supply chain compromise
Fake npm 2FA reset email led to compromise of popular code packages
Malicious versions of at least 18 widely used npm packages were uploaded to the npm Registry on Monday, following the compromise of their maintainer’s account. …
Salesloft Drift data breach: Investigation reveals how attackers got in
The attack that resulted in the Salesloft Drift data breach started with the compromise of the company’s GitHub account, Salesloft confirmed this weekend. Supply chain …
Cloudflare confirms data breach linked to Salesloft Drift supply chain compromise
Cloudflare has also been affected by the Salesloft Drift breach, the US web infrastructure and security company confirmed on Tuesday, and the attackers got their hands on 104 …
Zscaler, Palo Alto Networks, SpyCloud among the affected by Salesloft Drift breach
In the wake of last week’s revelation of a breach at Salesloft by a group tracked by Google as UNC6395, several companies – including Zscaler, Palo Alto Networks, …
Breaches are up, budgets are too, so why isn’t healthcare safer?
A new report from Resilience outlines a growing cyber crisis in the U.S. healthcare sector, where ransomware attacks, vendor compromise, and human error continue to cause …
Malicious RVTools installer found on official site, researcher warns
The official site for RVTools has apparently been hacked to serve a compromised installer for the popular utility, a security researcher has warned. It’s difficult to …
How Lazarus Group built a cyber espionage empire
Since September 2024, SecurityScorecard’s STRIKE team has been investigating Lazarus Group’s activity, uncovering key details about their infrastructure. Despite …
Solana’s popular web3.js library backdoored in supply chain compromise
A software supply chain attack has lead to the publication of malicious versions of Solana’s web3.js library on the npm registry. Just like the recent Lottie Player …
Lottie Player supply chain compromise: Sites, apps showing crypto scam pop-ups
A supply chain compromise involving Lottie Player, a widely used web component for playing site and app animations, has made popular decentralized finance apps show pop-ups …
The role of compromised cyber-physical devices in modern cyberattacks
Cyber-physical devices are increasingly getting compromised and leveraged by criminal groups and state-sponsored threat actors. Fyodor Yarochkin, Senior Threat Solution …
Ghost: Criminal communication platform compromised, dismantled by international law enforcement
Another encrypted communication platform used by criminals has been dismantled and its alleged mastermind arrested, the Australian Federal Police has announced on Tuesday. …
Chinese hackers compromised an ISP to deliver malicious software updates
APT StormBamboo compromised a undisclosed internet service provider (ISP) to poison DNS queries and thus deliver malware to target organizations, Volexity researchers have …
Featured news
Resources
Don't miss
- Can your earbuds recognize you? Researchers are working on it
- Dependency-Track: Open-source component analysis platform
- DDoS, data theft, and malware are storming the gaming industry
- Microsoft releases urgent fix for actively exploited WSUS vulnerability (CVE-2025-59287)
- Microsoft blocks risky file previews in Windows File Explorer