Tag: supply-chain
-
Cybercriminal Twins Caught After They Forgot to Turn Off Microsoft Teams Recording
Plus: Instructure’s Canvas ransomware debacle comes to a close, an alleged dark net market kingpin gets arrested, OpenAI workers fall victim to a supply chain attack, and more. First seen on wired.com Jump to article: www.wired.com/story/security-news-this-week-cybercriminal-twins-caught-after-they-forgot-to-turn-off-microsoft-teams-recording/
-
Expired domain leads to supply chain attack on node-ipc npm package
require(‘node-ipc’). The trojanized versions were designed to remain fully functional to avoid immediate detection, which together with other decisions attackers took, such as data exfiltration via DNS TXT, suggest stealthiness was a top priority.Once executed, the malicious code collects information about the host system, including operating system version, hostname, and environment variables. It then starts…
-
OpenAI Warns Mac Users to Update Apps After Supply-Chain Attack
OpenAI says Mac users must update ChatGPT, Codex, and Atlas apps by June 12 after an npm supply-chain attack exposed signing certificates. The post OpenAI Warns Mac Users to Update Apps After Supply-Chain Attack appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-openai-mac-app-update-supply-chain-attack/
-
Popular node-ipc npm package compromised to steal credentials
Hackers have injected credential-stealing malware into newly published versions of node-ipc, a popular inter-process communication package, in a new supply chain attack targeting npm. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/popular-node-ipc-npm-package-compromised-to-steal-credentials/
-
The First AI-Crafted Zero-Day Was Easy to Spot. The Next One May Not Be
Google reported the first confirmed AI-assisted zero-day exploit, raising new concerns about logic flaws, supply chain risk, and containment. The post The First AI-Crafted Zero-Day Was Easy to Spot. The Next One May Not Be appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-google-ai-crafted-zero-day-exploit/
-
mini Shai-Hulud breitet sich weiter aus – Supply Chain Angriff auf SAP CAP durch bösartige npm-Pakete
First seen on security-insider.de Jump to article: www.security-insider.de/mini-shai-hulud-manipulierte-npm-pakete-sap-cap-a-277b157533ce4fe6521d7593683f5f84/
-
EU’s Cyber Resiliency Act will put IT leaders to the test
Tags: access, attack, cio, cyber, cybersecurity, data, encryption, exploit, firewall, Hardware, identity, infrastructure, Internet, kubernetes, law, malicious, mitigation, open-source, password, programming, regulation, risk, risk-assessment, router, sbom, software, supply-chain, tool, update, vpn, vulnerabilityProduct safety: The CRA says digital products have to be secure by design and default, and can’t ship with known vulnerabilities like obvious default passwords that can be exploited. They also must be updatable if such vulnerabilities are found later, as well as minimize their impact by limiting the attack surface and protecting confidentiality and…
-
EU’s Cyber Resiliency Act will put IT leaders to the test
Tags: access, attack, cio, cyber, cybersecurity, data, encryption, exploit, firewall, Hardware, identity, infrastructure, Internet, kubernetes, law, malicious, mitigation, open-source, password, programming, regulation, risk, risk-assessment, router, sbom, software, supply-chain, tool, update, vpn, vulnerabilityProduct safety: The CRA says digital products have to be secure by design and default, and can’t ship with known vulnerabilities like obvious default passwords that can be exploited. They also must be updatable if such vulnerabilities are found later, as well as minimize their impact by limiting the attack surface and protecting confidentiality and…
-
TeamPCP Hackers Exploit CI/CD Pipelines to Steal Cloud Credentials
A financially motivated threat group known as TeamPCP is aggressively targeting modern software supply chains, abusing trusted CI/CD pipelines to steal sensitive developer and cloud credentials at scale. TeamPCP’s core strategy is simple but highly effective: compromise trusted build and release workflows instead of end-user systems. By injecting malicious code into CI/CD pipelines, attackers leverage…
-
Malicious node-ipc npm Packages Trigger New Supply Chain Security Alarm
A fresh supply chain attack targeting the widely used node-ipc npm package has raised new concerns across the JavaScript ecosystem after researchers uncovered multiple malicious releases containing an obfuscated credential stealer and backdoor functionality. Security analysts confirmed that several recently published package tarballs were infected with malware capable of harvesting sensitive data from developer systems and CI environments. First seen on thecyberexpress.com Jump to article:…
-
Popular node-ipc npm Library Hit by Supply Chain Attack, Impacting 822K Weekly Downloads
A widely used npm package with more than 822,000 weekly downloads has once again become the center of a serious supply chain attack, raising fresh concerns across the JavaScript ecosystem. Security researchers at Socket have uncovered multiple malicious versions of the popular node-ipc library containing stealthy credential-stealing malware and backdoor capabilities. The affected versions, node-ipc@9.1.6,…
-
SecurityScorecard Snags Driftnet to Level Up Threat Intelligence
The new acquisition looks to boost visibility into third-party ecosystems that are becoming a bigger concern as vectors for supply-chain attacks. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/securityscorecard-snags-driftnet-to-level-up-threat-intelligence
-
OpenAI asks macOS users to update after TanStack npm supply chain attack
The actions are being taken in light of an expanding supply chain campaign impacting the popular open-source library TanStack and additional npm and PyPI packages tied to several AI companies. First seen on therecord.media Jump to article: therecord.media/openai-asks-macos-users-to-update-tanstack-npm
-
OpenAI confirms security breach in TanStack supply chain attack
OpenAI says two employees’ devices were breached in the recent TanStack supply chain attack that impacted hundreds of npm and PyPI packages, causing the company to rotate code-signing certificates for its applications as a precaution. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/openai-confirms-security-breach-in-tanstack-supply-chain-attack/
-
ThreatsDay Bulletin: PAN-OS RCE, Mythos cURL Bug, AI Tokenizer Attacks, and 10+ Stories
Everything is still on fire.This week feels dumb in the worst way, bad links, weak checks, fake help desks, shady forum posts, and people turning supply chain attacks into some cursed little game for clout and cash. Half of it feels new. Half of it feels like crap we should have fixed years ago.The mess…
-
ThreatsDay Bulletin: PAN-OS RCE, Mythos cURL Bug, AI Tokenizer Attacks, and 10+ Stories
Everything is still on fire.This week feels dumb in the worst way, bad links, weak checks, fake help desks, shady forum posts, and people turning supply chain attacks into some cursed little game for clout and cash. Half of it feels new. Half of it feels like crap we should have fixed years ago.The mess…
-
TeamPCP, BreachForums Launch $1K Supply-Chain Attack Contest
A new cybercrime campaign is turning supply chain attacks into a public competition, as TeamPCP and BreachForums operators launch a $1,000 contest that encourages hackers to compromise open-source packages. The initiative, first highlighted by Dark Web Informer, signals an escalation in how threat actors are gamifying real-world attacks to recruit participants and expand their reach.…
-
170 npm Packages Hijacked to Steal GitHub, AWS Kubernetes Secrets
Hackers have launched a large-scale supply chain attack by compromising more than 170 npm packages and two PyPI libraries, collectively downloaded over 200 million times weekly, to steal sensitive developer and cloud credentials. The malicious npm packages contain a hidden preinstall script that silently executes during installation. This script deploys a loader, which downloads a…
-
Mistral AI SDK, TanStack Router hit in npm software supply chain attack
Tags: ai, api, attack, breach, cloud, credentials, data, data-breach, exploit, github, kubernetes, malicious, malware, network, open-source, password, router, service, software, supply-chain, switch, vulnerabilitypull_request_target. This allows third-party workflows to run automatically, a way of avoiding maintainer approval fatigue, but means that the maintainer’s short-lived OIDC tokens become vulnerable to scraping.Armed with these tokens, the attacker were able to compromise the packages by injecting the malicious Mini Shai-Hulud malware, which propagated to other projects.The purpose is to steal developer…
-
Worm Redux: Fresh Mini Shai-Hulud Infections Bite Supply Chain
Hundreds of npm packages infected by the self-propagating, credential-stealing worm from TeamPCP are related to the open source TanStack ecosystem. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/worm-redux-fresh-mini-shai-hulud-infections-bite-supply-chain
-
RubyGems Suspends New Signups After Hundreds of Malicious Packages Are Uploaded
RubyGems, the standard package manager for the Ruby programming language, has temporarily paused account sign ups following what has been described as a “major malicious attack.””We’re dealing with a major malicious attack on Ruby Gems right now,” Maciej Mensfeld, senior product manager for software supply chain security at Mend.io, said in a post on X.…
-
Webinar: What the Riskiest SOC Alerts Go Unanswered – and How Radiant Security Can Help
Why do the Riskiest SOC Alerts Go Unanswered?Security operations teams are drowning in alerts. But the real problem isn’t always alert volume; it’s the blind spots. The most dangerous alerts are the ones no one is investigating.A recent report from The Hacker News examined why certain high-risk alert categories – WAF, DLP, OT/IoT, dark web…
-
Shai Hulud attack ships signed malicious TanStack, Mistral npm packages
Hundreds of packages across npm and PyPI have been compromised in a new Shai-Hulud supply-chain campaign delivering credential-stealing malware targeting developers. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/shai-hulud-attack-ships-signed-malicious-tanstack-mistral-npm-packages/
-
Developer workstations are the new beachhead
Tags: access, application-security, attack, authentication, cloud, container, control, credentials, edr, endpoint, exploit, github, group, Hardware, identity, incident response, infrastructure, malware, mfa, monitoring, network, software, supply-chain, threat, updateThe economics that drive the convergence: A typical developer workstation holds SSH keys, cloud provider credentials, container registry tokens, Git authentication tokens and CI/CD pipeline secrets. Many developers have administrative access to internal package registries and deployment infrastructure. Their machines often sit outside the hardened perimeter that security teams build around production systems.From an attacker’s…
-
Supply-Chain-Angriff: Hunderte von NPM- und PyPI-Paketen kompromittiert
Die Hackergruppe TeamPCP gräbt sich erneut durch unzählige NPM- und Python-Pakete und verbreitet Schadcode, der vor allem Zugangsdaten sammelt. First seen on golem.de Jump to article: www.golem.de/news/supply-chain-angriff-hunderte-von-npm-und-pypi-paketen-kompromittiert-2605-208562.html
-
Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages
TeamPCP, the threat actor behind the recent supply chain attack spree, has been linked to the compromise of the npm and PyPI packages from TanStack, UiPath, Mistral AI, OpenSearch, and Guardrails AI as part of a fresh Mini Shai-Hulud campaign.The affected npm packages have been modified to include an obfuscated JavaScript file (“router_init.js”) that’s designed…
-
84 npm Packages Linked to TanStack Hit by Supply-Chain Breach
A massive supply chain breach affecting 84 npm packages within the widely used TanStack ecosystem. Malicious actors compromised these packages by injecting a sophisticated credential-stealing tool designed to target continuous integration environments such as GitHub Actions. Packages such as React Router, which sees over 12 million weekly downloads, were modified, posing a severe threat to…