supply chain attack

Free Download Manager backdoored to serve Linux malware for more than 3 yearsFree Download Manager backdoored to serve Linux malware for more than 3 years

Free Download Manager backdoored to serve Linux malware for more than 3 years

Researchers discovered a free download manager site that has been compromised to serve Linux malware to users for more than…

2 years ago
Malicious packages in the NPM designed for highly-targeted attacksMalicious packages in the NPM designed for highly-targeted attacks

Malicious packages in the NPM designed for highly-targeted attacks

Researchers discovered a new set of malicious packages on the npm package manager that can exfiltrate sensitive developer data. On…

2 years ago
Experts warn of OSS supply chain attacks against the banking sectorExperts warn of OSS supply chain attacks against the banking sector

Experts warn of OSS supply chain attacks against the banking sector

Checkmark researchers have uncovered the first known targeted OSS supply chain attacks against the banking sector. In the first half of…

2 years ago
PyTorch compromised to demonstrate dependency confusion attack on Python environmentsPyTorch compromised to demonstrate dependency confusion attack on Python environments

PyTorch compromised to demonstrate dependency confusion attack on Python environments

Threat actors compromised the PyTorch Machine Learning Framework by adding a malicious dependency. The maintainers of the PyTorch package warn…

2 years ago
250+ U.S. news sites spotted spreading FakeUpdates malware in a supply-chain attack250+ U.S. news sites spotted spreading FakeUpdates malware in a supply-chain attack

250+ U.S. news sites spotted spreading FakeUpdates malware in a supply-chain attack

Threat actors compromised a media company to deliver FakeUpdates malware through the websites of hundreds of newspapers in the US.…

3 years ago
A flaw in the Packagist PHP repository could have allowed supply chain attacksA flaw in the Packagist PHP repository could have allowed supply chain attacks

A flaw in the Packagist PHP repository could have allowed supply chain attacks

Experts disclosed a flaw in the PHP software package repository Packagist that could have been exploited to carry out supply…

3 years ago
Trojanized Comm100 Live Chat app installer distributed a JavaScript backdoorTrojanized Comm100 Live Chat app installer distributed a JavaScript backdoor

Trojanized Comm100 Live Chat app installer distributed a JavaScript backdoor

A threat actor used a trojanized installer for the Comm100 Live Chat application to distribute a JavaScript backdoor. Cybersecurity firm…

3 years ago
Iron Tiger APT is behind a supply chain attack that employed messaging app MiMiIron Tiger APT is behind a supply chain attack that employed messaging app MiMi

Iron Tiger APT is behind a supply chain attack that employed messaging app MiMi

China-linked threat actors Iron Tiger backdoored a version of the cross-platform messaging app MiMi to infect systems. Trend Micro researchers uncovered a…

3 years ago
Threat actors target software firm in Ukraine using GoMet backdoorThreat actors target software firm in Ukraine using GoMet backdoor

Threat actors target software firm in Ukraine using GoMet backdoor

Threat actors targeted a large software development company in Ukraine using the GoMet backdoor. Researchers from Cisco Talos discovered an…

3 years ago
NIST published updated guidance for supply chain risksNIST published updated guidance for supply chain risks

NIST published updated guidance for supply chain risks

The National Institute of Standards and Technology (NIST) has released updated guidance for defending against supply-chain attacks. The National Institute…

3 years ago
Show more Posts
Show previous Posts