Threat actors compromised a media company to deliver FakeUpdates malware through the websites of hundreds of newspapers in the US.…
Experts disclosed a flaw in the PHP software package repository Packagist that could have been exploited to carry out supply…
A threat actor used a trojanized installer for the Comm100 Live Chat application to distribute a JavaScript backdoor. Cybersecurity firm…
China-linked threat actors Iron Tiger backdoored a version of the cross-platform messaging app MiMi to infect systems. Trend Micro researchers uncovered a…
Threat actors targeted a large software development company in Ukraine using the GoMet backdoor. Researchers from Cisco Talos discovered an…
The National Institute of Standards and Technology (NIST) has released updated guidance for defending against supply-chain attacks. The National Institute…
Dependency Review GitHub Action scans users' pull requests for dependency changes and will raise an error if any new dependencies…
SonarSource discovered a 15-year-old flaw in the PEAR PHP repository that could have enabled supply chain attacks. Researchers from SonarSource…
The developer behind the popular "node-ipc" NPM package uploaded a destructive version to protest Russia's invasion of Ukraine. RIAEvangelist, the…
Threat actors hacked Russian federal agencies' websites in a supply chain attack involving the compromise of a stats widget. Some…
This website uses cookies.