supply chain attack

Sansec uncovered a supply chain attack via 21 backdoored Magento extensionsSansec uncovered a supply chain attack via 21 backdoored Magento extensions

Sansec uncovered a supply chain attack via 21 backdoored Magento extensions

Supply chain attack via 21 backdoored Magento extensions hit 500–1,000 e-stores, including a $40B multinational. Sansec researchers reported that multiple…

3 weeks ago
The popular xrpl.js Ripple cryptocurrency library was compromised in a supply chain attackThe popular xrpl.js Ripple cryptocurrency library was compromised in a supply chain attack

The popular xrpl.js Ripple cryptocurrency library was compromised in a supply chain attack

The xrpl.js Ripple cryptocurrency library was compromised in a supply chain attack aimed at stealing users' private keys. Threat actors…

1 month ago
Rules File Backdoor: AI Code Editors exploited for silent supply chain attacksRules File Backdoor: AI Code Editors exploited for silent supply chain attacks

Rules File Backdoor: AI Code Editors exploited for silent supply chain attacks

The Rules File Backdoor attack targets AI code editors like GitHub Copilot and Cursor, making them inject malicious code via…

2 months ago
North Korea-linked APT37 exploited IE zero-day in a recent attackNorth Korea-linked APT37 exploited IE zero-day in a recent attack

North Korea-linked APT37 exploited IE zero-day in a recent attack

North Korea-linked group APT37 exploited an Internet Explorer zero-day vulnerability in a supply chain attack. A North Korea-linked threat actor,…

7 months ago
Polyfill.io Supply Chain Attack: 384,773 hosts still embedding a polyfill JS script linking to the malicious domainPolyfill.io Supply Chain Attack: 384,773 hosts still embedding a polyfill JS script linking to the malicious domain

Polyfill.io Supply Chain Attack: 384,773 hosts still embedding a polyfill JS script linking to the malicious domain

Cybersecurity company Censys has identified over 380,000 hosts that are still referencing the malicious polyfill.io domain. Censys reported that over…

11 months ago
Malware-laced JAVS Viewer deploys RustDoor implant in supply chain attackMalware-laced JAVS Viewer deploys RustDoor implant in supply chain attack

Malware-laced JAVS Viewer deploys RustDoor implant in supply chain attack

Malicious actors compromised the JAVS Viewer installer to deliver the RustDoor malware in a supply chain attack. Rapid7 researchers warned…

1 year ago
A supply chain attack on crypto hardware wallet Ledger led to the theft of $600KA supply chain attack on crypto hardware wallet Ledger led to the theft of $600K

A supply chain attack on crypto hardware wallet Ledger led to the theft of $600K

A supply chain attack against Crypto hardware wallet maker Ledger resulted in the theft of $600,000 in virtual assets. Threat actors…

1 year ago
North Korea-linked APT Lazarus is using a MagicLine4NX zero-day flaw in supply chain attackNorth Korea-linked APT Lazarus is using a MagicLine4NX zero-day flaw in supply chain attack

North Korea-linked APT Lazarus is using a MagicLine4NX zero-day flaw in supply chain attack

UK and South Korea agencies warn that North Korea-linked APT Lazarus is using a MagicLine4NX zero-day flaw in supply-chain attack…

2 years ago
North Korea-linked APT Diamond Sleet supply chain attack relies on CyberLink softwareNorth Korea-linked APT Diamond Sleet supply chain attack relies on CyberLink software

North Korea-linked APT Diamond Sleet supply chain attack relies on CyberLink software

North Korea-linked APT group Diamond Sleet is distributing a trojanized version of the CyberLink software in a supply chain attack.…

2 years ago
Ukrainian hackers are behind the Free Download Manager supply chain attackUkrainian hackers are behind the Free Download Manager supply chain attack

Ukrainian hackers are behind the Free Download Manager supply chain attack

The recently discovered Free Download Manager (FDM) supply chain attack, which distributed Linux malware, started back in 2020. The maintainers…

2 years ago