Tag: supply-chain
-
mini Shai-Hulud – Supply Chain Angriff auf SAP CAP durch bösartige npm-Pakete
First seen on security-insider.de Jump to article: www.security-insider.de/mini-shai-hulud-manipulierte-npm-pakete-sap-cap-a-277b157533ce4fe6521d7593683f5f84/
-
Education Sector Hit by Espionage, Phishing, and Supply Chain Attacks
Educational institutions are now facing a coordinated mix of state espionage, spear”‘phishing, and supply chain intrusions, even as classic ransomware and vulnerability volumes show signs of easing. Every attributed campaign was linked to state actors, with no financially motivated groups observed. China-aligned clusters led by MISSION2074 dominate, with additional activity from Stone Panda, Hafnium, Lotus…
-
North Koreans Spy on Defectors Via Android Game Apps
Website Popular in Korean Ethnic Enclave in China Hosts Apps Laced With a Backdoor. A North Korean hacking group has been spying on a Korean ethnic enclave in China by infiltrating the Android apps of a regional gaming platform that hosts digital card and board games. Researchers attributed the supply-chain attack to a threat actor…
-
ScarCruft Hacks Gaming Platform to Deploy BirdCall Malware on Android and Windows
The North Korea-aligned state-sponsored hacking group known as ScarCruft has compromised a video game platform in a supply chain espionage attack, trojanizing its components with a backdoor called BirdCallto likely target ethnic Koreans residing in China.While prior versions of the backdoor have primarily targeted Windows users only, the supply chain attack is assessed to have…
-
ScarCruft hackers push BirdCall Android malware via game platform
The North Korean hacker group APT37 has been delivering an Android version of a backdoor called BirdCall in a supply-chain attack through a video game platform. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/scarcruft-hackers-push-birdcall-android-malware-via-game-platform/
-
pnpm 11 Enables Default Release-Age Guard to Curb npm Supply Chain Attacks
pnpm 11 has been released with a strong focus on reducing software supply chain risk, introducing security-first defaults that directly address modern package ecosystem threats. The most significant change in pnpm 11 is the introduction of a default Minimum Release Age of 24 hours (1440 minutes). This means newly published package versions are not eligible…
-
Smishing at Scale: What Our Expert Panel Revealed About the Mobile Phishing Supply Chain
Recap of the live panel hosted by Constella and WMC Global on April 30, 2026 â–¶ Watch the full recording If you’ve gotten a text recently warning you about an unpaid toll, a missed delivery, or suspicious activity on your bank account, you’ve interacted, however briefly, with one of the most sophisticated fraud… First seen…
-
Cisco Launches AI Provenance Tool to Strengthen Security and Compliance
Artificial intelligence models are integrated into countless enterprise applications, but knowing exactly where these models come from remains a major security hurdle. Cisco recently launched the Model Provenance Kit, an open-source tool for tracing the exact lineage of AI models. This release aims to bring transparency to complex AI supply chains and help organizations meet…
-
Why data centers now belong on the critical infrastructure list
As AI drives deeper dependence across business, supply chains, and national security, the buildings that run the cloud are becoming critical infrastructure, and increasingly attractive targets. First seen on cyberscoop.com Jump to article: cyberscoop.com/data-centers-critical-infrastructure-ai-security-op-ed/
-
Attackers Hijack SAP npm Packages to Steal Dev Secrets
A sophisticated supply chain attack hit the SAP developer ecosystem on April 29, 2026, compromising four widely-used npm packages with credential-stealing malware. The attackers modified package installation scripts to download the Bun JavaScript runtime a legitimate alternative to Node.js during the npm install process. This technique bypasses Node.js-based security monitoring by executing an 11.6 MB…
-
PhantomRaven Wave 5: New Undocumented NPM Supply Chain Campaign Targets DeFi, Cloud, and AI Developers
PhantomRaven Wave 5: New Undocumented NPM Supply Chain Campaign Targets DeFi, Cloud, and AI Developers First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/05/phantomraven-wave-5-new-undocumented-npm-supply-chain-campaign-targets-defi-cloud-and-ai-developers/
-
1,800 Developers Hit in Mini Shai-Hulud Supply Chain Attack Across PyPI, NPM, and PHP
What happened A supply chain attack campaign attributed to TeamPCP, dubbed Mini Shai-Hulud, has compromised packages across the PyPI, NPM, and PHP ecosystems over a two-day period, affecting over 1,800 developer repositories containing stolen credentials. The campaign was first identified on April 29 when malicious versions of four SAP NPM packages were caught delivering information-stealing…The…
-
Global Cyber Threat Brief: Identity Breaches, Supply Chain Attacks, and the Rise of Organized Cybercrime
Tags: attack, breach, cyber, cybercrime, data, exploit, identity, organized, ransomware, service, supply-chain, threatIn the past week, the global cyber threat landscape has once again demonstrated how rapidly attackers are evolving shifting from isolated intrusions to coordinated, multi-stage campaigns targeting identities, supply chains, and service providers. From large-scale identity data exposure to sophisticated token abuse and ransomware-driven disruptions, these incidents highlight a critical reality: attackers are increasingly exploiting…
-
Supply Chain Attacks, AI Security, and Major Breaches Define This Week in Cybersecurity in May 2026
Weekly summary of Cybersecurity Insider newsletters First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/weekly-roundup/supply-chain-attacks-ai-security-and-major-breaches-define-this-week-in-cybersecurity-in-may-2026/
-
Vulnerability remediation: Match CVEs to asset owners in seconds with Tenable Hexa AI
Tags: access, ai, api, attack, automation, business, ciso, compliance, control, cve, cybersecurity, data, exploit, framework, group, identity, Internet, login, nist, okta, service, supply-chain, threat, update, vulnerability, vulnerability-managementDetecting a vulnerability is easy. Finding the person responsible for fixing it is where remediation programs often break down. See how Tenable Hexa AI uses MCP to connect your exposure data to your identity provider, automating the hunt for asset owners in seconds. Key takeaways The accountability gap is the real bottleneck. Finding a vulnerability…
-
Cisco Introduces Model Provenance Kit to Strengthen AI Supply Chain Security
Cisco’s open-source Model Provenance Kit helps organizations verify AI model origins, trace lineage, and reduce AI supply chain security risks. The post Cisco Introduces Model Provenance Kit to Strengthen AI Supply Chain Security appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-cisco-model-provenance-kit-ai-supply-chain-security/
-
Poisoned Ruby Gems and Go Modules Exploit CI Pipelines for Credential Theft
A new software supply chain attack campaign has been observed using sleeper packages as a conduit to subsequently push malicious payloads that enabled credential theft, GitHub Actions tampering, and SSH persistence.The activity has been attributed to the GitHub account “BufferZoneCorp,” which has published a set of repositories that are associated with malicious Ruby gems and…
-
Ruby Gems and Go Modules Used in Campaign Targeting GitHub Actions
A sophisticated software supply chain attack originating from the GitHub account BufferZoneCorp has been uncovered, targeting developers and continuous integration environments through malicious Ruby gems and Go modules. The campaign deployed sleeper packages that impersonated legitimate developer tools, which were later weaponized to steal secrets and poison build pipelines. On the Ruby ecosystem, threat actors…
-
Bank regulator sounds warning over cybersecurity threat posed by AI models
Tags: access, ai, api, attack, banking, cloud, cyber, cyberattack, cybersecurity, defense, finance, flaw, germany, government, penetration-testing, service, supply-chain, technology, threat, vulnerabilityAccessing Mythos: It’s barely three weeks since Anthropic made Claude Mythos public on April 7 and it’s hard to recall a development that’s caused as much cybersecurity alarm in such a short space of time.Earlier this week, Michael Theurer, the chief supervisor of Bundesbank, Germany’s financial regulator, echoed APRA’s concern, telling Reuters that European banks…
-
The never-ending supply chain attacks worm into SAP npm packages, other dev tools
Mini Shai-Hulud caught spreading credential-stealing malware First seen on theregister.com Jump to article: www.theregister.com/2026/04/30/supply_chain_attacks_sap_npm_packages/
-
TeamPCP Hits SAP Packages With ‘Mini Shai-Hulud’ Attack
Several npm packages for SAP’s cloud application development ecosystem have been compromised as TeamPCP’s supply chain attacks broaden. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/teampcp-sap-packages-mini-shai-hulud
-
Socket Buys Secure Annex to Expand Supply-Chain Visibility
Combined Platform Spans Dependencies, Extensions, Developer Tools. Socket’s acquisition of Secure Annex extends software supply-chain security beyond open-source dependencies into browser and IDE extensions, addressing AI-driven development risks and fragmented visibility across modern developer workflows. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/socket-buys-secure-annex-to-expand-supply-chain-visibility-a-31562
-
SAP npm Supply Chain Attack Targets Developer Credentials
A supply chain attack on SAP npm packages used preinstall scripts to steal developer and CI/CD credentials. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/sap-npm-supply-chain-attack-targets-developer-credentials/
-
PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials
In yet another software supply chain attack, threat actors have managed to compromise the popular Python package Lightning to push two malicious versions to conduct credential theft.According to Aikido Security, OX Security, Socket, and StepSecurity, the two malicious versions are versions 2.6.2 and 2.6.3, both of which were published on April 30, 2026. The campaign…
-
PyTorch Lightning Compromised in PyPI Supply Chain Attack to Steal Credentials
In yet another software supply chain attack, threat actors have managed to compromise the popular Python package Lightning to push two malicious versions to conduct credential theft.According to Aikido Security, Socket, and StepSecurity, the two malicious versions are versions 2.6.2 and 2.6.3, both of which were published on April 30, 2026. The campaign is assessed…
-
PyTorch Lightning Compromised in PyPI Supply Chain Attack to Steal Credentials
In yet another software supply chain attack, threat actors have managed to compromise the popular Python package Lightning to push two malicious versions to conduct credential theft.According to Aikido Security, Socket, and StepSecurity, the two malicious versions are versions 2.6.2 and 2.6.3, both of which were published on April 30, 2026. The campaign is assessed…
-
PyTorch Lightning Compromised in PyPI Supply Chain Attack to Steal Credentials
In yet another software supply chain attack, threat actors have managed to compromise the popular Python package Lightning to push two malicious versions to conduct credential theft.According to Aikido Security, Socket, and StepSecurity, the two malicious versions are versions 2.6.2 and 2.6.3, both of which were published on April 30, 2026. The campaign is assessed…
-
Supply-Chain-Attacke auf SAP-CAP
Die Onapsis Research Labs beobachten derzeit eine gezielte Supply-Chain-Attacke auf SAP-Entwickler und Unternehmen, die das SAP-Cloud-Application-Programming-Model (CAP) nutzen. Die als ‘Mini Shai-Hulud” bezeichnete Angriffskampagne schleust Schadcode in verbreitete SAP-nahe JavaScript-/npm-Pakete ein mit dem Ziel, automatisiert Cloud-Zugangsdaten, Service-Tokens und private Schlüssel zu exfiltrieren. Die Angriffskampagne nutzt kompromittierte Pakete als Eintrittspunkt in Entwicklungsumgebungen und entfaltet ihre […]…