Tag: supply-chain
-
Cybersicherheit endet nicht an der Unternehmensgrenze – Die Lieferkette wird zum trojanischen Pferd der Cybersicherheit
First seen on security-insider.de Jump to article: www.security-insider.de/lieferkette-trojanisches-pferd-cybersicherheit-supply-chain-a-8ced81ab9d824c049dd96224396b0ea2/
-
The British public need to be better prepared for emergencies | Letter
Tags: attack, china, cyber, data-breach, disinformation, iran, resilience, russia, supply-chain, threat, warfare<strong>Jean Coussins</strong> says a cross-party Lords committee has been tasked with coming up with a plan to normalise resilience in our everyday livesYour editorial (<a href=”https://www.theguardian.com/commentisfree/2026/may/01/the-guardian-view-on-britains-fragile-systems-when-global-shocks-hit-your-shopping-bill”>Britain’s fragile systems: when global shocks hit your shopping bill, 1 May) makes clear that the public need to be more fully informed about global threats and actively engaged in…
-
Was deutsche Unternehmen und Behörden aus dem Daemon-Tools-Supply-Chain-Angriff mitnehmen sollten
Ein monatelanger Lieferketten-Angriff auf Daemon-Tools, ein weit verbreitetes Disk-Imaging-Tool, verdeutlicht: Kompromittierungen sind nach wie vor sehr schwer aufzudecken. Der von Kaspersky aufgedeckte Angriff lief ab dem 8. April und infizierte heimlich, still und leise Systeme in über 100 Ländern. Dabei wurden zunächst Systemdaten gesammelt, bevor anschließend bei ausgewählten Opfern in Handel, Verwaltung, Industrie und Forschung…
-
Supply-Chain-Angriff auf DAEMON Tools zeigt Schwächen bei der Angriffserkennung in Unternehmen und Behörden
Wer Threat Intelligence weiterhin nur als Reporting- oder Compliance-Thema betrachtet, unterschätzt die operative Bedeutung moderner Cyberabwehr. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/supply-chain-angriff-auf-daemon-tools-zeigt-schwaechen-bei-der-angriffserkennung-in-unternehmen-und-behoerden/a45042/
-
Google Fixes CVSS 10 Gemini CLI Vulnerability Enabling GitHub Issue-Based RCE
Tags: cvss, github, google, hacker, injection, rce, remote-code-execution, supply-chain, vulnerabilityGoogle patches a CVSS 10 Gemini CLI vulnerability that allowed hackers to use prompt injection and privilege escalation for a full supply chain compromise. First seen on hackread.com Jump to article: hackread.com/google-cvss-10-gemini-cli-vulnerability-github-rce/
-
ShinyHunters’ Instructure Canvas LMS and Vimeo Breaches Impact Millions of Users
ShinyHunters breached Instructure and Vimeo, exposing millions of student and user records through direct and supply chain attacks. First seen on hackread.com Jump to article: hackread.com/shinyhunters-instructure-canvas-lms-vimeo-data-breach/
-
DAEMON Tools devs confirm breach, release malware-free version
Disc Soft Limited, the maker of DAEMON Tools Lite, confirmed that the software had been trojanized in a supply chain attack and released a new, malware-free version. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/daemon-tools-devs-confirm-breach-release-malware-free-version/
-
Hackers compromise Daemon Tools in global supply-chain attack, researchers say
Researchers at Kaspersky said attackers tampered with installers for Daemon Tools, a popular program used to mount disk images as virtual drives, and distributed them through the software’s official website. First seen on therecord.media Jump to article: therecord.media/hackers-compromise-daemon-tools-global-supply-chain-attack
-
Attackers compromised Daemon Tools software to deliver backdoors
Kaspersky researchers uncovered another supply chain compromise involving a popular Windows tool: Daemon Tools, an app for mounting disk image files as virtual drives that is … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/06/daemon-tools-compromised-backdoors-supply-chain-attack/
-
TeamPCP spielt falsches Spiel mit <> Bitwarden-Tool
Sicherheitsforscher von JFrog haben einen ausgeklügelten Supply-Chain-Angriff im npm-Ökosystem aufgedeckt. Ein manipuliertes Bitwarden-CLI-Paket tarnt sich als legitimes Entwickler-Tool und schleust Schadcode direkt beim Installationsprozess ein. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/teampcp-bitwarden-tool
-
Google’s Android Apps Get Public Verification to Stop Supply Chain Attacks
Google has announced expanded Binary Transparency for Android as a way to safeguard the ecosystem from supply chain attacks.”This new public ledger ensures the Google apps on your device are exactly what we intended to build and distribute,” Google’s product and security teams said.The initiative builds upon the foundation of Pixel Binary Transparency, which Google…
-
Poisoned truth: The quiet security threat inside enterprise AI
It takes surprisingly little poison to corrupt: Bad internal data is the immediate problem. But the external supply chain may be even harder to control.Research by Anthropic, the UK AI Security Institute, and the Alan Turing Institute discovered that as few as 250 maliciously crafted documents can poison LLMs of any size.That creates a massive…
-
Bitwarden-CLI kompromittiert: JFrog warnt vor TeamPCP-Angriff über npm-Paket
Sicherheitsforscher von JFrog haben jetzt eine hochentwickelte Supply-Chain-Attacke auf das npm-Ökosystem aufgedeckt, bei der ein manipuliertes Bitwarden-Paket unbemerkt Schadcode nachlädt. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/bitwarden-cli-kompromittiert-jfrog-warnt-vor-teampcp-angriff-ueber-npm-paket/a44998/
-
Malicious PyTorch Lightning update hits AI supply chain security
A malicious PyTorch Lightning update (v2.6.3) on PyPI spread briefly, stealing credentials and raising major concerns about AI supply chain security. A malicious update of the PyTorch Lightning library exposed developers to credential theft and remote compromise. Attackers uploaded version 2.6.3 to the Python Package Index (PyPI), where it spread among developers before maintainers removed…
-
QLNX Targets Developers in Supply Chain Credential Theft Campaign
QLNX is a newly documented Linux remote access trojan (RAT) that targets the theft on developers’ and DevOps credentials to hijack software supply chains. Recent attacks against popular projects like LiteLLM on PyPI and the Axios npm package have shown how a single compromised maintainer account can be used to push backdoored releases to millions…
-
Offizielle Daemon Tools-Downloads werden zur Malware-Falle
Ein aktueller Supply-Chain-Angriff auf Daemon Tools sorgt für weltweite Sicherheitsrisiken. Über die offizielle Downloadquelle wurde eine manipulierte Installationsdatei verbreitet, die neben der legitimen Software auch Schadcode enthält. Betroffen sind Nutzer in mehr als 100 Ländern, darunter auch Deutschland. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/daemon-tools-malware
-
Google expands Android Binary Transparency to counter supply chain attacks
Supply chain attacks on mobile software have grown alongside the expanding role of phones in daily life, from payments to government IDs to AI features. Google is responding … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/06/google-android-binary-transparency/
-
Ein falsches Spiel: ScarCruft kompromittiert Spieleplattform in einer Supply-Chain-Attacke
ESET-Forscher haben einen anhaltenden Angriff der APT-Gruppe ScarCruft aufgedeckt, der Windows- und Android-Spiele mit Backdoors gegen Bewohner der chinesischen Region Yanbian einsetzt. First seen on welivesecurity.com Jump to article: www.welivesecurity.com/de/eset-research/ein-falsches-spiel-scarcruft-kompromittiert-spieleplattform-in-einer-supply-chain-attacke/
-
BlueVoyant Prepares SaaS Push Under New CEO John Hernandez
BlueVoyant Seeks to Expand Beyond MDR Clients Into Firms With Mature In-House SOCs. BlueVoyant named John Hernandez – the former leader of Quest’s Microsoft security business – as its next CEO to drive an agentic AI SaaS platform that expands the vendor beyond managed services and helps customers accelerate detection, response and supply-chain risk management.…
-
Widely used Daemon Tools disk app backdoored in monthlong supply-chain attack
Daemon Tools users: It’s time to check your machines for stealthy infections, stat. First seen on arstechnica.com Jump to article: arstechnica.com/security/2026/05/widely-used-daemon-tools-disk-app-backdoored-in-monthlong-supply-chain-attack/
-
DAEMON Tools trojanized in supply-chain attack to deploy backdoor
Hackers trojanized installers for the DAEMON Tools software and since April 8, delivered a backdoor to thousands of systems that downloaded the product from the official website. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/daemon-tools-trojanized-in-supply-chain-attack-to-deploy-backdoor/
-
Trellix Source Code Breach Highlights Growing Supply Chain Threats
Info is scant, but such breaches can reveal where a security product’s controls are located and how detections are designed, giving attackers a leg up. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/trellix-source-code-breach-supply-chain-threats
-
Widely used Daemon Tools disk app backdoored in monthlong supply-chain attack
Daemon Tools users: It’s time to check your machines for stealthy infections, stat. First seen on arstechnica.com Jump to article: arstechnica.com/security/2026/05/widely-used-daemon-tools-disk-app-backdoored-in-monthlong-supply-chain-attack/
-
DAEMON Tools trojanized in supply-chain attack to deploy backdoor
Hackers trojanized installers for the DAEMON Tools software and since April 8, delivered a backdoor to thousands of systems that downloaded the product from the official website. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/daemon-tools-trojanized-in-supply-chain-attack-to-deploy-backdoor/
-
DAEMON Tools trojanized in supply-chain attack to deploy backdoor
Hackers trojanized installers for the DAEMON Tools software and since April 8, delivered a backdoor to thousands of systems that downloaded the product from the official website. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/daemon-tools-trojanized-in-supply-chain-attack-to-deploy-backdoor/
-
DAEMON Tools Supply Chain Attack Compromises Official Installers with Malware
A newly identified supply chain attack targeting DAEMON Tools software has compromised its installers to serve a malicious payload, according to findings from Kaspersky.”These installers are distributed from the legitimate website of DAEMON Tools and are signed with digital certificates belonging to DAEMON Tools developers,” Kaspersky researchers Igor Kuznetsov, Georgy Kucherin, Leonid First seen on…
-
Physical Cargo Theft Gets a Boost From Cybercriminals
Cargo theft is no longer about small groups of criminals operating on the ground, but transnational cybercriminal syndicates using access to supply chain systems to reroute goods. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/physical-cargo-theft-cybercriminals
-
mini Shai-Hulud – Supply Chain Angriff auf SAP CAP durch bösartige npm-Pakete
First seen on security-insider.de Jump to article: www.security-insider.de/mini-shai-hulud-manipulierte-npm-pakete-sap-cap-a-277b157533ce4fe6521d7593683f5f84/
-
Hackers Abuse DAEMON Tools Distribution Channel to Deliver Malicious Payloads
A sophisticated supply-chain attack has compromised the official distribution channel for DAEMON Tools, delivering multi-stage malware to users worldwide. Since April 8, 2026, threat actors have distributed trojanized installers signed with legitimate digital certificates to conduct highly targeted cyberespionage operations. Attackers successfully breached the development pipeline of AVB Disc Soft, the creators of the widely…