Experts disclosed a flaw in the PHP software package repository Packagist that could have been exploited to carry out supply…
A threat actor used a trojanized installer for the Comm100 Live Chat application to distribute a JavaScript backdoor. Cybersecurity firm…
China-linked threat actors Iron Tiger backdoored a version of the cross-platform messaging app MiMi to infect systems. Trend Micro researchers uncovered a…
Threat actors targeted a large software development company in Ukraine using the GoMet backdoor. Researchers from Cisco Talos discovered an…
The National Institute of Standards and Technology (NIST) has released updated guidance for defending against supply-chain attacks. The National Institute…
Dependency Review GitHub Action scans users' pull requests for dependency changes and will raise an error if any new dependencies…
SonarSource discovered a 15-year-old flaw in the PEAR PHP repository that could have enabled supply chain attacks. Researchers from SonarSource…
The developer behind the popular "node-ipc" NPM package uploaded a destructive version to protest Russia's invasion of Ukraine. RIAEvangelist, the…
Threat actors hacked Russian federal agencies' websites in a supply chain attack involving the compromise of a stats widget. Some…
The U.S. CISA warned of crypto-mining malware hidden in a popular JavaScript NPM library, named UAParser.js, which has millions of weekly downloads.…
This website uses cookies.