Tagged: supply chain attack
A dangerous vulnerability has been discovered in the Trust Wallet browser extension, potentially allowing attackers to steal users’ cryptocurrency. The issue affected version 2.68, and the wallet’s team officially urged everyone who had installed...
The Chinese hacking group known as Evasive Panda (also tracked as Bronze Highland, Daggerfly, and StormBamboo) carried out one of the most sophisticated and long-running cyber campaigns of recent years, silently infecting victim systems...
In late December, an unwelcome supply-chain surprise erupted around the popular text editor EmEditor. According to the developer, between December 19 and 22, 2025, the download button on the official website may have served...
Blockchain investigator ZachXBT reported on December 25 that, over the preceding hours, numerous Trust Wallet users had experienced unauthorized withdrawals. Affected individuals claimed their assets were drained from their wallets without any form of...
A malicious package named lotusbail has been uncovered in the npm repository, masquerading as a library for working with WhatsApp Web while quietly siphoning conversations and granting attackers persistent access to user accounts. According...
A covert threat has been uncovered within the .NET ecosystem, stemming from the substitution of a widely used tracing library. For more than five years, a malicious package circulated in the NuGet repository, masquerading...
MangaGamer has issued a warning about a potential supply-chain attack: in the latest print run of the physical edition of Higurashi When They Cry Hou+, the Windows installers on the included USB drive appear...
Notepad++ has released version 8.8.9 to remediate a weakness in its WinGUp (GUP.exe) update mechanism. Researchers and users had reported incidents in which the updater, instead of fetching a legitimate installer, downloaded and executed...
The financially motivated group Storm-0249, long known as a broker of initial access for ransomware operators, has markedly refined its tradecraft, triggering a new wave of alarm among cybersecurity professionals. Analysts at ReliaQuest have...
A ransomware attack has crippled the operations of several key Puerto Rican government agencies, yet officials have still not publicly acknowledged the incident. According to available information, beginning on 25 November, three major public...
At the end of November, a team of bug hunters uncovered an infection chain that began with a seemingly harmless GitHub repository. Masquerading as a Visual Studio Code project, it concealed VBScript files linked...
A new case of software supply-chain compromise has been uncovered on the crates.io platform: a malicious Rust package was silently infecting the workstations of Web3 developers, disguising itself as an auxiliary tool for the...