Tag: supply-chain
-
Warning: Hackers have inserted credential-stealing code into some npm libraries
Tags: api, attack, authentication, ciso, cloud, credentials, github, google, hacker, Hardware, incident response, malware, mfa, monitoring, open-source, phishing, sans, software, supply-chain, threatMore than 40 packages affected: One of the researchers who found and flagged the hack Monday was French developer François Best, and it was also described in blogs from StepSecurity, Socket, ReversingLabs and Ox Security. These blogs contain a full list of compromised packages and indicators of compromise.Researchers at Israel-based Ox Security said there was a…
-
New supply chain attack hits npm registry, compromising 40+ packages
Researchers uncovered a new supply chain attack targeting the npm registry that impacted over 40 packages belonging to multiple maintainers. Security researchers at Socket uncovered a malicious update to @ctrl/tinycolor, a package with 2.2M weekly downloads on npm. While investigating the case, they discovered it was linked to a larger supply chain attack that compromised…
-
Shai-Hulud: A Persistent Secret Leaking Campaign
On September 15, a new supply chain attack was identified that targeted the @ctrl/tinycolor and 150 other NPM packages. The attack scenario was similar to the one used in the s1ngularity and GhostActions campaigns. The threat actors combined a local environment secrets extraction with a malicious GitHub actions workflow First seen on securityboulevard.com Jump to…
-
Self-replicating worm hits 180+ npm packages in (largely) automated supply chain attack
A potentially monumental supply chain attack is underway, thanks to a self-replicating worm-like payload that has been compromising packages published on the npm Registry. The … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/09/16/self-replicating-worm-hits-180-npm-packages-in-largely-automated-supply-chain-attack/
-
NPM Ecosystem Under Siege: Self-Propagating Malware Compromises 187 Packages in a Huge Supply Chain Attack
A major NPM breach exposed 187 packages. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/09/npm-ecosystem-under-siege-self-propagating-malware-compromises-187-packages-in-a-huge-supply-chain-attack/
-
Self-Replicating Worm Hits 180+ npm Packages to Steal Credentials in Latest Supply Chain Attack
Cybersecurity researchers have flagged a fresh software supply chain attack targeting the npm registry that has affected more than 40 packages that belong to multiple maintainers.”The compromised versions include a function (NpmModule.updatePackage) that downloads a package tarball, modifies package.json, injects a local script (bundle.js), repacks the archive, and republishes it, enabling First seen on thehackernews.com…
-
Self-propagating supply chain attack hits 187 npm packages
Security researchers have identified at least 187 npm packages compromised in an ongoing supply chain attack. The coordinated worm-style campaign dubbed ‘Shai-Hulud’ started yesterday with the compromise of the @ctrl/tinycolor npm package, and has now expanded to CrowdStrike’s npm namespace. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/self-propagating-supply-chain-attack-hits-187-npm-packages/
-
40+ npm Packages Compromised in Supply Chain Attack Using bundle.js to Steal Credentials
Cybersecurity researchers have flagged a fresh software supply chain attack targeting the npm registry that has affected more than 40 packages that belong to multiple maintainers.”The compromised versions include a function (NpmModule.updatePackage) that downloads a package tarball, modifies package.json, injects a local script (bundle.js), repacks the archive, and republishes it, enabling First seen on thehackernews.com…
-
Milliarden Downloads betroffen: Größter npmChain-Angriff kompromittiert Kernpakete
Die Malware nutzte verschleierten Code, setzte auf Levenshtein-Distanz zur Täuschung und baute auf APIs wie fetch, XMLHttpRequest und window.ethereum.request. Zielwährungen waren Bitcoin, Ethereum, Tron, Litecoin und Bitcoin Cash. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/milliarden-downloads-betroffen-groesster-npm-supply-chain-angriff-kompromittiert-kernpakete/a42025/
-
Self-propagating worm fuels latest npm supply chain compromise
Intrusions bear the same hallmarks as recent Nx mess First seen on theregister.com Jump to article: www.theregister.com/2025/09/16/npm_under_attack_again/
-
CobaltStrike’s AI-native successor, ‘Villager,’ makes hacking too easy
Tags: ai, attack, control, credentials, detection, exploit, framework, governance, hacking, identity, incident response, intelligence, network, pypi, RedTeam, risk, supply-chain, threat, update, vulnerability, windowsSupply chain and detection risks: Villager’s presence on a trusted public repository like PyPI, where it was downloaded over 10,000 times over the last two months, introduces a new vector for supply chain compromise. Jason Soroko, senior fellow at Sectigo, advised that organizations “focus first on package provenance by mirroring PyPI, enforcing allow lists for…
-
CobaltStrike’s AI-native successor, ‘Villager,’ makes hacking too easy
Tags: ai, attack, control, credentials, detection, exploit, framework, governance, hacking, identity, incident response, intelligence, network, pypi, RedTeam, risk, supply-chain, threat, update, vulnerability, windowsSupply chain and detection risks: Villager’s presence on a trusted public repository like PyPI, where it was downloaded over 10,000 times over the last two months, introduces a new vector for supply chain compromise. Jason Soroko, senior fellow at Sectigo, advised that organizations “focus first on package provenance by mirroring PyPI, enforcing allow lists for…
-
Größter Supply-Chain-Angriff in der Geschichte von npm
Die Sicherheitsforscher von Check Point Software Technologies arbeiten den großen npm-Diebstahl auf: Am 8. September 2025 erlebte das Javascript-Ökosystem den größten Supply-Chain-Angriff in der Geschichte von npm. Durch eine gezielte Phishing-Kampagne wurde das Konto eines bekannten Maintainers kompromittiert. In der Folge schleusten die Angreifer Malware mit Krypto-Stealer-Funktion in mehr als 18 zentrale npm-Pakete ein. Diese…
-
Threat Actors Exploit MCP Servers to Steal Sensitive Data
Unvetted Model Context Protocol (MCP) servers introduce a stealthy supply chain attack vector, enabling adversaries to harvest credentials, configuration files, and other secrets without deploying traditional malware. The Model Context Protocol (MCP)”, the new “plug-in bus” for AI assistants”, promises seamless integration of AI models with external tools and data sources. Yet this flexibility creates…
-
Popular NPM Package ‘ctrl/tinycolor’ with 2M Weekly Downloads and 40+ Others Compromised in Supply Chain Attack
The NPM ecosystem is under attack once again, with a sophisticated supply chain compromise targeting the widely-used @ctrl/tinycolor package and over 40 other JavaScript packages. This latest incident represents a significant escalation in supply chain threats, featuring self-propagating malware that automatically spreads across the ecosystem. Diagram showing how phishing emails with malicious URLs or HTML…
-
40 npm Packages Compromised in Supply Chain Attack Using bundle.js to Steal Credentials
Cybersecurity researchers have flagged a fresh software supply chain attack targeting the npm registry that has affected more than 40 packages that belong to multiple maintainers.”The compromised versions include a function (NpmModule.updatePackage) that downloads a package tarball, modifies package.json, injects a local script (bundle.js), repacks the archive, and republishes it, enabling First seen on thehackernews.com…
-
KillSec Ransomware Hits Brazilian Healthcare Software Provider
The ransomware gang breached a major element of the healthcare technology supply chain and stole sensitive patient data, according to researchers. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/killsec-ransomware-brazil-healthcare-software-provider
-
‘Liesthe-Loop’ Attack Defeats AI Coding Agents
Researchers convince Anthropic’s AI-assisted coding tool to engage in dangerous behavior by lying to it, paving the way for a supply chain attack. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/-lies-in-the-loop-attack-ai-coding-agents
-
When ‘minimal impact’ isn’t reassuring: lessons from the largest npm supply chain compromise
Tags: supply-chainCommentary that downplays the compromise’s impact misses the point, the co-founder of Sonatype argues. First seen on cyberscoop.com Jump to article: cyberscoop.com/npm-supply-chain-compromise-brian-fox-sonatype-op-ed/
-
SecurityScorecard Buys HyperComply to Expand Risk Platform
HyperComply’s AI Automation Reduces Vendor RFP Questionnaire Work by 92%. SecurityScorecard is acquiring HyperComply to streamline third-party risk assessments with AI that automates most security questionnaire responses. The deal supports SecurityScorecard’s shift from ratings-only to a full solutions platform for mitigating supply chain risk. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/securityscorecard-buys-hypercomply-to-expand-risk-platform-a-29440
-
âš¡ Weekly Recap: Bootkit Malware, AI-Powered Attacks, Supply Chain Breaches, Zero-Days & More
In a world where threats are persistent, the modern CISO’s real job isn’t just to secure technology”, it’s to preserve institutional trust and ensure business continuity.This week, we saw a clear pattern: adversaries are targeting the complex relationships that hold businesses together, from supply chains to strategic partnerships. With new regulations and the rise of…
-
Jaguar Land Rover supply chain workers must get Covid-style support, says union
As post-cyberattack layoffs begin, labor org argues UK goverment should step in First seen on theregister.com Jump to article: www.theregister.com/2025/09/15/covidstyle_furlough_schemes_for_jlr/
-
npm-Hack: Angreifer schauen weitgehend in die Röhre
Tags: supply-chainEs war zwar ein Desaster im Hinblick auf die Kompromittierung einer Lieferkette der Hack eines npm-Entwicklerkontos samt Injektion von Schadcode. Der Angreifer scheint aber mit ziemlich leeren Händen aus der Sache rausgegangen zu sein er soll, je nach … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/09/14/npm-hack-angreifer-schauen-weitgehend-in-die-roehre/
-
Ransomware Attack
Ransomware has become one of the most devastating forms of cybercrime in the modern era. From hospitals forced to cancel surgeries to global supply chains brought to a standstill, ransomware doesn’t just lock data”, it cripples organizations. The damage goes far beyond financial losses. Ransomware can erode trust, tarnish reputations, and create lasting business disruption.…
-
Copilot Flaw Highlights AI Supply Chain Threats
Persistent Security’s Marcus Vervier on Microsoft Flaws, Pitfalls of AI Coding. A newly discovered vulnerability present in Microsoft’s Copilot and Visual Studio has brought a fresh batch of concerns around the security of artificial intelligence-powered coding tools to the forefront. It has the potential to turn AI models into a new attack vector. First seen…
-
Beaches and breaches
Thor examines why supply chain and identity attacks took center stage in this week’s headlines, rather than AI and ransomware. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/beaches-and-breaches/
-
LNER Reveals Supply Chain Attack Compromised Customer Information
Government-run train operator LNER has revealed details of a supplier data breach First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/lner-supply-chain-attack-customer/