Tag: supply-chain
-
Notepad++ Users Targeted After State-Backed Attackers Hijack Update Servers
Notepad++ fell victim to a sophisticated supply chain attack orchestrated by state-sponsored threat actors who compromised its update infrastructure over a six-month campaign. Security experts have attributed the attack to a Chinese state-backed group based on the highly selective targeting and technical sophistication demonstrated throughout the incident. Attack Timeline and Scope The compromise began in…
-
Open VSX Supply Chain Attack Used Compromised Dev Account to Spread GlassWorm
Cybersecurity researchers have disclosed details of a supply chain attack targeting the Open VSX Registry in which unidentified threat actors compromised a legitimate developer’s resources to push malicious updates to downstream users.”On January 30, 2026, four established Open VSX extensions published by the oorzc author had malicious versions published to Open VSX that embed the…
-
Startup Amutable plotting Linux security overhaul to counter hacking threats
Tags: attack, backdoor, ceo, cloud, computer, computing, container, cve, cybercrime, data, exploit, fortinet, hacking, infrastructure, kubernetes, linux, microsoft, open-source, skills, software, startup, supply-chain, technology, threat, tool, training, vpn, vulnerabilitysystemd, he has alongside him two other ex-Microsoft employees, Chris Kühl as CEO, and Christian Brauner as CTO.A clue to Amutable’s plans lies in the announcement’s emphasis on some of its founders’ backgrounds in Kubernetes, runc, LXC, Incus, and containerd, all connected in different ways to the Linux container stack. Computing is full of security…
-
NIS2: Lieferketten als Risikofaktor
Tags: awareness, ciso, cloud, compliance, cyberattack, cyersecurity, firewall, incident response, monitoring, nis-2, risk, service, software, supply-chain, updateNIS2 verpflichtet CISOs die Sicherheit der Supply Chain stärker in den Blick zu nehmen. Viele Unternehmen investieren heute erhebliche Mittel, um ihre interne IT abzusichern. Firewalls, Monitoring, Incident-Response-Pläne und Awareness-Programme sind etabliert. Gleichzeitig wächst eine gefährliche Illusion: Die Annahme, dass sich Risiken innerhalb der eigenen Systemgrenzen kontrollieren lassen. Die Realität sieht anders aus. Moderne Geschäftsmodelle…
-
Sophisticated Malware Lurks In Open VSX Extension With 5,066 Downloads
A malicious VS Code extension in the Open VSX registry that masquerades as the popular Angular Language Service. Published two weeks ago, it amassed 5,066 downloads before activating sophisticated malware. The extension bundles legitimate Angular tooling (@angular/language-service 21.1.0-rc.0) and TypeScript 5.9.3. However, it contains malicious code hidden in the extension/index.js file, posing a severe supply-chain…
-
Supply-Chain-Attacke – Geheime Produktpläne von Apple gestohlen
First seen on security-insider.de Jump to article: www.security-insider.de/ransomhub-attacke-interne-infos-von-tech-giganten-gestohlen-a-66d126503a4ee986b73e6ed47a6df423/
-
AV vendor goes to war with security shop over update server scare
eScan lawyers up after Morphisec claimed ‘critical supply-chain compromise’ First seen on theregister.com Jump to article: www.theregister.com/2026/01/29/escan_morphisec_dispute/
-
eScan AV supply chain compromise: Users targeted with malicious updates
The update infrastructure for eScan antivirus, a product of Indian cybersecurity company MicroWorld Technologies, has been compromised by unknown attackers to deliver a … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/01/29/escan-antivirus-update-supply-chain-compromised/
-
eScan Antivirus Update Server Breached to Deliver Malicious Software Updates
MicroWorld Technologies’ eScan antivirus platform fell victim to a sophisticated supply chain attack on January 20, 2026, when threat actors compromised legitimate update infrastructure to distribute multi-stage malware to enterprise and consumer endpoints worldwide. Security researchers immediately alerted the vendor, which isolated the affected infrastructure within one hour and took its global update system offline…
-
QA: Why Cybersecurity Is Now a Core Business Risk, Not Just a Technical Problem
Tags: attack, business, cyber, cybersecurity, data, government, infrastructure, resilience, risk, supply-chain, threatCybersecurity threats are escalating in scale and sophistication, and organisations around the world are scrambling to keep pace with the evolving digital risk landscape. Governments and corporations alike face increasing pressure to strengthen cyber resilience as attacks extend across critical infrastructure, supply chains and data systems with growing frequency. At the forefront of national and…
-
PackageGate bugs let attackers bypass protections in NPM, PNPM, VLT, and Bun
Koi researchers found “PackageGate” flaws in NPM, PNPM, VLT, and Bun that let attackers perform supply chain attacks and run malicious code. Security firm Koi uncovered a set of vulnerabilities collectively tracked as “PackageGate” affecting major JavaScript package managers like NPM, PNPM, VLT, and Bun. These flaws could let attackers bypass supply chain protections and…
-
Fighting The Next Evolution of Email Threats With Layered, AI-Driven Security
For decades, email has been the backbone of corporate communications and for precisely this reason, it remains the attacker’s preferred gateway into organisations. Phishing, Business Email Compromise (BEC), and supply chain attacks continue to increase, with adversaries using AI and compromised accounts to bypass classic protection mechanisms. The rapid evolution of threats presents significant challenges…
-
Overcoming AI fatigue
Tags: access, ai, awareness, business, ciso, cloud, control, data, finance, governance, incident response, jobs, metric, monitoring, privacy, risk, strategy, supply-chain, technology, tool, training, zero-trustbefore it becomes fully entrenched in every corner of the business. It’s a rare opportunity, one we shouldn’t waste. A big part of the confusion comes from the word “AI” itself. We use the same label to talk about a chatbot drafting marketing copy and autonomous agents that generate and implement incident response playbooks. Technically,…
-
eScan Antivirus Supply Chain Breach Delivers Signed Malware
Supply chain breach in eScan antivirus distributes multi-stage malware via legitimate updates First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/escan-antivirus-breach-delivers/
-
eScan Antivirus Supply Chain Breach Delivers Signed Malware
Supply chain breach in eScan antivirus distributes multi-stage malware via legitimate updates First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/escan-antivirus-breach-delivers/
-
CISO’s predictions for 2026
Tags: access, ai, attack, authentication, automation, breach, business, ciso, cloud, control, credentials, cryptography, cyber, cyberattack, cybersecurity, data, data-breach, encryption, endpoint, extortion, finance, governance, government, healthcare, identity, infrastructure, malicious, mobile, mssp, network, password, penetration-testing, ransomware, risk, router, saas, soc, strategy, supply-chain, technology, threat, tool, vulnerability, warfareAI agents to reshape the threat landscape: But those same AI technologies are also changing the threat landscape. Toal points to a recent Anthropic report that documented the first large-scale AI-enabled cyberattack as an early warning sign. “I guarantee attackers will be more focused on using AI agents for what they want than a lot…
-
NDSS 2025 Attributing Open-Source Contributions Is Critical But Difficult
Tags: attack, awareness, conference, cryptography, email, github, Internet, malicious, network, open-source, programming, software, supply-chainSession 9D: Github + OSN Security Authors, Creators & Presenters: Jan-Ulrich Holtgrave (CISPA Helmholtz Center for Information Security), Kay Friedrich (CISPA Helmholtz Center for Information Security), Fabian Fischer (CISPA Helmholtz Center for Information Security), Nicolas Huaman (Leibniz University Hannover), Niklas Busch (CISPA Helmholtz Center for Information Security), Jan H. Klemmer (CISPA Helmholtz Center for Information…
-
NHS Issues Open Letter Demanding Improved Cybersecurity Standards from Suppliers
Open letter by NHS technology leaders outlines plans to identify risks to software supply chain security across health and social care system First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/nhs-open-letter-demands-improved/
-
Malicious PyPI Package Impersonates sympy-dev, Targeting Millions of Users
A dangerous supply-chain attack targeting the Python Package Index (PyPI) that involves a malicious package named sympy-dev impersonating SymPy, one of the world’s most widely used symbolic mathematics libraries. The fraudulent package employs sophisticated typosquatting tactics and multi-stage execution to deliver cryptomining malware while avoiding detection. The malicious sympy-dev package directly copies SymPy’s official project…
-
EU tightens cybersecurity rules for tech supply chains
The European Commission has proposed a new cybersecurity package aimed at strengthening the EU’s cyber resilience, including a revised EU Cybersecurity Act designed to secure … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/01/21/eu-cybersecurity-act-revised/
-
CI/CD Under Attack: What the AWS CodeBuild “CodeBreach” Flaw Reveals About Modern Supply Chain Risk
A recent disclosure revealed a critical flaw in AWS CodeBuild that could allow attackers to abuse CI/CD pipelines and inject malicious code into trusted software builds by exploiting weaknesses in webhook validation, according to WebProNews. Rather than targeting production systems directly, the issue exposed how attackers can compromise software supply chains by manipulating trusted automation.…
-
13 cyber questions to better vet IT vendors and reduce third-party risk
Tags: access, api, attack, authentication, automation, best-practice, breach, business, ceo, ciso, cloud, compliance, control, credentials, credit-card, cyber, cyberattack, cybercrime, cybersecurity, data, detection, endpoint, exploit, extortion, firewall, healthcare, identity, incident response, infrastructure, insurance, international, ISO-27001, jobs, least-privilege, mfa, monitoring, network, nist, password, PCI, penetration-testing, radius, ransomware, risk, saas, sans, security-incident, service, supply-chain, threat, update, vpn, vulnerabilityVital vendor questions CISOs should ask: To gain that critical information, security leaders and experts recommend CSOs ask IT partners the following cyber-specific questions. 1. What attestation will you provide to prove proper security controls are in place? These are essential, says Juan Pablo Perez-Etchegoyen, CTO for cybersecurity and compliance platform Onapsis. Some of the…
-
13 cyber questions to better vet IT vendors and reduce third-party risk
Tags: access, api, attack, authentication, automation, best-practice, breach, business, ceo, ciso, cloud, compliance, control, credentials, credit-card, cyber, cyberattack, cybercrime, cybersecurity, data, detection, endpoint, exploit, extortion, firewall, healthcare, identity, incident response, infrastructure, insurance, international, ISO-27001, jobs, least-privilege, mfa, monitoring, network, nist, password, PCI, penetration-testing, radius, ransomware, risk, saas, sans, security-incident, service, supply-chain, threat, update, vpn, vulnerabilityVital vendor questions CISOs should ask: To gain that critical information, security leaders and experts recommend CSOs ask IT partners the following cyber-specific questions. 1. What attestation will you provide to prove proper security controls are in place? These are essential, says Juan Pablo Perez-Etchegoyen, CTO for cybersecurity and compliance platform Onapsis. Some of the…
-
Europe Readies Law to Eject Chinese Equipment From Telecoms
Revised Cybersecurity Act Would Also Boost ENISA. Countries across the EU could be forced to kick Chinese telecom manufacturers such as Huawei and ZTE out of their critical infrastructure supply chains, under a far-reaching proposal published by the European Commission on Tuesday. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/europe-readies-law-to-eject-chinese-equipment-from-telecoms-a-30566
-
Europe Readies Law to Eject Chinese Equipment From Telecoms
Revised Cybersecurity Act Would Also Boost ENISA. Countries across the EU could be forced to kick Chinese telecom manufacturers such as Huawei and ZTE out of their critical infrastructure supply chains, under a far-reaching proposal published by the European Commission on Tuesday. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/europe-readies-law-to-eject-chinese-equipment-from-telecoms-a-30566
-
AWS Console Supply Chain Flaw Could Have Enabled GitHub Repo Hijacks
Wiz says an AWS CodeBuild flaw could have enabled GitHub repo hijacks, though AWS reports no impact. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/aws-console-supply-chain-flaw-could-have-enabled-github-repo-hijacks/