Tagged: supply chain attack
The novel Linux implant, Quasar Linux, poses a formidable threat not merely to individual workstations but to the entire software supply chain. This malicious suite targets environments dedicated to the creation, compilation, and dissemination...
Trajan: CI/CD Security Scanner Trajan scans CI/CD pipelines for security vulnerabilities that attackers use to compromise software supply chains. It supports GitHub Actions, GitLab CI, Azure DevOps, Jenkins, and JFrog. What it does Trajan...
Adversaries have once again targeted the npm supply chain, though this incursion pursued a surgical and perilous objective: packages integral to developers within the SAP ecosystem. The malicious campaign, designated “Mini Shai-Hulud,” appears modest...
The video hosting vanguard Vimeo has disclosed a security transgression impacting its user repository, precipitated by a compromise of the third-party analytics provider Anodot—a service utilized by a vast array of global enterprises. According...
Checkmarx is grappling with a distressing sequel to its March security breach, as data exfiltrated from a private GitHub repository has surfaced in the possession of the LAPSUS$ collective. The organization posits that the...
The GlassWorm campaign has resurfaced within the developer community, though the adversaries have adopted a more surreptitious operational profile. Rather than disseminating overtly malicious extensions via OpenVSX, they initially publish innocuous facsimiles of popular...
The ubiquitous Python library elementary-data has emerged as a conduit for the exfiltration of sensitive developer telemetry. The compromised iteration infiltrated not only the PyPI repository but also the project’s official Docker images, causing...
The month of April concluded for the American firm Vercel with a distressing incident that precipitously transcended the boundaries of a mere internal complication. Adversaries secured unauthorized ingress into a segment of the company’s...
The emergence of the nascent hacking collective Harakat Ashab al-Yamin al-Islamia has piqued the curiosity of security analysts following a spate of declarations regarding its operations within Europe. However, extant empirical evidence remains insufficient...
The cybercrime landscape has taken a definitive step toward “assembly-line” extortion. The Vect collective has established a dual partnership that radically simplifies the execution of assaults while exponentially expanding their reach. By aligning with...
The compromise of a residential router may initially appear as a localized grievance, while the manipulation of code within GitHub Actions seems an entirely disparate narrative. However, the events of March 2026 have demonstrated...
What begins as a mundane exchange—an invitation to a podcast or a routine professional briefing—may serve as the preamble to a sophisticated incursion, potentially granting adversaries access to millions of downstream projects. In recent...