supply chain attacks
Red Hat npm packages compromised in new Mini Shai-Hulud malware wave
Unknown attackers have compromised 30+ Red Hat Cloud Services npm packages with malware that goes after credentials stored in developers’ build environment. What the …
GitHub, Grafana Labs breaches traced back to TanStack supply chain compromise
GitHub CISO Alexis Wales has named the malicious VS Code extension behind the breach they suffered at the hands of the threat group TeamPCP: Nx Console, a popular developer …
Attackers compromised Daemon Tools software to deliver backdoors
Kaspersky researchers uncovered another supply chain compromise involving a popular Windows tool: Daemon Tools, an app for mounting disk image files as virtual drives that is …
Google expands Android Binary Transparency to counter supply chain attacks
Supply chain attacks on mobile software have grown alongside the expanding role of phones in daily life, from payments to government IDs to AI features. Google is responding …
North Korean hackers trojanize gaming platform to spy on ethnic Koreans in China
A gaming platform built for ethnic Koreans in China has been serving backdoored Windows and Android software to its users since late 2024. The platform, sqgame[.]net, hosts …
North Korean hackers linked to Axios npm supply chain compromise
The software supply chain attack that resulted in the compromise of npm packages of Axios, an extremely popular HTTP client library, is believed to be the work of …
Axios npm packages backdoored in supply chain attack
An unknown attacker has compromised the GitHub and npm accounts of the main developer of Axios, a widely used HTTP client library, and published npm packages backdoored with a …
TeamPCP strikes again: Backdoored Telnyx PyPI package delivers malware
TeamPCP continues is supply chain compromise rampage, with telnyx on PyPI being the latest maliciously modified package. What happened? Telnyx is a widely used software …
LiteLLM PyPI packages compromised in expanding TeamPCP supply chain attacks
A slew of supply chain attacks against popular open source tools and packages appears to have been orchestrated by TeamPCP, a cybercriminal group that rose to prominence in …
Notepad++ secures update channel in wake of supply chain compromise
Notepad++, the popular text and source code editor for Windows whose update mechanism was hijacked last year, has been updated to prevent similar attacks in the future. …
Open-source attacks move through normal development workflows
Software development relies on a steady flow of third-party code, automated updates, and fast release cycles. That environment has made the software supply chain a routine …
UK announces grand plan to secure online public services
The UK has announced a new Government Cyber Action Plan aimed at making online public services more secure and resilient, and has allocated £210 million (approximately $283 …
Featured news
Resources
Don't miss
- Reachability makes AI threat modeling worth the trust
- EU Cybersecurity Act 2.0: When good regulation goes bad
- The rise of machine identities and agentic AI: Securing trust in the next era of digital autonomy
- China-linked spies backdoored authentication stack to stay hidden for years
- AI vulnerability discovery is pushing 2026 CVEs toward 66,000