Tagged: supply chain attack
An incident has transpired within the npm registry involving the Cline CLI utility; for a duration of several hours, a version featuring an altered installation script was disseminated to users. The developers have confirmed...
The architects of Notepad++ have disseminated security patch 8.9.2 to fortify vulnerabilities recently exploited by a sophisticated threat actor with suspected Chinese affiliations. These adversaries intercepted the update mechanism to selectively distribute deleterious payloads...
Security analysts at Socket have unmasked a surgical supply chain incursion targeting the libraries associated with the dYdX cryptocurrency exchange. Malicious iterations of client packages manifested simultaneously within the npm and PyPI repositories following...
The OpenClaw project—a personal AI interlocutor with whom users engage via messaging platforms and to whom they frequently entrust access to online services—has, within a mere fortnight, mutated into a fountainhead of systemic distress....
Cybersecurity researchers persist in their investigation of a sophisticated incursion targeting the ubiquitous text editor Notepad++, which remained undetected for nearly half a year—from June through December 2025. By compromising the hosting provider for...
A sophisticated supply chain incursion has been documented within the Open VSX extension registry, precipitated by the illicit seizure of a developer’s credentials. Adversaries surreptitiously integrated malicious payloads into widely utilized development tools to...
For nearly half a year, the ubiquitous text editor Notepad++ inadvertently disseminated malicious payloads rather than legitimate refinements. This incursion remained veiled from June through December 2025, subverting the update mechanism of a utility...
The burgeoning AI assistant ClawdBot has precipitously descended into the vortex of a sophisticated malware offensive. Cybersecurity analysts have unearthed hundreds of deceptive plug-ins masquerading as indispensable cryptocurrency trading utilities; in reality, these modules...
The lead developer of the ubiquitous text editor Notepad++ has disclosed a formidable security breach that compromised the application’s update mechanism. State-sponsored adversaries successfully intercepted the update verification process, clandestinely rerouting users toward malicious...
The burgeoning popularity of the AI assistant Moltbot—formerly known as Clawdbot, a nomenclature abandoned following trademark disputes with Anthropic—has provoked profound trepidation among cybersecurity luminaries. Marketed as a personal aide with sophisticated agentic capabilities,...
The North Korean-aligned cyber-espionage syndicate Andariel has reasserted its presence through a sophisticated offensive targeting entities across Europe and South Korea. A comprehensive analysis by WithSecure elucidates that the collective is not merely intensifying...
In late December 2025, the architects of the renowned text editor EmEditor issued a formal advisory regarding the compromise of the application’s official distribution portal. Malefactors surreptitiously substituted the authentic installer with a deleterious...