Tag: supply-chain
-
Shai-Hulud Hades Payload Hits 20 Leo/RStreams npm Packages in Fresh Supply Chain Attack
A fresh supply-chain wave by the Shai-Hulud/Hades family that infected 20 npm packages in the Leo/RStreams ecosystem, an AWS-native event streaming SDK widely used for Kinesis, Firehose, Lambda and S3-based pipelines. The malicious releases were detected shortly after publication and, while not a dramatic redesign of prior Hades/Miasma variants, demonstrate the malware family’s continued operational…
-
Major Increase in Ransomware Attacks Targeting Europe, Warns New Report
Analysis of ransomware incidents by researchers at Black Kite found that attacks have risen by over 50% in the last year, with supply chain attacks increasing First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/increase-ransomware-europe/
-
Plugins verteilen Schadcode über manipuliertes CDN-Skript – Supply-Chain-Angriff trifft 1,2 Millionen WordPress-Seiten
First seen on security-insider.de Jump to article: www.security-insider.de/wordpress-supply-chain-angriff-optinmonster-cdn-schadcode-a-b2cef61d808bf531e17d4f573af7f099/
-
More Malicious OpenClaw Skills Threaten AI Supply Chain
OpenClaw removed five packages from ClawHub, its skills marketplace, that bypassed security checks even though they included infostealers and other threats. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/malicious-openclaw-skills-clawhub-threaten-ai-supply-chain
-
Black Duck Lands Leader Spot in Gartner’s Brand-New Software Supply Chain Security Magic Quadrant
Application security firm Black Duck has been named a Leader in Gartner’s first-ever Magic Quadrant for Software Supply Chain Security, the company announced today. The inaugural report assessed 18 vendors against two axes, Completeness of Vision and Ability to Execute, and placed Black Duck firmly in the Leaders quadrant. The timing of the report reflects…
-
Cordyceps CI/CD Flaws Expose 300+ GitHub Repositories to Supply-Chain Attacks
Tags: apache, attack, control, cybersecurity, flaw, github, google, microsoft, open-source, supply-chainCybersecurity researchers have flagged a new class of CI/CD workflow weakness that allows attackers to hijack workflows and compromise open-source supply chains.The “critical exploitable pattern” has been codenamed Cordyceps by Novee Security. The issue can allow full attacker control of repositories at dozens of the largest organizations worldwide, including Microsoft, Google, Apache, and First seen…
-
Grafana Confirms TanStack npm Supply Chain Attack Led to GitHub Repository Cloning
Grafana Labs has confirmed that a recent supply chain attack involving the TanStack npm ecosystem resulted in the cloning of its internal GitHub repositories. However, it did not compromise customer production systems or the Grafana Cloud platform. This disclosure follows a thorough internal investigation completed on May 27, 2026, as well as an independent forensic…
-
LastPass customer data exposed through Klue supply chain attack
LastPass disclosed that attackers used OAuth tokens compromised in a supply chain attack on Klue, a market intelligence platform that integrates with CRM and sales tools … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/24/lastpass-klue-data-breach-salesforce-environment/
-
LastPass Confirms Customer Data Breach After Klue OAuth Token Theft
LastPass has confirmed it was affected by the Klue supply chain incident, saying an unauthorised actor used stolen… First seen on hackread.com Jump to article: hackread.com/lastpass-customer-data-breach-klue-oauth-token/
-
Klue investigating supply chain attack that targeted Salesforce integrations
Customer data from several prominent cybersecurity firms were among hundreds of potential enterprise victims. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/klue-investigating-supply-chain-attack-salesforce-integrations/823532/
-
GitHub Updates actions/checkout to Block Common Pwn Request Attack Patterns
GitHub is moving to strengthen software supply chain security by updating “actions/checkout” to block pwn request attacks that exploit the risky use of the “pull_request_target workflow” trigger to run malicious code with the workflow’s full privileges.Effective June 18, 2026, the latest version of “actions/checkout,” the official GitHub action for checking out a repository into the…
-
LastPass confirms data breach in Klue supply chain attack
LastPass announced that hackers accessed customer data from its Salesforce environment after stealing the company’s OAuth tokens in the Klue supply chain attack earlier this month. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/lastpass-confirms-data-breach-in-klue-supply-chain-attack/
-
Cordyceps Supply chain Vulnerability Impacting Code Repositories at thousands of Organizations
A pervasive CI/CD vulnerability pattern dubbed “Cordyceps” reveals a supply chain vulnerability that lets unauthenticated attackers seize control of Git-based workflows and, by extension, the software artifacts they produce. The issue is not a single bug in GitHub or any one tool; it is a systemic class of insecure workflow compositions. Command injection, broken authentication…
-
ShapedPlugin Supply Chain Attack Backdoors Pro Plugin Updates
Attackers backdoored ShapedPlugin Pro updates, deploying malware that steals credentials, 2FA secrets, and grants full site access. If you installed a ShapedPlugin Pro plugin between April and June 2026 and kept it updated, your site may be compromised. Not because you did something wrong, but because the vendor’s own build and distribution pipeline was breached.…
-
ShapedPlugin Supply Chain Attack Backdoors Pro Plugin Updates
Attackers backdoored ShapedPlugin Pro updates, deploying malware that steals credentials, 2FA secrets, and grants full site access. If you installed a ShapedPlugin Pro plugin between April and June 2026 and kept it updated, your site may be compromised. Not because you did something wrong, but because the vendor’s own build and distribution pipeline was breached.…
-
North Korean Hackers Poison Mastra AI Framework
Tags: ai, attack, backdoor, credentials, framework, hacker, malicious, microsoft, north-korea, software, supply-chain, theft, toolMore Than 140 npm Packages Carried Credential-Stealing Code. Microsoft says North Korean-linked BlueNoroff compromised a Mastra npm maintainer account and published more than 140 malicious packages, using a software supply-chain attack to distribute infostealers, backdoors and credential theft tools through AI development environments. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/north-korean-hackers-poison-mastra-ai-framework-a-32042
-
Scope Squatting on ClawHub Exposes AI Supply Chain Risks
Scope squatting on ClawHub highlights AI supply chain risks. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/scope-squatting-on-clawhub-exposes-ai-supply-chain-risks/
-
ShapedPlugin WordPress Pro Plugins Backdoored in Supply Chain Attack
Multiple WordPress plugins from ShapedPlugin were compromised in a supply chain attack after unknown threat actors managed to tamper with the official release channels and push backdoor code.”Attackers compromised the vendor’s build and distribution pipeline, injecting backdoor code into Pro plugin releases distributed through official licensed update channels,” Wordfence said in an analysis First seen…
-
ClawHub Scope Squatting Lets Plugins Masquerade as Official OpenClaw Integrations
A supply-chain weakness in ClawHub’s plugin registry that allowed third-party packages to squat under organizational scopes and inherit first”‘party credibility. In a catalog review Manifold found 23 code”‘executing plugins published under the @openclaw/ and @clawhub/ scopes by accounts that have no verified relationship to either organization. Because ClawHub’s registry did not consistently enforce its documented…
-
Microsoft Attributes Mastra AI Supply Chain Attack to North Korea
North Korean threat actor Sapphire Sleet has been linked to a supply chain attack targeting Mastra, according to Microsoft security researchers First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/mastra-ai-supply-chain-attack/
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 102
Tags: ai, android, attack, china, cyber, defense, intelligence, international, malware, supply-chain, threatSecurity Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter OptinMonster supply chain attack hits 1.2 million sites Public and Private Medical Community Targeted by China-Nexus Threat Actor Pursuing Artificial Intelligence, Cyber, Medical, and National Defense Research Rokarolla : Android Banker with Complete Device…
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 102
Tags: ai, android, attack, china, cyber, defense, intelligence, international, malware, supply-chain, threatSecurity Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter OptinMonster supply chain attack hits 1.2 million sites Public and Private Medical Community Targeted by China-Nexus Threat Actor Pursuing Artificial Intelligence, Cyber, Medical, and National Defense Research Rokarolla : Android Banker with Complete Device…
-
Microsoft links Mastra AI supply chain attack to North Korean hackers
Microsoft has attributed a recent Mastra AI supply chain attack that compromised more than 140 npm packages to the North Korean hacking group Sapphire Sleet, also known as BlueNoroff. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/microsoft-links-mastra-ai-supply-chain-attack-to-north-korean-hackers/
-
Meteor 3.0 Migration Helped Rocket.Chat Move Off EndLife Node.js Runtime
Meteor 3.0 helped Rocket.Chat move from Node.js 14 to Node.js 20, cutting runtime debt after Fibers removal and reducing supply-chain risk across federal users. First seen on hackread.com Jump to article: hackread.com/meteor-3-0-migration-rocket-chat-node-js-runtime/
-
SmartApeSG Hackers Abuse Okendo Reviews Widget in E-Commerce Supply Chain Attack
A supply-chain style compromise in the Okendo Reviews widget that enabled the SmartApeSG threat actor to deliver staged JavaScript loaders across a wide e-commerce surface. Okendo’s client-facing review widget is deployed by more than 18,000 brands and commonly appears on high-visibility pages homepages, product pages, and review submission screens so the injected code produced downstream…
-
Mini Shai-Hulud startet Schadcode bei jedem Python-Aufruf Chain-Worm Miasma stiehlt Cloud-Zugangsdaten über PyPI
First seen on security-insider.de Jump to article: www.security-insider.de/mini-shai-hulud-miasma-pypi-supply-chain-bun-stealer-a-7ccd0e0e9f96b010c6b74ecbfbb071fd/
-
Breach Roundup: ShinyHunters Leaks 26M MSG Records
Tags: attack, breach, cisa, cybersecurity, data, data-breach, email, leak, linux, ransomware, russia, supply-chainAlso, Arch Linux Attack, Estonia Quarantines Russian Emails, Joomla Flaw. This week, ShinyHunters leaked alleged Madison Square Garden data, a U.S. senator pressed CISA on regional staffing cuts, an Arch Linux supply-chain attack, Mackay Sugar began recovery from a ransomware attack, Novo Nordisk faced dueling breach claims – and more compelling cybersecurity news. First seen…
-
145 Mastra npm Packages Compromised via Hijacked Contributor Account
As many as 145 npm packages associated with the Mastra namespace (“@mastra/*”), a popular open-source JavaScript and TypeScript framework for building artificial intelligence (AI) applications, have been compromised as part of a software supply chain attack codenamed easy-day-js, per findings from Endor Labs, JFrog, OX Security, SafeDep, Socket, StepSecurity, and Synk.”A single npm account (…