Tagged: supply chain attack
Adversaries have pioneered a sophisticated method of weaponizing GitHub as a conduit for malware distribution, camouflaging their payloads as legitimate installers for prominent developer utilities. At the epicenter of this campaign is GitHub Desktop;...
The Sansec engineering team has pioneered an automated, AI-driven pipeline designed to scrutinize the security posture of prominent e-commerce extensions within the Packagist repository. The empirical results are staggering: the system identified 353 verified...
The BlueNoroff threat collective has long since transmuted cybercrime into a sophisticated enterprise where tens of millions of dollars, cryptocurrency reserves, and entire financial ecosystems serve as the high-stakes prizes. A comprehensive dossier by...
A malicious software package masquerading as a ubiquitous library for symbolic mathematics has been identified within the official PyPI repository. Orchestrators of this campaign meticulously replicated the description of the legitimate project to present...
The North Korean threat collective PurpleBravo has, for over a year, orchestrated a sophisticated and targeted offensive designated as Contagious Interview. This campaign utilizes fraudulent recruitment processes to assault enterprises across Europe, Asia, the...
Software developers remain a paramount objective for cyber-adversaries, as burgeoning malicious campaigns increasingly exploit the very instruments and environments foundational to the software development lifecycle. A poignant illustration of this trend is the emergence...
Security researchers from the cybersecurity firm Wiz have unearthed a critical vulnerability within the AWS CodeBuild service, which facilitated a total takeover of Amazon’s own GitHub repositories and posed a catastrophic risk to cloud...
A sophisticated supply chain offensive recently compromised the n8n workflow automation ecosystem, as adversaries infiltrated the npm repository with malicious packages camouflaged as legitimate integration modules. According to research by Endor Labs, the primary...
Security researchers at Zscaler have unearthed a sophisticated campaign exploiting prevalent cryptocurrency themes. Three deleterious libraries were discovered within the official npm repository, serving as conduits for a previously undocumented Remote Access Trojan (RAT)...
Popular IDEs with AI assistants—such as Cursor, Windsurf, Google Antigravity, and Trae—have been found vulnerable to a supply-chain attack. These environments prompt users to install extensions that are absent from the OpenVSX catalog. The...
A large-scale supply chain compromise known as Shai-Hulud has been linked to the recent theft of approximately USD 8.5 million in cryptocurrency from more than 2,500 Trust Wallet accounts. The company’s team has concluded...
A new wave of malicious extensions has been uncovered in the Open VSX extension marketplace, which is used by millions of developers worldwide. Researchers at Koi Security warn that attackers are seeding the catalog...