Tag: supply-chain
-
Supply Chain Malware Alert: plainjs Compromises Axios Packages
First seen on resecurity.com Jump to article: www.resecurity.com/blog/article/supply-chain-malware-alert-plain-crypto-js-compromises-axios-packages
-
Hackers Are Posting the Claude Code Leak With Bonus Malware
Plus: The FBI says a recent hack of its wiretap tools poses a national security risk, attackers stole Cisco source code as part of an ongoing supply chain hacking spree, and more. First seen on wired.com Jump to article: www.wired.com/story/security-news-this-week-hackers-are-posting-the-claude-code-leak-with-bonus-malware/
-
Supply Chain Attacks Surge in March 2026
Tags: access, ai, api, attack, authentication, awareness, cloud, container, control, corporate, credentials, crypto, data-breach, github, group, hacking, identity, infrastructure, Internet, kubernetes, least-privilege, linux, LLM, macOS, malicious, malware, mfa, network, north-korea, open-source, openai, phishing, pypi, software, startup, supply-chain, threat, tool, update, vulnerability, windowsIntroductionThere was a significant increase in software supply chain attacks in March 2026. There were five major software supply-chain attacks that occurred including the Axios NPM package compromise, which has been attributed to a North Korean threat actor. In addition, a hacking group known as TeamPCP was able to compromise Trivy (a vulnerability scanner), KICS…
-
Supply-Chain-Angriff auf Python-Paket Telnyx
Sicherheitsforscher von JFrog haben eine Kompromittierung der Python-Bibliothek Telnyx aufgedeckt. Die Angreifer versteckten ihren Payload in WAV-Dateien. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/supply-chain-python-paket-telnyx
-
Mercor Breach Linked to LiteLLM Supply-Chain Attack
AI Dependency Attack Reportedly Exposes Data and Source Code. A LiteLLM supply-chain compromise enabled attackers to harvest credentials and access internal environments at scale at Mercor. The firm was the first to confirm a LiteLLM breach, and researchers are warning about growing AI system exposure and limited visibility. First seen on govinfosecurity.com Jump to article:…
-
CERT-EU blames Trivy supply chain attack for Europa.eu data breach
Tags: access, ai, attack, breach, cisco, data, data-breach, extortion, group, network, ransom, ransomware, saas, supply-chainExtortion boost: The origins and deeper motives of TeamPCP, which emerged in late 2025, remain unclear. The leaking of stolen data suggests it might be styling itself as a sort of initial access broker which sells data and network access on to the highest bidder.However, the fact that stolen data was handed to a major…
-
CERT-EU blames Trivy supply chain attack for Europa.eu data breach
Tags: access, ai, attack, breach, cisco, data, data-breach, extortion, group, network, ransom, ransomware, saas, supply-chainExtortion boost: The origins and deeper motives of TeamPCP, which emerged in late 2025, remain unclear. The leaking of stolen data suggests it might be styling itself as a sort of initial access broker which sells data and network access on to the highest bidder.However, the fact that stolen data was handed to a major…
-
Do not get high(jacked) off your own supply (chain)
In the span of just a few weeks, we have observed a dizzying array of major supply chain attacks. Prominent examples include the malicious modification of Axios, a popular HTTP client library for JavaScript, as well as cascading compromises from TeamPCP, a “chaos-as-a-service” group that injected malicious code First seen on blog.talosintelligence.com Jump to article:…
-
Axios NPM supply chain incident
Tags: supply-chainOverview of the recent Axios NPM supply chain incident including details of the payloads delivered from actor-controlled infrastructure. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/axois-npm-supply-chain-incident/
-
Blast Radius of TeamPCP Attacks Expands Amid Hacker Infighting
As organizations disclose breaches tied to TeamPCP’s supply chain attacks, ShinyHunters and Lapsus$ are getting involved, taking credit, and creating a murky situation for enterprises. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/teampcp-attacks-hacker-infighting
-
High-Severity Vulnerabilities, Supply Chain Breaches, and AI Threats Redefine Cybersecurity This Week
Weekly summary of Cybersecurity Insider newsletters First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/weekly-roundup/high-severity-vulnerabilities-supply-chain-breaches-and-ai-threats-redefine-cybersecurity-this-week/
-
Claude Source Code Leak Highlights Big Supply Chain Missteps
Or, why the software supply chain should be treated as critical infrastructure with guardrails built in at every layer. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/source-code-leaks-highlight-lack-supply-chain-oversight
-
AI Firm Mercor Confirms Breach as Hackers Claim 4TB of Stolen Data
AI firm Mercor confirms a breach linked to a LiteLLM supply chain attack, as hackers claim to have stolen 4TB of sensitive data and internal systems. First seen on hackread.com Jump to article: hackread.com/ai-firm-mercor-breach-hackers-4tb-data/
-
Chainguard Unveils Factory 2.0 to Automate Hardening the Software Supply Chain
The rebuilt Chainguard platform adds deeper security designed to continuously reconcile open-source artifacts across containers, libraries, Actions and skills. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/chainguard-factory-automate-hardening-software-supply-chain
-
Chainguard Unveils Factory 2.0 to Automate Hardening the Software Supply Chain
The rebuilt Chainguard platform adds deeper security designed to continuously reconcile open-source artifacts across containers, libraries, Actions and skills. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/chainguard-factory-automate-hardening-software-supply-chain
-
Source Code Leaks Highlight Lack of Supply Chain Oversight
Or, why the software supply chain should be treated as critical infrastructure with guardrails built in at every layer. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/source-code-leaks-highlight-lack-supply-chain-oversight
-
The Cyber Express Weekly Roundup: Ransomware, and Supply Chain Breaches Surge
In this week’s weekly roundup, The Cyber Express delivers a concise overview of the latest cybersecurity news, highlighting major cyberattacks, new ransomware risks, and supply chain vulnerabilities. Organizations across industries continue to face a surge in modern cyber threats, ranging from targeted breaches to large-scale exploitation campaigns that disrupt operations and expose sensitive data. First seen on…
-
Trivy supply chain attack enabled European Commission cloud breach
CERT-EU confirmed that ShinyHunters are behind the recent breach of the cloud infrastructure underpinning websites of the European Commission, and that they stole and … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/03/european-commission-cloud-breach/
-
North Korea-Linked Hackers Hit Axios npm in Supply Chain Attack
Tags: attack, breach, credentials, cyber, hacker, korea, malicious, north-korea, software, supply-chain, threatA major software supply chain attack has been uncovered after threat actors compromised the widely used Axios npm package, impacting developers and organizations worldwide. The incident, detected on March 31, 2026, involved the use of stolen maintainer credentials to inject malicious code into the popular HTTP client library. Axios is one of the most widely…
-
Claude Code Leak Exposes AI Supply Chain Threats
A packaging error in Anthropic’s Claude Code exposed over 500,000 lines of source code. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/artificial-intelligence/claude-code-leak-exposes-ai-supply-chain-threats/
-
US Bans All Foreign-Made Consumer Routers
This is for new routers; you don’t have to throw away your existing ones: The Executive Branch determination noted that foreign-produced routers (1) introduce “a supply chain vulnerability that could disrupt the U.S. economy, critical infrastructure, and national defense” and (2) pose “a severe cybersecurity risk that could be leveraged to immediately and severely disrupt…
-
Software supply chain hacks trigger wave of intrusions, data theft
After linking the Axios npm supply chain attack to North Korean hackers, Google researchers warned that >>hundreds of thousands of stolen secrets could potentially be … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/02/supply-chain-hacks-data-theft/
-
Software supply chain hacks trigger wave of intrusions, data theft
After linking the Axios npm supply chain attack to North Korean hackers, Google researchers warned that >>hundreds of thousands of stolen secrets could potentially be … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/02/supply-chain-hacks-data-theft/
-
Axios npm Supply Chain Breach: Microsoft Shares Mitigation Steps
Tags: breach, cyber, infrastructure, malicious, microsoft, mitigation, north-korea, supply-chain, threatMicrosoft has detailed how organizations can detect and mitigate a recent supply chain compromise involving malicious Axios npm releases and infrastructure attributed to the North Korean threat actor Sapphire Sleet. On March 31, 2026, two Axios npm versions (1.14.1 and 0.30.4) were published with a hidden malicious dependency that contacted attacker command”‘and”‘control (C2) infrastructure and…
-
Axios open-source library targeted in sophisticated supply chain attack
Researchers link the compromise to a North Korean adversary and warn the impacts could be wide ranging. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/axios-open-source-library-targeted-in-sophisticated-supply-chain-attack/816343/
-
North Korean hackers linked to Axios npm supply chain compromise
The software supply chain attack that resulted in the compromise of npm packages of Axios, an extremely popular HTTP client library, is believed to be the work of … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/01/north-korean-hackers-linked-to-axios-npm-supply-chain-compromise/
-
Google links Axios npm supply chain attack to North Korea-linked APT UNC1069
Google links the Axios npm supply chain attack to North Korean threat group UNC1069, targeting financial gain. Google has attributed the recent Axios npm supply chain compromise to a North Korean threat group tracked as UNC1069. The attack, aimed at financial gain, exploited the package to target developers and organizations relying on Axios. John Hultquist…