Tag: supply-chain
-
Hola Browser for Windows compromised to deliver cryptominer
The Windows version of the Hola Browser has been compromised in a supply chain attack that delivered an undeclared executable identified by researchers as a cryptocurrency miner. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hola-browser-for-windows-compromised-to-deliver-cryptominer/
-
Rust-Written IronWorm Hits NPM Supply Chain
Like Shai-Hulud, the campaign targets developers to steal credentials and reuses them to propagate across the software supply channel. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/rust-written-ironworm-npm-supply-chain
-
New IronWorm malware hits 36 packages in npm supply-chain attack
A new supply-chain attack has infected 36 packages on the Node Package Manager (npm) index with infostealer malware called IronWorm. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-ironworm-malware-hits-36-packages-in-npm-supply-chain-attack/
-
Supply Chain Attack Hits Dozens of npm Packages via binding.gyp
A large-scale npm supply chain attack has compromised at least 57 packages across more than 286 malicious versions in a rapid, coordinated campaign that unfolded in under two hours on June 3, 2026. The attack began at approximately 23:30 UTC with the compromise of @vapi-ai/server-sdk, the official Vapi.ai voice AI SDK with over 408,000 monthly…
-
IronWorm npm Attack Steals Developer Secrets
Tags: attack, credentials, crypto, cyber, data-breach, finance, malicious, software, supply-chain, wormA newly uncovered supply chain attack dubbed “IronWorm” is leveraging malicious npm packages to compromise developer environments, steal sensitive credentials, and propagate itself across repositories in a worm-like fashion. The campaign, identified in the wild, targets software developers with a particular focus on crypto and Web3 ecosystems, where exposed secrets can yield immediate financial value.…
-
ClawHub, Cisco, and Vercel Skill Detection Tools Evaded by Malicious Uploads
Security researchers have shown that AI skill security scanners from ClawHub, Cisco, and Vercel’s skills.sh can be reliably bypassed using simple techniques, raising serious concerns about agentic AI supply chain defenses. In tests conducted by Trail of Bits, multiple malicious skills designed to exfiltrate data, hijack agents, or execute arbitrary code were successfully uploaded and…
-
Gartner sieht Angreifer bei vier Bedrohungen klar im Vorteil
Deepfakes, kompromittierte KI-Anwendungen, Prompt Injection und Angriffe auf die Software-Lieferkette: Bei diesen vier Bedrohungen haben es Verteidiger nach Einschätzung von Gartner besonders schwer. Generative KI macht die Lage nicht einfacher, im Gegenteil. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/gartner-vier-bedrohungen-k
-
Red Hat Confirms Supply Chain Breach Impacting @redhatservices npm Packages
Red Hat has confirmed a supply chain security breach impacting multiple npm packages under the @redhat-cloud-services namespace, as detailed in security bulletin RHSB-2026-006 released on June 2, 2026. The incident was publicly disclosed a day earlier and stems from a compromised GitHub account that introduced malicious code into trusted repositories maintained within Red Hat’s infrastructure.…
-
Why supply chain attacks work and what detection can actually do about it
First seen on scworld.com Jump to article: www.scworld.com/perspective/why-supply-chain-attacks-work-and-what-detection-can-actually-do-about-it
-
AI Governance Playbook Calls for Enterprise Risk Controls
Healthcare Coordinating Council Highlights AI Risks, Potential Medical Mishaps. Healthcare organizations face an array of difficult cybersecurity, privacy, patient safety, supply chain and operational resiliency issues as they roll out artificial intelligence tools. A new Health Sector Coordinating Council playbook aims to help by providing a voluntary governance framework. First seen on govinfosecurity.com Jump to…
-
Claude Code GitHub Actions Flaw Created Supply Chain Attack Risk
Claude Code GitHub Actions flaws could enable repository compromise, credential theft, and supply chain attacks. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/claude-code-github-actions-flaw-created-supply-chain-attack-risk/
-
Dozens of Red Hat npm packages targeted in supply chain attack
Researchers said a variant of the Mini Shai-Hulud is involved in the compromise. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/dozens-red-hat-npm-packages-supply-chain-attack/821723/
-
Organisationen vor Supply-Chain-Attacken schützen
Der Sicherheitsvorfall bei Unimed ist nur einer der letzten in einer langen Kette von Supply-Chain-Angriffen, die verheerende Wirkung erzeugen können. Die Auswirkungen sind besonders in Bezug auf IT-Infrastrukturen in Krankenhäusern enorm, denn sie treffen auf durch Reformen verunsicherte Belegschaften, die sich täglichem Stress ausgesetzt sehen und darauf angewiesen sind, dass die Digitalisierung das bringt, was sie…
-
Dozens of Red Hat npm packages targeted in supply- chain attack
Researchers said a variant of the mini Shai-Hulud is involved in the compromise. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/dozens-red-hat-npm-packages-supply-chain-attack/821723/
-
Supply-Chain-Angriffe verhindern: Vorfall zeigt Risiken für Krankenhäuser und Dienstleister
Organisationen lassen sich vor Supply-Chain-Attacken schützen mit Zero Trust, Segmentierung, DevSecOps und KI-gestützter Prävention gegen hohe Folgeschäden. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/supply-chain-angriffe-verhindern-vorfall-zeigt-risiken-fuer-krankenhaeuser-und-dienstleister/a45355/
-
Claude Code GitHub Actions Flaw Exposes Repositories to Full Compromise
A critical supply chain vulnerability in Anthropic’s Claude Code GitHub Actions workflow has been disclosed, exposing thousands of repositories to potential full compromise through a single malicious GitHub issue. Security researcher Ryota K from GMO Flat Security identified multiple flaws in the Claude Code integration that allowed attackers to bypass permission controls and inject untrusted…
-
34 Malicious Packages Steal Cloud Keys, Wallets, and SSH Credentials
Tags: ai, attack, cloud, credentials, crypto, cyber, data, hacker, malicious, open-source, pypi, supply-chainHackers are actively abusing open-source ecosystems to steal sensitive developer data through a large-scale supply chain attack dubbed “TrapDoor,”. The campaign spans npm, PyPI, and Crates.io, leveraging 34 malicious packages and 384 versions to target developers working in cryptocurrency, DeFi, AI, and cloud environments. The attackers weaponized legitimate package installation and build mechanisms to silently…
-
Red Hat Cloud Services npm Packages Hijacked in Credential-Theft Malware Campaign
A large-scale software supply chain attack has compromised multiple official npm packages under the @redhat-cloud-services scope, exposing thousands of developers and CI/CD environments to credential theft. Security researchers at Aikido confirmed that 96 malicious versions across 32 packages were published on June 1, 2026, with combined weekly downloads exceeding 116,000. Red Hat Cloud Services npm…
-
Red Hat Cloud Services npm Packages Hijacked in Credential-Theft Malware Campaign
A large-scale software supply chain attack has compromised multiple official npm packages under the @redhat-cloud-services scope, exposing thousands of developers and CI/CD environments to credential theft. Security researchers at Aikido confirmed that 96 malicious versions across 32 packages were published on June 1, 2026, with combined weekly downloads exceeding 116,000. Red Hat Cloud Services npm…
-
Red Hat npm packages compromised to steal developer credentials
More than 30 npm packages under Red Hat’s ‘@redhat-cloud-services’ namespace were compromised in a supply-chain attack that distributed a new variant of the Shai-Hulud credential-stealing malware, dubbed “Miasma.” First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/red-hat-npm-packages-compromised-to-steal-developer-credentials/
-
Miasma Supply Chain Attack Compromises Red Hat npm Packages with Credential-Stealing Worm
A new Mini Shai-Hulud supply chain attack campaign, codenamed Miasma, has compromised @redhat-cloud-services packages to steal credentials and secrets from developer machines and deliver a self-propagating worm.”This is effectively a Mini Shai-Hulud campaign: it uses the same core tactics of install-time execution, credential harvesting, CI/CD targeting, encrypted exfiltration, and potential First seen on thehackernews.com Jump…
-
MegadolonKampagne erschüttert Software-Lieferkette
Tausende Github-Repositorys wurden mit Malware infiziert, die Anmeldedaten stiehlt. Die neueste Bedrohungskampagne von Megadolon erschüttert die ohnehin schon stark belastete Software-Lieferkette. Ein Kommentar von Shane Barney, CISO von Keeper Security <<Die Megalodon-Kampagne zeigt, wo das Risiko in der Software-Lieferkette tatsächlich liegt. Innerhalb von nur sechs Stunden schoben Angreifer bösartige Commits in über 5.500 Github-Repositorys ein…
-
OpenAI Codex Authentication Tokens Stolen in codexui-android npm Supply Chain Attack
Tags: android, attack, authentication, breach, cybersecurity, github, malicious, openai, supply-chain, toolCybersecurity researchers have disclosed details of a new malicious supply chain campaign that’s targeting developers using OpenAI Codex through a legitimate-looking remote web UI.The tool, named codexui-android, is advertised on GitHub and npm as a remote web UI for OpenAI Codex, attracting over 29,000 weekly downloads. The package is still available for download from the…
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 99
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Ghost CMS Mass Compromised via CVE-2026-26980, Now Fueling ClickFix Attacks TrapDoor Crypto Stealer Supply Chain Attack Hits 34 Packages and Hundreds of Versions Across npm, PyPI, and Crates.io RemotePE: The Lazarus RAT that lives…
-
TeamPCP Compromised LiteLLM in AI Supply Chain Attack
TeamPCP used malicious LiteLLM packages to steal AI and cloud credentials in a software supply chain attack. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/teampcp-compromised-litellm-in-ai-supply-chain-attack/
-
Socket Raises $60M for Wider Software Supply-Chain Defense
Funding at $1B Valuation Will Expand Controls Across Developer and AI Ecosystems. Socket raised $60 million in a Thrive Capital-led Series C at a $1 billion valuation to expand its supply-chain security platform beyond package managers as AI coding tools increase enterprise exposure to malicious dependencies, browser extensions and developer tooling. First seen on govinfosecurity.com…
-
CrowdStrike Disrupts Glassworm Supply Chain Botnet
CrowdStrike, Google, and the Shadowserver Foundation disrupted the Glassworm botnet. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/crowdstrike-disrupts-glassworm-supply-chain-botnet/
-
Megalodon Supply Chain Attack Hits 5,500+ GitHub Repositories in Six Hours
A large-scale software supply chain attack dubbed “Megalodon” has compromised more than 5,500 repositories on GitHub, raising fresh concerns about the growing abuse of automated development pipelines and GitHub Actions workflows. The incident, uncovered by SafeDep, involved thousands of malicious commits that injected credential-stealing payloads into repositories over a short period of time. First seen…
-
Megalodon Supply Chain Attack Hits 5,500+ GitHub Repositories in Six Hours
A large-scale software supply chain attack dubbed “Megalodon” has compromised more than 5,500 repositories on GitHub, raising fresh concerns about the growing abuse of automated development pipelines and GitHub Actions workflows. The incident, uncovered by SafeDep, involved thousands of malicious commits that injected credential-stealing payloads into repositories over a short period of time. First seen…
-
Automated ‘Megalodon’ Campaign Spreads GitHub Repo Backdoors
Supply-Chain Attack Uses Malicious GitHub Actions Workflow File to Steal Secrets. More than 5,000 GitHub repositories fell victim to an automated campaign, codenamed Megalodon, in which an attacker injected malicious GitHub Actions that executed a script designed to steal development environment secrets, plus a variety of keys, tokens and other credentials, researchers said. First seen…