Compromised GitHub Action Highlights Risks in CI/CD Supply ChainsA popular GitHub Action was compromised, exposing critical security weaknesses in the CI/CD pipeline of open-source Actions.
OpenWrt supply chain attack scare prompts urgent upgradesOpenWrt users should upgrade to the same image version to mitigate risks from a reported supply chain attack.
The detonation of pagers used by Hezbollah shows the depths of supply-chain infiltrationThe coordinated attacks in Lebanon indicate a high level of sophistication and planning, likely by a state actor utilizing global supply chains.
GitLab releases security updates to fix 17 vulnerabilitiesGitLab's recent security update addresses 17 vulnerabilities, including a critical flaw (CVE-2024-6678) with a CVSS score of 9.9 posing severe risks.
Hackers Hijack 22,000 Removed PyPI Packages, Spreading Malicious Code to DevelopersA new supply chain attack technique called Revival Hijack targets the PyPI registry, allowing attackers to exploit existing packages for malicious intent.
Millions of sites could've been exposed in the Polyfill, BootCDN, Bootcss, and Staticfile attack - and it was all orchestrated by a single operatorA supply chain attack using multiple CDNs affected countless websites, prompting warnings and actions to mitigate potential risks.