Tag: supply-chain
-
71% of CISOs hit with third-party security incident this year
Tags: access, ai, application-security, attack, backdoor, breach, ceo, cisa, ciso, cloud, compliance, control, credentials, cyber, cybersecurity, data, defense, exploit, incident response, intelligence, malicious, malware, open-source, penetration-testing, phishing, programming, pypi, resilience, risk, risk-management, sbom, security-incident, service, software, startup, supply-chain, threat, toolSoftware supply chain threats: The software supply chain is heavily reliant on code developed by third-party developers, something only likely to increase with the advent of AI.Brian Fox, co-founder and CTO of open-source software security vendor Sonatype, says that “enormously complex” software supply chains pose a growing threat.”Too many organizations have no idea what open-source…
-
20 Popular npm Packages With 2 Billion Weekly Downloads Compromised in Supply Chain Attack
Multiple npm packages have been compromised as part of a software supply chain attack after a maintainer’s account was compromised in a phishing attack.The attack targeted Josh Junon (aka Qix), who received an email message that mimicked npm (“support@npmjs[.]help”), urging them to update their update their two-factor authentication (2FA) credentials before September 10, 2025, by…
-
Supply-Chain-Angriff: NPM-Pakete mit 2,6 Milliarden Downloads pro Woche infiziert
Angreifer haben durch einen Malware in NPM-Pakete eingeschleust, die wöchentlich über 2,6 Milliarden Mal heruntergeladen werden. First seen on tarnkappe.info Jump to article: tarnkappe.info/artikel/it-sicherheit/malware/npm-pakete-mit-26-milliarden-downloads-pro-woche-infiziert-320514.html
-
Supply-Chain-Angriff: NPM-Pakete mit 2,6 Milliarden Downloads pro Woche infiziert
Angreifer haben durch einen Malware in NPM-Pakete eingeschleust, die wöchentlich über 2,6 Milliarden Mal heruntergeladen werden. First seen on tarnkappe.info Jump to article: tarnkappe.info/artikel/it-sicherheit/malware/npm-pakete-mit-26-milliarden-downloads-pro-woche-infiziert-320514.html
-
Supply-Chain-Angriff: NPM-Pakete mit 2,6 Milliarden Downloads pro Woche infiziert
Angreifer haben durch einen Malware in NPM-Pakete eingeschleust, die wöchentlich über 2,6 Milliarden Mal heruntergeladen werden. First seen on tarnkappe.info Jump to article: tarnkappe.info/artikel/it-sicherheit/malware/npm-pakete-mit-26-milliarden-downloads-pro-woche-infiziert-320514.html
-
Cyberresilienz einer der größten Wettbewerbsvorteile der Neuzeit
Analyse der IT-Sicherheitsvorfälle im ersten Halbjahr 2025 zeigt, dass Ransomware weiterhin dominiert und Cyberangriffe zunehmend Industrie und IT treffen. Riedel Networks, Anbieter von maßgeschneiderten IT-Security- und Netzwerkdienstleistungen, veröffentlicht seinen aktuellen Report mit über 100 dokumentierten IT-Sicherheitsvorfällen aus dem ersten Halbjahr 2025, von Phishing über Zero-Day-Attacken bis hin zu Schwachstellen in der Lieferkette, und zeigt,… First…
-
Cyberresilienz einer der größten Wettbewerbsvorteile der Neuzeit
Analyse der IT-Sicherheitsvorfälle im ersten Halbjahr 2025 zeigt, dass Ransomware weiterhin dominiert und Cyberangriffe zunehmend Industrie und IT treffen. Riedel Networks, Anbieter von maßgeschneiderten IT-Security- und Netzwerkdienstleistungen, veröffentlicht seinen aktuellen Report mit über 100 dokumentierten IT-Sicherheitsvorfällen aus dem ersten Halbjahr 2025, von Phishing über Zero-Day-Attacken bis hin zu Schwachstellen in der Lieferkette, und zeigt,… First…
-
Understanding the EU Corporate Sustainability Due Diligence Directive (CSDDD): Why It Matters and How to Prepare
Key Takeaways For years, European companies have faced a patchwork of national laws pushing them to take responsibility for human rights and environmental issues tied to their business operations. France passed its Duty of Vigilance law in 2017. Germany followed with the EU Supply Chain Act in 2021. Each aimed to hold companies accountable not……
-
Software packages with more than 2 billion weekly downloads hit in supply-chain attack
Incident hitting npm users is likely the biggest supply-chain attack ever. First seen on arstechnica.com Jump to article: arstechnica.com/security/2025/09/software-packages-with-more-than-2-billion-weekly-downloads-hit-in-supply-chain-attack/
-
NPM Supply Chain Attack: Sophisticated Multi-Chain Cryptocurrency Drainer Infiltrates Popular Packages
A sophisticated npm supply chain attack compromised popular packages First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/09/npm-supply-chain-attack-sophisticated-multi-chain-cryptocurrency-drainer-infiltrates-popular-packages/
-
NPM Supply Chain Attack: Sophisticated Multi-Chain Cryptocurrency Drainer Infiltrates Popular Packages
A sophisticated npm supply chain attack compromised popular packages First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/09/npm-supply-chain-attack-sophisticated-multi-chain-cryptocurrency-drainer-infiltrates-popular-packages/
-
Salesloft Breached via GitHub Account Compromise
The breach kickstarted a massive supply chain attack that led to the compromise of hundreds of Salesforce instances through stolen OAuth tokens. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/salesloft-breached-github-account-compromise
-
Hackers steal 3,325 secrets in GhostAction GitHub supply chain attack
A new supply chain attack on GitHub, dubbed ‘GhostAction,’ has compromised 3,325 secrets, including PyPI, npm, DockerHub, GitHub tokens, Cloudflare, and AWS keys. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-steal-3-325-secrets-in-ghostaction-github-supply-chain-attack/
-
Dev snared in crypto phishing net, 18 npm packages compromised
Popular npm packages debug, chalk, and others hijacked in massive supply chain attack First seen on theregister.com Jump to article: www.theregister.com/2025/09/08/dev_falls_for_phishing_email/
-
Salesloft platform integration restored after probe reveals monthslong GitHub account compromise
An investigation by Mandiant found the attack began months ago, leading to a major supply chain attack. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/salesloft-drift-restored-probe-github/759506/
-
Salesloft platform integration restored after probe reveals monthslong GitHub account compromise
An investigation by Mandiant found the attack began months ago, leading to a major supply chain attack. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/salesloft-drift-restored-probe-github/759506/
-
Salesloft platform integration restored after probe reveals monthslong GitHub account compromise
An investigation by Mandiant found the attack began months ago, leading to a major supply chain attack. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/salesloft-drift-restored-probe-github/759506/
-
Salesloft Drift integration restored after probe reveals monthslong GitHub account compromise
An investigation by Mandiant found the attack began months ago, leading to a major supply chain attack. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/salesloft-drift-restored-probe-github/759506/
-
Salesloft Drift integration restored after probe reveals monthslong GitHub account compromise
An investigation by Mandiant found the attack began months ago, leading to a major supply chain attack. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/salesloft-drift-restored-probe-github/759506/
-
Salesloft Drift integration restored after probe reveals monthslong GitHub account compromise
An investigation by Mandiant found the attack began months ago, leading to a major supply chain attack. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/salesloft-drift-restored-probe-github/759506/
-
Hackers hijack npm packages with 2 billion weekly downloads in supply chain attack
In what is being called the largest supply chain attack in history, attackers have injected malware into NPM packages with over 2.6 billion weekly downloads after compromising maintainers’ accounts in a phishing attack. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-hijack-npm-packages-with-2-billion-weekly-downloads-in-supply-chain-attack/
-
GitHub Account Compromise Led to Salesloft Drift Breach Affecting 22 Companies
Salesloft has revealed that the data breach linked to its Drift application started with the compromise of its GitHub account.Google-owned Mandiant, which began an investigation into the incident, said the threat actor, tracked as UNC6395, accessed the Salesloft GitHub account from March through June 2025. So far, 22 companies have confirmed they were impacted by…
-
Salesloft Drift integration restored after probe reveals months-long GitHub account compromise
An investigation by Mandiant found the attack began months ago, leading to a major supply chain attack. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/salesloft-drift-restored-probe-github/759506/
-
Salesloft Drift integration restored after probe reveals months-long GitHub account compromise
An investigation by Mandiant found the attack began months ago, leading to a major supply chain attack. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/salesloft-drift-restored-probe-github/759506/
-
Wealthsimple Confirms Data Breach After Supply Chain Attack
Wealthsimple confirmed a third-party vendor data breach affecting roughly 30,000 customers First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/wealthsimple-confirms-data-breach/
-
Canadian investment platform Wealthsimple disclosed a data breach
Wealthsimple reported a data breach affecting some customers due to a supply chain attack via a third-party software package. Canadian investment platform Wealthsimple disclosed a data breach that impacted some customers. The company discovered the security breach on August 30, which stemmed from a supply chain attack via a trusted third-party software package. >>On August 30th,…
-
Canadian investment platform Wealthsimple disclosed a data breach
Wealthsimple reported a data breach affecting some customers due to a supply chain attack via a third-party software package. Canadian investment platform Wealthsimple disclosed a data breach that impacted some customers. The company discovered the security breach on August 30, which stemmed from a supply chain attack via a trusted third-party software package. >>On August 30th,…
-
GhostAction campaign steals 3325 secrets in GitHub supply chain attack
Tags: ai, attack, control, credentials, data-breach, detection, exploit, github, malicious, network, pypi, risk, supply-chain, threatThreat contained within days: GitGuardian’s security team responded quickly after detection, and the FastUUID package was set to read-only by PyPI administrators within minutes. The malicious commit was reverted shortly afterward. GitGuardian notified maintainers of the affected repositories, successfully contacting 573 projects, while also alerting GitHub, npm, and PyPI security teams to monitor for abuse.Although…
-
GhostAction campaign steals 3325 secrets in GitHub supply chain attack
Tags: ai, attack, control, credentials, data-breach, detection, exploit, github, malicious, network, pypi, risk, supply-chain, threatThreat contained within days: GitGuardian’s security team responded quickly after detection, and the FastUUID package was set to read-only by PyPI administrators within minutes. The malicious commit was reverted shortly afterward. GitGuardian notified maintainers of the affected repositories, successfully contacting 573 projects, while also alerting GitHub, npm, and PyPI security teams to monitor for abuse.Although…
-
Salesloft Drift data breach: Investigation reveals how attackers got in
The attack that resulted in the Salesloft Drift data breach started with the compromise of the company’s GitHub account, Salesloft confirmed this weekend. Supply chain … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/09/08/salesloft-drift-data-breach-investigation-results/