Tag: supply-chain
-
5 steps to strengthen supply chain security and improve cyber resilience
Tags: access, api, attack, authentication, automation, backup, breach, business, cloud, control, credentials, cyber, data, defense, detection, dns, edr, email, endpoint, exploit, framework, governance, identity, infrastructure, mfa, monitoring, msp, network, radius, resilience, risk, saas, service, siem, soc, software, strategy, supply-chain, threat, tool, update, vulnerability, zero-trustAll software vendors and SaaS platformsOpen”‘source components embedded in your applicationsMSP or IT service providersCloud infrastructure and authentication servicesAPI integrations and automation workflowsOnce documented, classify each supplier by the impact they would have if compromised. A remote monitoring tool or authentication platform represents far greater risk than a basic productivity app. This prioritization helps you…
-
AI, DevSecOps, and the Future of Application Security: The Gartner® Report
<div cla Even as organizations recognize the importance of application security, most still struggle to operationalize it at scale. That gap becomes harder to ignore as development accelerates, AI becomes embedded in workflows, and software supply chains grow more complex. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/ai-devsecops-and-the-future-of-application-security-the-gartner-report/
-
Hackergruppe Nickel Alley täuscht IT-Experten mit gefälschten Jobs
Die nordkoreanische Hackergruppe Nickel Alley setzt ihre perfiden ‘Contagious Interview”-Kampagnen fort: Mit gefälschten LinkedIn-Unternehmensprofilen, fingierten Jobangeboten und manipulierten Github-Repositorien lockt sie gezielt Softwareentwickler in die Falle. Das Ziel: Die Installation des gefährlichen <> einem Remote-Access-Trojaner, der nicht nur Kryptowährungen stiehlt, sondern auch den Weg für Industriespionage und Supply-Chain-Angriffe ebnet. Die Masche: Fake-Jobs, […] First seen…
-
Supply chain security is now a board-level issue: Here’s what CSOs need to know
Tags: access, android, attack, automation, best-practice, compliance, cybersecurity, edr, encryption, firewall, firmware, flaw, infrastructure, linux, mitigation, regulation, risk, sbom, software, supply-chain, switch, threat, tool, update, vulnerability, windows, zero-dayThe hidden complexity that drowns security teams: SBOMs are no longer used solely to track software licensing; they are key to managing supply chain security as they enable the identification and tracking of vulnerabilities across ecosystems.Finding a problem is just the start, you need to determine if the vulnerability affects your implementation. For example, if…
-
AppsFlyer SDK Exploited in New Supply Chain Crypto Attack
Between March 9 and March 11, 2026, attackers had a 48-hour window inside one of the most widely embedded JavaScript libraries on the internet. The… First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/appsflyer-sdk-exploited-in-new-supply-chain-crypto-attack/
-
AI-Assisted Supply Chain Attack Targets GitHub
PRT-scan is the second in recent months where a threat actor appears to have leveraged AI for automated targeting of a widespread GitHub misconfiguration. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/ai-assisted-supply-chain-attack-targets-github
-
How LiteLLM Turned Developer Machines Into Credential Vaults for Attackers
The most active piece of enterprise infrastructure in the company is the developer workstation. That laptop is where credentials are created, tested, cached, copied, and reused across services, bots, build tools, and now local AI agents.In March 2026, the TeamPCP threat actor proved just how valuable developer machines are. Their supply chain attack on First…
-
6th April Threat Intelligence Report
The European Commission, the European Union’s executive body, has confirmed a data breach after its Europa.eu platform was compromised through a third-party exchange linked to the Trivy supply chain attack. The incident […] First seen on research.checkpoint.com Jump to article: research.checkpoint.com/2026/6th-march-threat-intelligence-report-2/
-
Chat With Your Data: Introducing AI Assistant for Web Supply Chain Defense
There’s a gap in how security teams work today. The alerts exist. The risk signals exist. The data exists. But turning that data into a… First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/chat-with-your-data-introducing-ai-assistant-for-web-supply-chain-defense/
-
6 ways attackers abuse AI services to hack your business
Tags: ai, api, attack, backdoor, breach, business, ceo, china, control, cve, cyber, cybercrime, cybersecurity, data, email, espionage, exploit, framework, group, hacking, injection, leak, LLM, malicious, malware, marketplace, microsoft, monitoring, open-source, openai, service, skills, software, startup, supply-chain, threat, tool, vulnerabilityAbusing AI platforms as covert C2 channels: Cybercriminals are also abusing AI platforms as covert command-and-control (C2) channels by turning AI services into proxies that hide malicious traffic inside the flow of legitimate content.Instead of running a dedicated C2 server, malware is programmed to fetch commands and exfiltrate data through AI services, circumventing traditional security…
-
36 Malicious Strapi npm Packages Deliver Redis RCE, Persistent C2 Malware
Tags: attack, control, credentials, cyber, malicious, malware, rce, remote-code-execution, spam, supply-chainA coordinated supply chain attack has been uncovered involving 36 malicious npm packages masquerading as Strapi CMS plugins, delivering a range of payloads including Redis remote code execution (RCE), credential harvesting, and persistent command-and-control (C2) malware. The campaign was carried out using four sock-puppet npm accounts umarbek1233, kekylf12, tikeqemif26, and umar_bektembiev1. Unlike typical npm spam…
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 91
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Infiniti Stealer: a new macOS infostealer using ClickFix and Python/Nuitka Converging Interests: Analysis of Threat Clusters Targeting a Southeast Asian Government RoadK1ll: A WebSocket Based Pivoting Implant axios Compromised: npm Supply Chain Attack via Dependency Injection…
-
Week in review: Axios npm supply chain compromise, critical FortiClient EMS bugs exploited
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Financial groups lay out a plan to fight AI identity attacks Generative AI … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/05/week-in-review-axios-npm-supply-chain-compromise-critical-forticlient-ems-bug-exploited/
-
Supply Chain Malware Alert: plainjs Compromises Axios Packages
First seen on resecurity.com Jump to article: www.resecurity.com/blog/article/supply-chain-malware-alert-plain-crypto-js-compromises-axios-packages
-
Hackers Are Posting the Claude Code Leak With Bonus Malware
Plus: The FBI says a recent hack of its wiretap tools poses a national security risk, attackers stole Cisco source code as part of an ongoing supply chain hacking spree, and more. First seen on wired.com Jump to article: www.wired.com/story/security-news-this-week-hackers-are-posting-the-claude-code-leak-with-bonus-malware/
-
Supply Chain Attacks Surge in March 2026
Tags: access, ai, api, attack, authentication, awareness, cloud, container, control, corporate, credentials, crypto, data-breach, github, group, hacking, identity, infrastructure, Internet, kubernetes, least-privilege, linux, LLM, macOS, malicious, malware, mfa, network, north-korea, open-source, openai, phishing, pypi, software, startup, supply-chain, threat, tool, update, vulnerability, windowsIntroductionThere was a significant increase in software supply chain attacks in March 2026. There were five major software supply-chain attacks that occurred including the Axios NPM package compromise, which has been attributed to a North Korean threat actor. In addition, a hacking group known as TeamPCP was able to compromise Trivy (a vulnerability scanner), KICS…
-
Supply-Chain-Angriff auf Python-Paket Telnyx
Sicherheitsforscher von JFrog haben eine Kompromittierung der Python-Bibliothek Telnyx aufgedeckt. Die Angreifer versteckten ihren Payload in WAV-Dateien. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/supply-chain-python-paket-telnyx
-
Mercor Breach Linked to LiteLLM Supply-Chain Attack
AI Dependency Attack Reportedly Exposes Data and Source Code. A LiteLLM supply-chain compromise enabled attackers to harvest credentials and access internal environments at scale at Mercor. The firm was the first to confirm a LiteLLM breach, and researchers are warning about growing AI system exposure and limited visibility. First seen on govinfosecurity.com Jump to article:…
-
CERT-EU blames Trivy supply chain attack for Europa.eu data breach
Tags: access, ai, attack, breach, cisco, data, data-breach, extortion, group, network, ransom, ransomware, saas, supply-chainExtortion boost: The origins and deeper motives of TeamPCP, which emerged in late 2025, remain unclear. The leaking of stolen data suggests it might be styling itself as a sort of initial access broker which sells data and network access on to the highest bidder.However, the fact that stolen data was handed to a major…
-
CERT-EU blames Trivy supply chain attack for Europa.eu data breach
Tags: access, ai, attack, breach, cisco, data, data-breach, extortion, group, network, ransom, ransomware, saas, supply-chainExtortion boost: The origins and deeper motives of TeamPCP, which emerged in late 2025, remain unclear. The leaking of stolen data suggests it might be styling itself as a sort of initial access broker which sells data and network access on to the highest bidder.However, the fact that stolen data was handed to a major…
-
Do not get high(jacked) off your own supply (chain)
In the span of just a few weeks, we have observed a dizzying array of major supply chain attacks. Prominent examples include the malicious modification of Axios, a popular HTTP client library for JavaScript, as well as cascading compromises from TeamPCP, a “chaos-as-a-service” group that injected malicious code First seen on blog.talosintelligence.com Jump to article:…
-
Axios NPM supply chain incident
Tags: supply-chainOverview of the recent Axios NPM supply chain incident including details of the payloads delivered from actor-controlled infrastructure. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/axois-npm-supply-chain-incident/
-
Blast Radius of TeamPCP Attacks Expands Amid Hacker Infighting
As organizations disclose breaches tied to TeamPCP’s supply chain attacks, ShinyHunters and Lapsus$ are getting involved, taking credit, and creating a murky situation for enterprises. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/teampcp-attacks-hacker-infighting
-
AI Firm Mercor Confirms Breach as Hackers Claim 4TB of Stolen Data
AI firm Mercor confirms a breach linked to a LiteLLM supply chain attack, as hackers claim to have stolen 4TB of sensitive data and internal systems. First seen on hackread.com Jump to article: hackread.com/ai-firm-mercor-breach-hackers-4tb-data/
-
High-Severity Vulnerabilities, Supply Chain Breaches, and AI Threats Redefine Cybersecurity This Week
Weekly summary of Cybersecurity Insider newsletters First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/weekly-roundup/high-severity-vulnerabilities-supply-chain-breaches-and-ai-threats-redefine-cybersecurity-this-week/
-
Claude Source Code Leak Highlights Big Supply Chain Missteps
Or, why the software supply chain should be treated as critical infrastructure with guardrails built in at every layer. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/source-code-leaks-highlight-lack-supply-chain-oversight
-
Chainguard Unveils Factory 2.0 to Automate Hardening the Software Supply Chain
The rebuilt Chainguard platform adds deeper security designed to continuously reconcile open-source artifacts across containers, libraries, Actions and skills. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/chainguard-factory-automate-hardening-software-supply-chain
-
Chainguard Unveils Factory 2.0 to Automate Hardening the Software Supply Chain
The rebuilt Chainguard platform adds deeper security designed to continuously reconcile open-source artifacts across containers, libraries, Actions and skills. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/chainguard-factory-automate-hardening-software-supply-chain
-
Source Code Leaks Highlight Lack of Supply Chain Oversight
Or, why the software supply chain should be treated as critical infrastructure with guardrails built in at every layer. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/source-code-leaks-highlight-lack-supply-chain-oversight