Help Net Security newsletters: Daily and weekly news, cybersecurity jobs, open source projects, breaking news – subscribe here!

Please turn on your JavaScript for this page to function normally.

supply chain compromise

npm
Fake npm 2FA reset email led to compromise of popular code packages

Malicious versions of at least 18 widely used npm packages were uploaded to the npm Registry on Monday, following the compromise of their maintainer’s account. …

supply chain
Salesloft Drift data breach: Investigation reveals how attackers got in

The attack that resulted in the Salesloft Drift data breach started with the compromise of the company’s GitHub account, Salesloft confirmed this weekend. Supply chain …

Cloudflare
Cloudflare confirms data breach linked to Salesloft Drift supply chain compromise

Cloudflare has also been affected by the Salesloft Drift breach, the US web infrastructure and security company confirmed on Tuesday, and the attackers got their hands on 104 …

breach
Zscaler, Palo Alto Networks, SpyCloud among the affected by Salesloft Drift breach

In the wake of last week’s revelation of a breach at Salesloft by a group tracked by Google as UNC6395, several companies – including Zscaler, Palo Alto Networks, …

healthcare data
Breaches are up, budgets are too, so why isn’t healthcare safer?

A new report from Resilience outlines a growing cyber crisis in the U.S. healthcare sector, where ransomware attacks, vendor compromise, and human error continue to cause …

RVTools
Malicious RVTools installer found on official site, researcher warns

The official site for RVTools has apparently been hacked to serve a compromised installer for the popular utility, a security researcher has warned. It’s difficult to …

North Korea
How Lazarus Group built a cyber espionage empire

Since September 2024, SecurityScorecard’s STRIKE team has been investigating Lazarus Group’s activity, uncovering key details about their infrastructure. Despite …

package
Solana’s popular web3.js library backdoored in supply chain compromise

A software supply chain attack has lead to the publication of malicious versions of Solana’s web3.js library on the npm registry. Just like the recent Lottie Player …

npm
Lottie Player supply chain compromise: Sites, apps showing crypto scam pop-ups

A supply chain compromise involving Lottie Player, a widely used web component for playing site and app animations, has made popular decentralized finance apps show pop-ups …

Fyodor Yarochkin
The role of compromised cyber-physical devices in modern cyberattacks

Cyber-physical devices are increasingly getting compromised and leveraged by criminal groups and state-sponsored threat actors. Fyodor Yarochkin, Senior Threat Solution …

Op Kraken arrest
Ghost: Criminal communication platform compromised, dismantled by international law enforcement

Another encrypted communication platform used by criminals has been dismantled and its alleged mastermind arrested, the Australian Federal Police has announced on Tuesday. …

malware
Chinese hackers compromised an ISP to deliver malicious software updates

APT StormBamboo compromised a undisclosed internet service provider (ISP) to poison DNS queries and thus deliver malware to target organizations, Volexity researchers have …

Don't miss

Cybersecurity news
Daily newsletter sent Monday-Friday
Weekly newsletter sent on Mondays
Editor's choice newsletter sent twice a month
Periodical newsletter released when there is breaking news
Weekly newsletter listing new cybersecurity job positions
Monthly newsletter focusing on open source cybersecurity tools