Tag: supply-chain
-
Supply Chain Attacks Really Are Surging
Software Supply Chain Providers Under Fire by Ransomware Rings, Nation-State Groups. Hackers are doubling down on software supply chain attacks, with known attacks surging from over 12 last year to more than 24 per month in April and May, threat intelligence researchers report. Ransomware-wielding groups and nation-state hackers, alike, have been tied to such attacks.…
-
Cybergefahr Nummer 1: So gefährlich sind Supply-Chain-Angriffe
Cyberkriminelle setzen vermehrt auf Supply-Chain-Angriffe eine perfide Methode mit enormem Schadpotenzial. Besonders gefährdet ist die vernetzte Industrie mit ihren langlaufenden Embedded Systems und kaum kontrollierten Zuliefer-Komponenten. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/cybergefahr-supply-chain-angriffe
-
Widespread supply chain attack hits Gluestack packages
First seen on scworld.com Jump to article: www.scworld.com/brief/widespread-supply-chain-attack-hits-gluestack-packages
-
SentinelOne shares new details on China-linked breach attempt
SentinelOne has shared more details on an attempted supply chain attack by Chinese hackers through an IT services and logistics firm that manages hardware logistics for the cybersecurity firm. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/sentinelone-shares-new-details-on-china-linked-breach-attempt/
-
Unmasking the silent saboteur you didn’t know was running the show
Tags: 5G, access, ai, api, attack, authentication, backup, blockchain, breach, ciso, cloud, compliance, control, cybersecurity, data, defense, endpoint, firewall, firmware, GDPR, governance, Hardware, incident response, iot, ISO-27001, login, malicious, network, nis-2, PCI, service, siem, supply-chain, threat, zero-trustCybersecurity depends on accurate clocks : Your logs are only as valuable as your clocks are accurate. If your servers are out of sync, forget to reconstruct timelines. You’ll spend hours chasing phantom alerts. Event correlation and forensics Your SIEM is only as good as the timestamps it gets. Correlating events across endpoints, firewalls and cloud…
-
Malware found in NPM packages with 1 million weekly downloads
A significant supply chain attack hit NPM after 15 popular Gluestack packages with over 950,000 weekly downloads were compromised to include malicious code that acts as a remote access trojan (RAT). First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/supply-chain-attack-hits-gluestack-npm-packages-with-960k-weekly-downloads/
-
Over 950K weekly downloads at risk in ongoing supply chain attack on Gluestack packages
A supply chain attack hit NPM, threat actors compromised 16 popular Gluestack packages, affecting 950K+ weekly downloads. Researchers from Aikido Security discovered a new supply chain attack targeted NPM, compromising 16 popular Gluestack ‘react-native-aria’ packages with over 950K weekly downloads. The attack began on June 6 at 4:33 PM EST with a malicious update to…
-
New Supply Chain Malware Operation Hits npm and PyPI Ecosystems, Targeting Millions Globally
Cybersecurity researchers have flagged a supply chain attack targeting over a dozen packages associated with GlueStack to deliver malware.The malware, introduced via a change to “lib/commonjs/index.js,” allows an attacker to run shell commands, take screenshots, and upload files to infected machines, Aikido Security told The Hacker News, stating these packages collectively account for nearly 1…
-
Supply chain attack hits Gluestack NPM packages with 960K weekly downloads
A significant supply chain attack hit NPM after 15 popular Gluestack packages with over 950,000 weekly downloads were compromised to include malicious code that acts as a remote access trojan (RAT). First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/supply-chain-attack-hits-gluestack-npm-packages-with-960k-weekly-downloads/
-
ISMG Editors: Infosecurity Europe Conference 2025 Wrap-Up
Also: AI’s Promise and Pitfalls and Why Community, Communication, and Basics Matter. Live from Infosecurity Europe 2025 in London, ISMG editors and guest CISO Ian Thornton-Trump wrap up a week of standout insights – from AI-driven security and operational resilience to supply chain risk and mental health in cyber. A celebration of community, innovation and…
-
Vendor Risk in SaaS Supply Chains: 2025 Guide – Nudge Security
Why effective vendor risk management is a critical strategy for identifying, assessing, and mitigating risks within the SaaS supply chain. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/06/vendor-risk-in-saas-supply-chains-2025-guide-nudge-security/
-
Supply chain attack hits RubyGems to steal Telegram API data
Risk may extend past the regional ban: The malicious packages (Gems) were published by the threat actor on May 24, 2025, three days after Vietnam’s Ministry of Information and Communications ordered a nationwide ban on Telegram and gave internet service providers until June 2 to report compliance.Apart from the timing, the aliases used by the…
-
#Infosec2025: Securing Endpoints is Still Vital Amid Changing Threats
Endpoint and network security is still essential, even as malicious actors turn to supply chains, identities and AI First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/infosec2025-securing-endpoints/
-
Open-source code repos open to supply chain attacks, researchers warn
First seen on scworld.com Jump to article: www.scworld.com/news/open-source-code-repos-open-to-supply-chain-attacks-researchers-warn
-
Attackers Impersonate Ruby Packages to Steal Sensitive Telegram Data
Malicious RubyGems pose as a legitimate plug-in for the popular Fastlane rapid development platform in a geopolitically motivated attack with global supply chain reach. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/attackers-impersonate-ruby-packages-telegram-data
-
Malicious PyPI, npm, and Ruby Packages Exposed in Ongoing Open-Source Supply Chain Attacks
Several malicious packages have been uncovered across the npm, Python, and Ruby package repositories that drain funds from cryptocurrency wallets, erase entire codebases after installation, and exfiltrate Telegram API tokens, once again demonstrating the variety of supply chain threats lurking in open-source ecosystems.The findings come from multiple reports published by Checkmarx, First seen on thehackernews.com…
-
Cybersecurity’s ‘rare earth’ skills: Scarce, high-value, and critical for future defense
Tags: ai, attack, business, ciso, computing, crypto, cryptography, cyber, cybersecurity, data, defense, detection, intelligence, jobs, programming, risk, skills, strategy, supply-chain, technology, threat, trainingAdvanced threat hunting expertise Like the rarest elements, professionals who can proactively identify novel threats and adversary techniques before they cause damage are scarce and extremely valuable. Why are these skills rare? Many factors have led to this scenario:Complex skill requirements: Effective threat hunters need a unique combination of skills, including deep cyber knowledge, programming…
-
Hackers Exploit Ruby Gems to Steal Telegram Tokens and Messages
Researchers have unearthed a sophisticated supply chain attack targeting Ruby Gems, a popular package manager for the Ruby programming language. Malicious actors have infiltrated the ecosystem by embedding backdoors in seemingly legitimate gems, enabling them to steal sensitive Telegram tokens and private messages from unsuspecting developers and users. Uncovering a Sophisticated Supply Chain Attack This…
-
#Infosec2025: Half of Firms Suffer Two Supply Chain Incidents in Past Year
Risk Ledger found that 90% of UK professionals view supply chain cyber incidents as a top concern for 2025 First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/half-supply-chain-incidents/
-
Vet: Open-source software supply chain security tool
Vet is an open source tool designed to help developers and security engineers spot risks in their software supply chains. It goes beyond traditional software composition … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/06/03/vet-open-source-software-supply-chain-security-tool/
-
New PyPI Supply Chain Attacks Target Python and NPM Users on Windows and Linux
Checkmarx Zero researcher Ariel Harush has uncovered a sophisticated malicious package campaign targeting Python and NPM users across Windows and Linux platforms through typo-squatting and name-confusion attacks against popular packages. This coordinated supply chain attack demonstrates unprecedented cross-ecosystem tactics and advanced evasion techniques that security researchers warn represent an evolution in open-source threats. Cross-Ecosystem Typo-Squatting…
-
Die Angst vor dem schwächsten Glied: Cybersicherheit in der Lieferkette
First seen on datensicherheit.de Jump to article: www.datensicherheit.de/angst-schwaeche-glied-cybersicherheit-lieferkette
-
DoD Cyber Clause Flowdown: What Suppliers Must Do
The Department of Defense DFARS Cybersecurity Clause, more commonly known as the DoD Cyber Clause (or just DFARS 7012), is the long-standing set of rules the DoD has put in place for all members of the DoD supply chain and defense industrial base. It has also spread beyond those boundaries through the use of DFARS……
-
Die Angst vor dem schwächsten Glied in der Lieferkette
Laut einer neuen Umfrage von Sophos haben mit 69,8 Prozent die meisten der leitenden Manager:innen Bedenken, dass die Integrität ihres Unternehmens durch Cybersicherheitsvorfälle in der Lieferkette beeinträchtigt werden kann. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/schwaechstes-glied-in-lieferkette
-
Software supply chain security tools take on toil for users
Recent updates from software supply chain security vendors simply take over vulnerability management on behalf of IT orgs, rather than provide facilitating tools. First seen on techtarget.com Jump to article: www.techtarget.com/searchitoperations/news/366625212/Software-supply-chain-security-tools-take-on-toil-for-users
-
Preview: Hot Sessions at Infosecurity Europe 2025 in London
Ransomware, Quantum Computing, Geopolitics, GenAI and More on the Agenda Infosecurity Europe is set to return June 3 to London. Hot topics at this year’s event include everything from quantum computing, geopolitics and artificial intelligence, to supply chain attacks, insider threats and the cybercrime juggernaut that continues to be ransomware. First seen on govinfosecurity.com Jump…
-
NSA, CISA Urge Organizations to Secure Data Used in AI Models
New guidance includes a list of 10 best practices to protect sensitive data throughout the AI lifecycle as well as addressing supply chain and data poisoning risks. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/nsa-cisa-gudnceai-secure-data-ai-models