Tag: supply-chain
-
Cisco Introduces Model Provenance Kit to Strengthen AI Supply Chain Security
Cisco’s Model Provenance Kit helps organizations verify AI model origins and reduce supply chain risk. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/artificial-intelligence/cisco-introduces-model-provenance-kit-to-strengthen-ai-supply-chain-security/
-
Cisco Introduces Model Provenance Kit to Strengthen AI Supply Chain Security
Cisco’s Model Provenance Kit helps organizations verify AI model origins and reduce supply chain risk. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/artificial-intelligence/cisco-introduces-model-provenance-kit-to-strengthen-ai-supply-chain-security/
-
Cisco Introduces Model Provenance Kit to Strengthen AI Supply Chain Security
Cisco’s Model Provenance Kit helps organizations verify AI model origins and reduce supply chain risk. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/artificial-intelligence/cisco-introduces-model-provenance-kit-to-strengthen-ai-supply-chain-security/
-
Cisco Introduces Model Provenance Kit to Strengthen AI Supply Chain Security
Cisco’s Model Provenance Kit helps organizations verify AI model origins and reduce supply chain risk. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/artificial-intelligence/cisco-introduces-model-provenance-kit-to-strengthen-ai-supply-chain-security/
-
Supply-Chain-Angriff: Mehrere Softwareprojekte von SAP kompromittiert
Angreifer haben Schadcode in NPM-Pakete von SAP eingeschleust, um massenhaft Zugangsdaten abzugreifen. Entwickler sollten zügig handeln. First seen on golem.de Jump to article: www.golem.de/news/supply-chain-angriff-mehrere-softwareprojekte-von-sap-kompromittiert-2604-208187.html
-
Zunehmende Bedrohung durch Infostealer auf macOS-Systemen
Von Account-Übernahmen bis hin zu Supply-Chain-Angriffen: Viele Nutzer installieren Software über das Terminal und umgehen damit bewusst Sicherheitsmechanismen von macOS. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/zunehmende-bedrohung-durch-infostealer-auf-macos-systemen/a44831/
-
Compromised SAP npm Packages Found Harvesting Developer and CI/CD Secrets
Security researchers have identified a severe supply chain attack targeting the SAP developer ecosystem. A threat group identified as TeamPCP has compromised multiple legitimate SAP npm packages in a new campaign named Mini Shai Hulud. The operation relies on injecting malicious pre-install scripts that execute silently during dependency installation. By leveraging a multi-stage payload, the…
-
Official SAP npm packages compromised to steal credentials
Multiple official SAP npm packages were compromised in what is believed to be a TeamPCP supply-chain attack to steal credentials and authentication tokens from developers’ systems. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/official-sap-npm-packages-compromised-to-steal-credentials/
-
Shai-Hulud Strikes SAP: Supply Chain Worm Weaponized Claude Code to Compromise the CAP Framework
SAP CAP packages compromised via Claude Code in AI-assisted worm attack. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/shai-hulud-strikes-sap-supply-chain-worm-weaponized-claude-code-to-compromise-the-cap-framework/
-
SAP-Related npm Packages Compromised in Credential-Stealing Supply Chain Attack
Cybersecurity researchers are sounding the alarm about a new supply chain attack campaign targeting SAP-related npm Packages with credential-stealing malware.According to reports from Aikido Security, SafeDep, Socket, StepSecurity, and Google-owned Wiz, the campaign calling itself the mini Shai-Hulud has affected the following packages associated with SAP’s JavaScript and cloud application First seen on thehackernews.com Jump…
-
A Mini Shai-Hulud Targeting the SAP Ecosystem
7 stolen GitHub tokens. 971 repositories. A self-replicating supply chain attack targeting SAP’s Node.js packages, and it’s still active. Here’s what GitGuardian found. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/a-mini-shai-hulud-targeting-the-sap-ecosystem/
-
A Mini Shai-Hulud Targeting the SAP Ecosystem
7 stolen GitHub tokens. 971 repositories. A self-replicating supply chain attack targeting SAP’s Node.js packages, and it’s still active. Here’s what GitGuardian found. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/a-mini-shai-hulud-targeting-the-sap-ecosystem/
-
SAP npm Packages Compromised by “Mini Shai-Hulud” Credential-Stealing Malware
Cybersecurity researchers are sounding the alarm about a new supply chain attack campaign targeting SAP-related npm Packages with credential-stealing malware.According to reports from Aikido Security, SafeDep, Socket, StepSecurity, and Google-owned Wiz, the campaign calling itself the mini Shai-Hulud has affected the following packages associated with SAP’s JavaScript and cloud application First seen on thehackernews.com Jump…
-
Vect 2.0 Ransomware Acts as Wiper, Thanks to Design Error
The emerging ransomware has been deployed against victims of the TeamPCP supply chain attacks, but organizations should think twice before paying for a decryptor. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/vect-ransomware-wiper-design-error
-
Why a recent supply-chain attack singled out security firms Checkmarx and Bitwarden
Security firms find themselves especially exposed. First seen on arstechnica.com Jump to article: arstechnica.com/information-technology/2026/04/why-a-recent-supply-chain-attack-singled-out-security-firms-checkmarx-and-bitwarden/
-
Vimeo Confirms Data Breach After Hackers Access User Database
Tags: access, breach, cyber, data, data-breach, hacker, risk, security-incident, software, supply-chain, vulnerabilityVimeo has officially confirmed a data breach affecting its user database. The security incident did not originate with Vimeo, but rather with Anodot, a third-party analytics vendor used by the video hosting platform. This event highlights the ongoing risks associated with software supply chains, where a vulnerability in one vendor can compromise multiple downstream companies.…
-
More fake extensions linked to GlassWorm found in Open VSX code marketplace
Tags: control, marketplace, monitoring, open-source, risk, software, supply-chain, tool, update, vulnerabilityAdvice for developers: Janca said developers who want to reduce their exposure to the GlassWorm campaign should start with the basics: install fewer extensions and treat each one as a dependency with real risk attached. Disable auto-update so you control when updates are applied, and carefully evaluate each one. Use a next-generation SCA tool that covers…
-
Fresh Wave of GlassWorm VS Code Extensions Slices Through Supply Chain
Tags: supply-chainAttackers continue to scale a campaign to seed Open VSX with seemingly benign VS Code extensions that spread self-propagating malware. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/fresh-glassworm-vs-code-extensions-supply-chain
-
VECT: Ransomware by design, Wiper by accident
ey Takeaways Background VECT Ransomware is a Ransomware-as-a-Service (RaaS) program that made its first appearance in December 2025 on a Russian-language cybercrime forum. After claiming their first two victims in January 2026, the group got back into the public eye due to an announcement of a partnership with TeamPCP, the actor behind several supply-chain attacks…
-
Artifact Poisoning: A Silent Threat to Enterprise Software Supply Chains
Software supply chains have quietly become one of the most critical and most vulnerable foundations of modern enterprises. Today, applications are no longer monolithic systems built entirely in-house. Instead, they are complex assemblies of open-source libraries, third-party packages, container images, APIs, and pre-built binaries pulled from multiple repositories. This interconnected ecosystem has dramatically improved speed,……
-
Ongoing supply-chain attack ‘explicitly targeting’ security, dev tools
Vendor confirms repo data exposure after Lapsus$ claims source code, secrets dump First seen on theregister.com Jump to article: www.theregister.com/2026/04/27/supply_chain_campaign_targets_security/
-
Pentagon’s Anthropic Fight Draws Rebuke From Ex-DOD Leaders
Former Officials, Tech Groups Say Anthropic Designation Is Illegal – and Dangerous. Former U.S. defense and intelligence officials argue the Pentagon’s designation of Anthropic as a supply-chain risk was politically motivated and legally flawed, warning it could erode trust in government contracting and weaken the defense AI ecosystem. First seen on govinfosecurity.com Jump to article:…
-
Entwickler-Tools als neue Angriffsfläche
Aktuelle Angriffe auf den Infrastruktur-Scanner <> und den Kommandozeilen-Client von Bitwarden zeigen eine neue Qualität von Supply-Chain-Attacken. Die Angreifer verteilten trojanisierte Versionen über offizielle Kanäle wie npm, Docker-Hub und Github-Actions. Sie unterwanderten damit das Vertrauen, das Entwickler in etablierte Distributionswege setzen. Neben klassischen Zugangsdaten wie Github-Tokens, SSH-Schlüsseln und Cloud-Credentials gerieten auch Konfigurationen von KI-Entwicklungsassistenten […]…
-
Checkmarx Confirms GitHub Repository Data Posted on Dark Web After March 23 Attack
Checkmarx has disclosed that its ongoing investigation tied to the supply chain security incident has revealed that a cybercriminal group published data related to the company on the dark web.”Based on current evidence, we believe this data originated from Checkmarx’s GitHub repository, and that access to that repository was facilitated through the initial supply chain…
-
âš¡ Weekly Recap: Fast16 Malware, XChat Launch, Federal Backdoor, AI Employee Tracking & More
Everything is dumb again. This week feels broken in a very familiar way. Old tricks are back. New tools are doing shady crap. Supply chains got hit. Fake help desks worked. Weird research showed how easy some attacks still are.Most of it feels like stuff we should have fixed years ago. Bad extensions. Stolen creds.…
-
âš¡ Weekly Recap: Fast16 Malware, XChat Launch, Federal Backdoor, AI Employee Tracking & More
Everything is dumb again. This week feels broken in a very familiar way. Old tricks are back. New tools are doing shady crap. Supply chains got hit. Fake help desks worked. Weird research showed how easy some attacks still are.Most of it feels like stuff we should have fixed years ago. Bad extensions. Stolen creds.…
-
Supply-Chain-Angriffe auf Entwickler-Tools: Checkmarx und Bitwarden im Fokus
Im Kern der Angriffe steht die Manipulation von Build- und Distributionsprozessen. Angreifer konnten Schadcode in legitime Entwickler-Tools einschleusen First seen on infopoint-security.de Jump to article: www.infopoint-security.de/supply-chain-angriffe-auf-entwickler-tools-checkmarx-und-bitwarden-im-fokus/a44790/
-
Cyberkriminelle zielen auf den Fertigungssektor ab
Ein Bericht von Check-Point-Exposure-Management zur Bedrohungslage in der Fertigungsindustrie zeigt eine drastische Zunahme von Ransomware, Angriffen auf die Lieferkette und OT-bezogenen Cybervorfällen. Mit der zunehmenden Verbreitung intelligenter Fabriken und vernetzter Lieferketten ändern Angreifer ihre Taktiken, um Störungen, finanziellen Druck und geopolitische Auswirkungen zu maximieren. Die Fertigungsindustrie ist mittlerweile weltweit die am stärksten von Ransomware betroffene…
-
AI is reshaping DevSecOps to bring security closer to the code
Tags: access, ai, api, application-security, attack, authentication, automation, breach, business, cloud, communications, compliance, container, control, data, data-breach, detection, exploit, governance, infrastructure, injection, least-privilege, risk, service, skills, software, sql, strategy, supply-chain, threat, tool, training, vulnerabilityExplicit security requirements elevate AI benefits: While deploying AI with DevSecOps is helping to shift the emphasis on security to earlier in the development lifecycle, this requires “explicit instruction to do it right,” says Noe Ramos, vice president of AI operations at business software provider Agiloft.”AI coding assistants accelerate development meaningfully, but they optimize for…