Tag: supply-chain
-
Weaponized PyPI Package Executes Supply Chain Attack to Steal Solana Private Keys
A chilling discovery by Socket’s Threat Research Team has exposed a meticulously crafted supply chain attack on the Python Package Index (PyPI), orchestrated by a threat actor using the alias >>cappership.
-
Poisoned models in fake Alibaba SDKs show challenges of securing AI supply chains
Malicious code in ML models is hard to detect: While Hugging Face hosts models directly, PyPI hosts Python software packages, so detection of poisoned models hidden inside Pickle files hidden inside packages could prove even harder for developers and PyPI’s maintainers, given the extra layer of obfuscation.The attack campaign discovered by ReversingLabs involved three packages:…
-
Die Angst vor dem schwächsten Glied in der Lieferkette
Die Gefahr durch Cyberbedrohungen hängt nicht allein von der unternehmenseigenen Sicherheitsstrategie ab, sondern zu einem erheblichen Teil auch von der der Geschäftspartner. Dies bestätigt eine neue Umfrage von Sophos, bei der leitende Mitarbeitende primär aus dem Einkauf, aber auch aus Geschäftsführung und IT befragt wurden. 30,7 Prozent der Befragten bestätigten, dass mindestens eine Order aufgrund…
-
DragonForce ransomware abuses SimpleHelp in MSP supply chain attack
The DragonForce ransomware operation successfully breached a managed service provider and used its SimpleHelp remote monitoring and management (RMM) platform to steal data and deploy encryptors on downstream customers’ systems. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/dragonforce-ransomware-abuses-simplehelp-in-msp-supply-chain-attack/
-
DragonForce Ransomware Strikes MSP in Supply Chain Attack
DragonForce, a ransomware cartel that has gained significant popularity since its debut in 2023, attacked an MSP as part of a recent supply chain attack, via known SimpleHelp bugs. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/dragonforce-ransomware-msp-supply-chain-attack
-
Hackers drop 60 npm bombs in less than two weeks to recon dev machines
Tags: attack, data, detection, email, framework, hacker, malicious, open-source, rce, remote-code-execution, supply-chain, threat, toolThe accounts are now defunct: The first three malicious packages, “e-learning-garena,” “seatalk-rn-leave-calendar,” and “coral-web-be,” were released under the npm accounts bbbb335656, cdsfdfafd1232436437, and sdsds656565, respectively. Since then, all three accounts have gone on to publish twenty malicious packages each.According to Socket, the first package emerged eleven days ago, and the most recent appeared only hours…
-
Die Angst vor dem schwächsten Glied in der Lieferkette
Laut einer neuen Umfrage von Sophos haben mit 69,8 Prozent die meisten der leitenden Manager Bedenken, dass die Integrität ihres Unternehmens durch Cybersicherheitsvorfälle in der Lieferkette beeinträchtigt werden kann. Die Gefahr durch Cyberbedrohungen hängt nicht allein von der unternehmenseigenen Sicherheitsstrategie ab, sondern zu einem erheblichen Teil auch von der der Geschäftspartner. Dies bestätigt eine neue…
-
Cyberrisiken in der Lieferkette: Eine unterschätzte Gefahr für Unternehmen
Tags: supply-chainAuch in großen Unternehmen (ab 1.000 Mitarbeitenden) ist das Thema präsent hier sagten 52,6 Prozent, sie hätten ‘eher große Bedenken”. Kleinere Unternehmen zeigen sich dagegen etwas weniger besorgt. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/cyberrisiken-in-der-lieferkette-eine-unterschaetzte-gefahr-fuer-unternehmen/a40934/
-
Operation Endgame 2.0: DanaBusted
Tags: access, attack, backup, banking, breach, business, cloud, communications, control, crypto, cybercrime, data, defense, detection, email, espionage, firewall, fraud, government, group, Hardware, infection, intelligence, international, law, malicious, malware, middle-east, network, programming, ransomware, russia, service, supply-chain, switch, threat, tool, ukraine, update, windowsIntroductionOn May 22, 2025, international law enforcement agencies released information about additional actions that were taken in conjunction with Operation Endgame, an ongoing, coordinated effort to dismantle and prosecute cybercriminal organizations, including those behind DanaBot. This action mirrors the original Operation Endgame, launched in May 2024, which disrupted SmokeLoader, IcedID, SystemBC, Pikabot, and Bumblebee. Zscaler…
-
Critical infrastructure under attack: Flaws becoming weapon of choice
Tags: access, attack, authentication, breach, china, citrix, communications, control, cve, cyber, cybersecurity, dark-web, data-breach, defense, exploit, flaw, fortinet, government, group, hacker, healthcare, ibm, identity, incident, infrastructure, intelligence, iran, kev, login, mfa, monitoring, moveIT, network, ransomware, risk, service, software, strategy, supply-chain, threat, update, vpn, vulnerability, zero-dayTrade in exploit code: IBM’s X-Force found four of the 10 most mentioned common vulnerabilities and exposures (CVEs) on the dark web were linked to sophisticated threat actor groups, including nation-state intelligence agencies.”Exploit codes for these CVEs were openly traded on numerous forums, fueling a growing market for attacks against power grids, health networks, and…
-
Police takes down 300 servers in ransomware supply-chain crackdown
In the latest phase of Operation Endgame, an international law enforcement operation, national authorities from seven countries seized 300 servers and 650 domains used to launch ransomware attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/police-takes-down-300-servers-in-ransomware-supply-chain-crackdown/
-
Top 12 US cities for cybersecurity job and salary growth
Tags: access, ai, apple, attack, blockchain, business, country, crowdstrike, cyber, cybersecurity, data, defense, finance, fintech, government, group, infrastructure, insurance, iot, jobs, metric, microsoft, nvidia, office, okta, privacy, software, startup, strategy, supply-chain, technology, training, warfareWhile major hubs like San Francisco naturally come to mind, and perform well based on the metrics we evaluated, there are many lesser-known cities that may be just as promising, if not more. These emerging destinations can offer easier access to job opportunities, more sustainable career paths, higher pay, and a lower cost of living.Here’s…
-
Russia-linked APT28 targets western logistics entities and technology firms
CISA warns Russia-linked group APT28 is targeting Western logistics and tech firms aiding Ukraine, posing an elevated threat to supply chains Russia-linked cyberespionage group APT28 intensifies its operations against Western logistics and technology companies moving supplies into Ukraine, US CISA warns. TheAPT28group (akaFancy Bear,Pawn Storm,Sofacy Group,Sednit,BlueDelta, andSTRONTIUM)has been active since at least 2007 and it…
-
Cleo and Corsica Technologies Partner to Simplify B2B Integration for Supply Chain Organizations
Tags: supply-chainFirst seen on scworld.com Jump to article: www.scworld.com/news/cleo-and-corsica-technologies-partner-to-simplify-b2b-integration-for-supply-chain-organizations
-
LLM03: Supply Chain FireTail Blog
Tags: ai, compliance, cyber, data, encryption, exploit, LLM, malicious, mitigation, monitoring, open-source, organized, privacy, risk, service, software, strategy, supply-chain, training, update, vulnerabilityMay 21, 2025 – Lina Romero – LLM03: Supply Chain 20/5/2025 Excerpt The OWASP Top 10 List of Risks for LLMs helps developers and security teams determine where the biggest risk factors lay. In this blog series from FireTail, we are exploring each risk one by one, how it manifests, and mitigation strategies. This week,…
-
Trojanized RVTools push Bumblebee malware in SEO poisoning campaign
The official website for the RVTools VMware management tool was taken offline in what appears to be a supply chain attack that distributed a trojanized installer to drop the Bumblebee malware loader on users’ machines. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/trojanized-rvtools-push-bumblebee-malware-in-seo-poisoning-campaign/
-
Critical flaw in OpenPGP.js raises alarms for encrypted email services
Tags: attack, backdoor, crypto, email, flaw, group, malicious, open-source, risk, service, supply-chain, threat, tool, vulnerabilityTrusting open code: The incident also underscores a familiar trade-off. Open-source libraries such as OpenPGP.js are widely used because they offer transparency, broad adoption, and the advantages of community input and peer review.But trusting open source libraries also means inheriting any flaws they might have, even subtle ones, that can go unnoticed for years.”This vulnerability…
-
Threat intelligence platform buyer’s guide: Top vendors, selection advice
Tags: ai, attack, automation, breach, cloud, computing, credentials, crowdstrike, cyber, cybersecurity, dark-web, data, data-breach, deep-fake, detection, dns, edr, email, endpoint, exploit, finance, firewall, fraud, gartner, google, group, guide, identity, incident response, infrastructure, intelligence, kubernetes, law, malicious, malware, microsoft, mitigation, monitoring, network, open-source, phishing, privacy, risk, service, siem, soar, soc, sophos, sql, supply-chain, technology, threat, tool, vpn, vulnerability, zero-dayThe Cybersecurity and Infrastructure Security Agency (CISA) found that since 2023 the majority of exploits were zero days, meaning exploiting heretofore unknown methods. And according to the latest Verizon Data Breach Investigations report (DBIR), the percentage of AI-assisted malicious emails doubled to 10% of the totals they observed over the past two years, making staying…
-
Let’s Talk About SaaS Risk Again”¦ This Time, Louder.
By Kevin Hanes, CEO of Reveal Security A few weeks ago, I shared a thought that sparked a lot of discussion: SaaS is not a black box we can ignore. It’s a rich, dynamic attack surface and one that attackers are increasingly targeting. That urgency was echoed powerfully in JPMorgan CISO Patrick Opet’s open letter…
-
Bumblebee Malware Takes Flight via Trojanized VMware Utility
An employee inadvertently downloaded a malicious version of the legitimate RVTools utility, which launched an investigation into an attempted supply chain attack aimed at delivering the recently revived initial-access loader. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/bumblebee-malware-trojanized-vmware-utility
-
Standards for a Machine”‘First Future: SPICE, WIMSE, and SCITT
Discover how SPICE, WIMSE, and SCITT are redefining workload identity, digital trust, and software supply chain integrity in modern machine-first environments. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/05/standards-for-a-machine%e2%80%91first-future-spice-wimse-and-scitt/
-
RVTools hit in supply chain attack to deliver Bumblebee malware
The official website for the RVTools VMware management tool was taken offline in what appears to be a supply chain attack where hackers replaced a DLL in the distributed installer to drop the Bumblebee malware loader on users’ machines. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/rvtools-hit-in-supply-chain-attack-to-deliver-bumblebee-malware/
-
Peter Green Chilled Cyberattack Disrupts Supermarket Supply Chain Across the UK
The logistics firm Peter Green Chilled, a key supplier to major UK supermarkets including Tesco, Sainsbury’s, and Aldi, fell victim to a cyberattack. The company confirmed that its computer systems were compromised in the Peter Green Chilled cyberattack. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/peter-green-chilled-cyberattack/
-
DoD SPRS Scores: How Often Should You Update Them?
The overall defense industrial base is growing increasingly aware of the needs of modern information and cyber security. From recent major supply chain attacks to the constant threat of nation-state actors trying to compromise systems, it’s important to be committed to the best security you can implement, no matter where you are in the supply……
-
Inside the Ransomware Supply Chain: The Role of Initial Access Brokers in Modern Attacks
First seen on scworld.com Jump to article: www.scworld.com/native/inside-the-ransomware-supply-chain-the-role-of-initial-access-brokers-in-modern-attacks