Tag: supply-chain

SANDWORM_MODE: The Rise of Adaptive Supply Chain Worms

Mar 2, 2026 9:48 PM

Tags: automation, cyberattack, open-source, software, supply-chain, threat, tool, worm

<div cla Earlier this year, we asked our team where they expect open source cyberattacks to go next. Sonatype Principal Security Researcher Garrett Calpouzos shared his thoughts about how he anticipated attackers won’t simply use automation, but also abuse victims’ AI tools: First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/sandworm_mode-the-rise-of-adaptive-supply-chain-worms/
SANDWORM_MODE: The Rise of Adaptive Supply Chain Worms

Mar 2, 2026 9:48 PM

Tags: automation, cyberattack, open-source, software, supply-chain, threat, tool, worm

<div cla Earlier this year, we asked our team where they expect open source cyberattacks to go next. Sonatype Principal Security Researcher Garrett Calpouzos shared his thoughts about how he anticipated attackers won’t simply use automation, but also abuse victims’ AI tools: First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/sandworm_mode-the-rise-of-adaptive-supply-chain-worms-2/
Trump Bans Anthropic AI in Federal Agencies Amid Growing Security Concerns

Feb 28, 2026 8:36 AM

Tags: ai, cyber, government, risk, supply-chain

The United States government has taken a massive step by banning federal agencies from using Anthropic, a domestic AI company known for its model, Claude. For the first time, a U.S. firm has been classified as a supply chain risk to national security, a label usually given to foreign companies like Huawei. President Donald Trump…
Pentagon Designates Anthropic Supply Chain Risk Over AI Military Dispute

Feb 28, 2026 7:36 AM

Tags: ai, defense, intelligence, military, risk, supply-chain

Anthropic on Friday hit back after U.S. Secretary of Defense Pete Hegseth directed the Pentagon to designate the artificial intelligence (AI) upstart as a “supply chain risk.””This action follows months of negotiations that reached an impasse over two exceptions we requested to the lawful use of our AI model, Claude: the mass domestic surveillance of…
The Seam in Cybersecurity Defenses That Nation-States Keep Exploiting

Feb 27, 2026 1:37 PM

Tags: cybersecurity, defense, exploit, supply-chain

The Notepad++ supply chain compromise is the latest proof that sophisticated adversaries are deliberately targeting the gap between two disciplines: Vulnerability management and detection and response. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/the-seam-in-cybersecurity-defenses-that-nation-states-keep-exploiting/
Study Finds 87% of Organizations Exposed to Attacks Due to Known Vulnerabilities

Feb 27, 2026 1:37 PM

Tags: ai, attack, cyber, data, data-breach, intelligence, metric, service, software, supply-chain, threat, vulnerability

The 2026 State of DevSecOps report reveals a critical tension between development velocity and security. While organizations rapidly adopt AI-assisted coding, many fail to manage dependencies properly, leaving their software supply chains highly vulnerable to threat actors.”‹ Threat Intelligence Data Threat Vector Key Metric Security Impact Deployed Services 87% of organizations have known vulnerabilities”‹. High…
Europe’s ManoMano Hit: 38M Customer Records Compromised in Vendor Breach

Feb 27, 2026 11:37 AM

Tags: breach, data, data-breach, service, supply-chain

ManoMano is notifying 38 million customers after a third-party customer service breach exposed personal data, highlighting growing supply chain security risks. The post Europe’s ManoMano Hit: 38M Customer Records Compromised in Vendor Breach appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-manomano-38m-third-party-data-breach/
Ransomware groups switch to stealthy attacks and long-term access

Feb 27, 2026 8:37 AM

Tags: access, application-security, attack, ciso, control, crime, cyber, cybercrime, cybersecurity, data, detection, encryption, endpoint, exploit, extortion, group, identity, intelligence, monitoring, organized, ransomware, service, software, strategy, supply-chain, switch, theft, threat, tool, vulnerability

38% drop in encryption over the past 12 months as more cybercriminals turn to silently exfiltrating data for extortion as their main stock in trade.Picus’ suggestion that the volume of ransomware attacks is dropping is disputed by other experts.Tony Anscombe, chief security evangelist at endpoint security vendor Eset, offered a contrasting perspective.”In the recent Eset…
Your Drug Formulas, Clinical Trials, and Manufacturing Lines Are Under Attack. Here’s How to Fight Back.

Feb 27, 2026 5:37 AM

Tags: ai, breach, ransomware, supply-chain, theft

Detect pharmaceutical IP theft, ransomware campaigns, and supply chain breaches in real time with Morpheus AI SOC. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/your-drug-formulas-clinical-trials-and-manufacturing-lines-are-under-attack-heres-how-to-fight-back/
The Key Components of a Vendor Relationship Management Framework

Feb 27, 2026 5:37 AM

Tags: framework, governance, monitoring, risk, supply-chain

Key Takeaways Supply chains are becoming more distributed, and as a result, vendor relationships have become ongoing operational dependencies that require structure and oversight. A vendor relationship management framework is the structured practice of managing those dependencies. It combines governance, communication, performance monitoring, and risk oversight to ensure expectations are met and relationships remain productive……
Hegseth’s Anthropic Deadline Risks Severe Defense AI Gaps

Feb 26, 2026 11:36 PM

Tags: access, ai, defense, risk, supply-chain

Analysts Warn Pentagon Feud With Anthropic Could Trigger Cascading Defense Impacts. Defense Secretary Pete Hegseth’s ultimatum to Anthropic over expanded Claude access could trigger a months-long AI capability gap and disrupt the defense industrial base, as analysts warn that supply chain risk designations and compelled safeguards may destabilize national security AI strategy. First seen on…
MSP Strategic Defense: Building Compliance on Dynamic Attack Surface Reduction

Feb 26, 2026 9:36 PM

Tags: attack, compliance, control, cyber, defense, dora, HIPAA, insurance, ISO-27001, msp, nis-2, PCI, regulation, soc, supply-chain

<div cla Compliance expectations across SMB markets are rising as supply chain regulations and cyber insurance requirements raise the baseline for security maturity. Regulatory standards such as CIS Controls v8, the NIS2 Directive, ISO 27001, SOC 2, PCI DSS, HIPAA, Cyber Essentials, CMMC 2.0, DORA, and the Essential Eight now shape what that baseline looks…
What to Know About the Notepad++ Supply-Chain Attack

Feb 26, 2026 4:37 PM

Tags: attack, cybersecurity, supply-chain, tool, vulnerability

The cybersecurity community is still grappling with a sobering realization: one of the most ubiquitous tools in the developer’s toolkit, Notepad++, was hiding a critical vulnerability for over six months. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/what-to-know-about-the-notepad-supply-chain-attack/
The OpenClaw Hype: Analysis of Chatter from Open-Source Deep and Dark Web

Feb 25, 2026 4:37 PM

Tags: dark-web, data, marketplace, open-source, risk, skills, supply-chain

OpenClaw has sparked heavy Telegram and dark web chatter, but Flare’s data shows more research hype than mass exploitation. Flare explains how its telemetry found real supply-chain risk in the skills marketplace, yet limited signs of large-scale criminal operationalization. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/the-openclaw-hype-analysis-of-chatter-from-open-source-deep-and-dark-web/
Wachsende KI-Exposure-Lücke durch Supply-Chain-Risiken und fehlende Identitätskontrollen

Feb 25, 2026 8:37 AM

Tags: ai, cloud, risk, supply-chain

Der Bericht von Tenable zeigt, dass 86 % aller Unternehmen Code-Pakete von Drittanbietern mit kritischen Sicherheitslücken installiert haben und 65 % wertvolle Assets durch vergessene Cloud-Anmeldedaten gefährden. Tenable, das Unternehmen für Exposure Management, veröffentlichte seinen Cloud and AI Security Risk Report 2026 [1]. Die Studie zeigt, dass Unternehmen vor einer kritischen KI-Exposure-Lücke ohne Fehlertoleranz… First…
Threat intelligence supply chain is full of weak links, researchers find

Feb 25, 2026 7:37 AM

Tags: data, intelligence, supply-chain, threat

And they’re being stressed by geopolitical concerns that threaten to slow important data-sharing efforts First seen on theregister.com Jump to article: www.theregister.com/2026/02/25/threat_intelligence_supply_chain_research/
Self-spreading npm malware targets developers in new supply chain attack

Feb 24, 2026 3:02 PM

Tags: attack, credentials, malware, supply-chain

Security researchers have uncovered another supply chain attack targeting developers: 19 typosquatting npm packages published on npmjs.com that steal credentials, infect … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/24/npm-worm-sandworm-mode-supply-cain-attack/
Malicious OpenClaw Tactics Deceive Users into Manual Password Entry for AMOS Infection

Feb 24, 2026 11:02 AM

Tags: ai, attack, cyber, infection, macOS, malicious, password, skills, social-engineering, software, supply-chain, tactics

Malicious OpenClaw skills are being weaponized to coerce users into manually entering their passwords, enabling a new Atomic (AMOS) Stealer infection chain that abuses AI agent workflows as a social engineering channel. TrendAI Research has tracked Atomic (AMOS) Stealer’s evolution from crude “cracked” macOS software lures to a refined supply chain attack abusing OpenClaw’s skill…
The rise of the evasive adversary

Feb 24, 2026 8:01 AM

Tags: access, ai, attack, authentication, breach, china, cloud, credentials, crime, crowdstrike, crypto, data, defense, endpoint, exploit, finance, firewall, group, identity, infrastructure, intelligence, korea, lazarus, leak, mail, malicious, malware, microsoft, monitoring, network, north-korea, open-source, phishing, ransomware, remote-code-execution, russia, saas, service, software, strategy, supply-chain, tactics, theft, threat, tool, update, vpn, vulnerability, windows, zero-day

Big game hunters tighten their grip: CrowdStrike’s research highlights how big game hunting (BGH) ransomware actors have remained the dominant force in the eCrime landscape.Punk Spider, a group responsible for developing and maintaining Russian-language Akira ransomware, and its associated Akira dedicated leak site, conducted 198 intrusions in 2025, a 134% increase year over year. Victim-shaming operations…
Shai-Hulud-Like Worm Targets Developers via npm and AI Tools

Feb 23, 2026 6:01 PM

Tags: ai, malicious, malware, supply-chain, tool, worm

Supply chain worm mimicking Shai-Hulud malware spread via malicious npm packages, targeting AI tools has been identified by security researchers First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/shai-hulud-like-worm-devs-npm-ai/
Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens

Feb 23, 2026 1:01 PM

Tags: api, attack, credentials, crypto, cybersecurity, malicious, supply-chain, worm

Cybersecurity researchers have disclosed what they say is an active “Shai-Hulud-like” supply chain worm campaign that has leveraged a cluster of at least 19 malicious npm packages to enable credential harvesting and cryptocurrency key theft.The campaign has been codenamed SANDWORM_MODE by supply chain security company Socket. As with prior Shai-Hulud attack waves, the malicious code…
13 ways attackers use generative AI to exploit your systems

Feb 23, 2026 9:01 AM

Tags: access, ai, attack, authentication, awareness, breach, captcha, ceo, chatgpt, ciso, cloud, credentials, crypto, cyber, cyberattack, cybercrime, cybersecurity, dark-web, data, deep-fake, defense, detection, email, espionage, exploit, extortion, finance, flaw, framework, fraud, google, government, group, hacker, identity, infrastructure, intelligence, law, LLM, login, malicious, malware, marketplace, network, open-source, password, phishing, privacy, ransomware, resilience, risk, saas, scam, service, social-engineering, startup, supply-chain, tactics, technology, theft, threat, tool, vulnerability, zero-day

Facilitating malware development: AI can also be used to generate more sophisticated, or less labour-intensive, malware.For example, cybercriminals are using gen AI to create malicious HTML documents. The XWorm attack, initiated by HTML smuggling, which contains malicious code that downloads and runs the malware, bears the hallmarks of development via AI.”The loader’s detailed line-by-line description…
13 ways attackers use generative AI to exploit your systems

Feb 23, 2026 9:01 AM

Tags: access, ai, attack, authentication, awareness, breach, captcha, ceo, chatgpt, ciso, cloud, credentials, crypto, cyber, cyberattack, cybercrime, cybersecurity, dark-web, data, deep-fake, defense, detection, email, espionage, exploit, extortion, finance, flaw, framework, fraud, google, government, group, hacker, identity, infrastructure, intelligence, law, LLM, login, malicious, malware, marketplace, network, open-source, password, phishing, privacy, ransomware, resilience, risk, saas, scam, service, social-engineering, startup, supply-chain, tactics, technology, theft, threat, tool, vulnerability, zero-day

Facilitating malware development: AI can also be used to generate more sophisticated, or less labour-intensive, malware.For example, cybercriminals are using gen AI to create malicious HTML documents. The XWorm attack, initiated by HTML smuggling, which contains malicious code that downloads and runs the malware, bears the hallmarks of development via AI.”The loader’s detailed line-by-line description…
128M Users Exposed as Popular VS Code Extensions Reveal Critical Flaws

Feb 23, 2026 5:01 AM

Tags: api, business, cve, cyber, data, data-breach, flaw, supply-chain, vulnerability

Serious vulnerabilities in four popular Visual Studio Code (VS Code) extensions, affecting over 128 million downloads. These flaws, including three assigned CVEs CVE-2025-65715, CVE-2025-65716, and CVE-2025-65717, highlight IDEs as the weakest link in organizational supply chain security. Developers often store sensitive data like API keys, business logic, database configs, and even customer info right in…
Japanese Semiconductor Supplier Hit by Ransomware, Multiple Systems Impacted

Feb 23, 2026 5:01 AM

Tags: attack, cyber, network, ransomware, supply-chain

Feb. 20, 2026 Advantest Corporation, a top supplier of semiconductor test equipment, revealed it is battling a ransomware attack that struck its network last weekend. The incident, detected on February 15 (JST), has disrupted multiple systems and raised alarms in the global chip industry, where supply chain attacks can ripple through tech giants building […]…
Hackers Hide Pulsar RAT Inside PNG Images in New NPM Supply Chain Attack

Feb 22, 2026 3:01 PM

Tags: antivirus, attack, cybersecurity, hacker, rat, supply-chain, windows

Cybersecurity researchers at Veracode reveal a typosquatting attack that disguises Pulsar RAT as images to bypass Windows security and antivirus programs. First seen on hackread.com Jump to article: hackread.com/hackers-pulsar-rat-png-images-npm-supply-chain-attack/
Compromised npm package silently installs OpenClaw on developer machines

Feb 21, 2026 5:01 AM

Tags: ai, attack, business, cybersecurity, detection, edr, malware, risk, supply-chain, tool, update

Update to the latest version: npm install “-g cline@latest.”If on version 2.3.0, update to 2.4.0 or higher.Check for and immediately remove OpenClaw if it hadn’t been intentionally installed (“npm uninstall -g openclaw”).Gooding noted, “nothing ran automatically beyond the install,” but added there was still a risk: “OpenClaw is a capable agentic tool with broad system…
AI coding assistant Cline compromised to create more OpenClaw chaos

Feb 20, 2026 10:01 PM

Tags: ai, attack, supply-chain

4K unintended installs in very odd supply chain attack First seen on theregister.com Jump to article: www.theregister.com/2026/02/20/openclaw_snuck_into_cline_package/
NDSS 2025 A Comprehensive Study Of Security Risks In Deno And Its Ecosystem

Feb 20, 2026 6:01 PM

Tags: access, api, attack, conference, control, Internet, network, programming, risk, rust, software, supply-chain

Session 13A: JavaScript Security Authors, Creators & Presenters: Abdullah AlHamdan (CISPA Helmholtz Center for Information Security), Cristian-Alexandru Staicu (CISPA Helmholtz Center for Information Security) PAPER Welcome to Jurassic Park: A Comprehensive Study of Security Risks in Deno and its Ecosystem Node.js and its ecosystem npm are notoriously insecure, enabling the proliferation of supply chain attacks.…
Cline CLI 2.3.0 Supply Chain Attack Installed OpenClaw on Developer Systems

Feb 20, 2026 4:01 PM

Tags: ai, attack, intelligence, open-source, software, supply-chain, unauthorized, update

In yet another software supply chain attack, the open-source, artificial intelligence (AI)-powered coding assistant Cline CLI was updated to stealthily install OpenClaw, a self-hosted autonomous AI agent that has become exceedingly popular in the past few months.”On February 17, 2026, at 3:26 AM PT, an unauthorized party used a compromised npm publish token to publish…