#supply-chain-attack

[ follow ]
fromIT Pro
1 week ago

Air France and KLM confirm customer data stolen in third-party breach

Air France and KLM confirm that they are investigating a fraudulent access to the data of some of our customers. An unusual activity was detected on a third-party platform used by our contact centers, which led our IT security team, together with the third-party system involved, to swiftly implement corrective measures to put an end to the incident.
Privacy technologies
fromArs Technica
3 weeks ago

Supply-chain attacks on open source software are getting out of hand

Malicious packages published on npm and PyPI had been downloaded more than 56,000 times, containing malware that enabled keylogging and other surveillance functionalities.
Privacy technologies
fromCSO Online
3 weeks ago

Supply chain attack compromises npm packages to spread backdoor malware

In a newly discovered supply chain attack, attackers last week targeted a range of npm-hosted JavaScript type testing utilities, several of which were successfully compromised to distribute malware.
JavaScript
#cybersecurity
Cryptocurrency
fromThe Hacker News
3 months ago

Malicious Go Modules Deliver Disk-Wiping Linux Malware in Advanced Supply Chain Attack

Three malicious Go modules can destroy Linux systems by overwriting primary disks, indicating significant supply-chain attack risks.
Cryptocurrency
fromThe Hacker News
3 months ago

Malicious Go Modules Deliver Disk-Wiping Linux Malware in Advanced Supply Chain Attack

Three malicious Go modules can destroy Linux systems by overwriting primary disks, indicating significant supply-chain attack risks.
more#cybersecurity
Information security
fromThe Hacker News
2 months ago

DragonForce Exploits SimpleHelp Flaws to Deploy Ransomware Across Customer Endpoints

DragonForce ransomware exploited vulnerabilities in a Managed Service Provider's SimpleHelp tool for data exfiltration and ransomware deployment.
fromArs Technica
3 months ago

Hundreds of e-commerce sites hacked in supply-chain attack

The widespread supply chain attack targeted at least 500 e-commerce sites, compromising sensitive customer data by executing malicious code via visited browsers.
E-Commerce
Node JS
fromThe Hacker News
3 months ago

Ripple's xrpl.js npm Package Backdoored to Steal Private Keys in Major Supply Chain Attack

XRPL.js, a popular JavaScript library, was compromised in a supply chain attack aimed at harvesting users' private keys.
Software development
fromInfoQ
4 months ago

Google Go Module Mirror Served Backdoor for 3+ Years

Research uncovered a major supply chain attack in the Go ecosystem involving a backdoored package.
The attack exploited caching in the Go Module Proxy, emphasizing security vulnerabilities in module management.
DevOps
fromInfoQ
4 months ago

Compromised GitHub Action Highlights Risks in CI/CD Supply Chains

A popular GitHub Action was compromised, exposing critical security weaknesses in the CI/CD pipeline of open-source Actions.
[ Load more ]