supply chain attack

North Korean Hackers Blamed for Mastra NPM Supply Chain Attack

Mastra, North Korea, NPM, supply chain attack, Supply Chain Security /

North Korean Hackers Blamed for Mastra NPM Supply Chain Attack 2026-06-22 at 14:10 By Ionut Arghire A malicious dependency the attackers added to over 140 Mastra packages fetches a payload targeting cryptocurrency extensions. The post North Korean Hackers Blamed for Mastra NPM Supply Chain Attack appeared first on SecurityWeek. This article is an excerpt from […]

North Korean Hackers Blamed for Mastra NPM Supply Chain Attack Read More »

More Cybersecurity Firms Disclose Impact From Klue Hack

data breach, Data Breaches, Klue, supply chain attack, Supply Chain Security /

More Cybersecurity Firms Disclose Impact From Klue Hack 2026-06-22 at 12:03 By Ionut Arghire HackerOne, Huntress, Jamf, OneTrust, Recorded Future, Snyk, and Tanium are among the affected Klue customers. The post More Cybersecurity Firms Disclose Impact From Klue Hack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

More Cybersecurity Firms Disclose Impact From Klue Hack Read More »

Cybersecurity Firms Impacted by Klue Supply Chain Attack

Huntress, Klue, Recorded Future, security company hacked, supply chain attack, Supply Chain Security /

Cybersecurity Firms Impacted by Klue Supply Chain Attack 2026-06-19 at 12:19 By Ionut Arghire The hackers exfiltrated data from Salesforce instances of Klue customers, such as Huntress and Recorded Future. The post Cybersecurity Firms Impacted by Klue Supply Chain Attack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Cybersecurity Firms Impacted by Klue Supply Chain Attack Read More »

Atomic Arch Supply Chain Attack Hits 1,500 AUR Packages

Arch Linux, AUR, Linux, Malware & Threats, NPM, supply chain attack, Supply Chain Security /

Atomic Arch Supply Chain Attack Hits 1,500 AUR Packages 2026-06-16 at 13:51 By Ionut Arghire Arch Linux suspended account registrations in response to the wave of malicious packages being uploaded to AUR. The post Atomic Arch Supply Chain Attack Hits 1,500 AUR Packages appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

Atomic Arch Supply Chain Attack Hits 1,500 AUR Packages Read More »

Over 100 NPM, PyPI Packages Hit in New Shai-Hulud Supply Chain Attacks

Malware & Threats, NPM, PyPI, Shai-Hulud, supply chain attack, Supply Chain Security /

Over 100 NPM, PyPI Packages Hit in New Shai-Hulud Supply Chain Attacks 2026-06-09 at 15:21 By Ionut Arghire The most recent variants of the self-propagating attacks are named Miasma and Hades. The post Over 100 NPM, PyPI Packages Hit in New Shai-Hulud Supply Chain Attacks appeared first on SecurityWeek. This article is an excerpt from

Over 100 NPM, PyPI Packages Hit in New Shai-Hulud Supply Chain Attacks Read More »

Supply Chain Attack Hits 32 Red Hat NPM Packages

Featured, NPM, Red Hat, supply chain attack, Supply Chain Security /

Supply Chain Attack Hits 32 Red Hat NPM Packages 2026-06-02 at 15:46 By Ionut Arghire Hackers published 96 malicious package versions, injected with a credential-stealing worm similar to Mini Shai-Hulud. The post Supply Chain Attack Hits 32 Red Hat NPM Packages appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Supply Chain Attack Hits 32 Red Hat NPM Packages Read More »

Laravel-Lang Packages Poisoned for Malware Delivery

Laravel, Laravel-Lang, Malware, supply chain attack, Supply Chain Security /

Laravel-Lang Packages Poisoned for Malware Delivery 2026-05-25 at 15:31 By Ionut Arghire Published within a 15-minute window, the malicious tags introduced backdoors to exfiltrate CI secrets. The post Laravel-Lang Packages Poisoned for Malware Delivery appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Laravel-Lang Packages Poisoned for Malware Delivery Read More »

Over 5,500 GitHub Repositories Infected in ‘Megalodon’ Supply Chain Attack

Application Security, Featured, GitHub, Megalodon, supply chain attack, Supply Chain Security /

Over 5,500 GitHub Repositories Infected in ‘Megalodon’ Supply Chain Attack 2026-05-25 at 10:56 By Ionut Arghire Fake automated commits injected GitHub Actions workflows containing payloads to steal credentials, CI secrets, keys, and tokens. The post Over 5,500 GitHub Repositories Infected in ‘Megalodon’ Supply Chain Attack appeared first on SecurityWeek. This article is an excerpt from

Over 5,500 GitHub Repositories Infected in ‘Megalodon’ Supply Chain Attack Read More »

Grafana Says Codebase and Other Data Stolen via TanStack Supply Chain Attack

Data Breaches, Grafana, Mini Shai-Hulud, source code, supply chain attack, Supply Chain Security, TanStack /

Grafana Says Codebase and Other Data Stolen via TanStack Supply Chain Attack 2026-05-22 at 10:53 By Ionut Arghire Hackers accessed Grafana’s GitHub repositories after a token compromised in the TanStack attack was not rotated. The post Grafana Says Codebase and Other Data Stolen via TanStack Supply Chain Attack appeared first on SecurityWeek. This article is

Grafana Says Codebase and Other Data Stolen via TanStack Supply Chain Attack Read More »

Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack

Malware & Threats, Mini Shai-Hulud, supply chain attack, Supply Chain Security, TeamPCP /

Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack 2026-05-20 at 14:21 By Ionut Arghire A compromised maintainer account was used to publish malicious package versions across the @antv namespace. The post Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack appeared first on SecurityWeek. This article is an

Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack Read More »

OpenAI Hit by TanStack Supply Chain Attack

AI, Artificial Intelligence, certificates, OpenAI, supply chain attack, Supply Chain Security, TanStack /

OpenAI Hit by TanStack Supply Chain Attack 2026-05-15 at 14:32 By Ionut Arghire Two employee devices were compromised in the attack, and credential material was stolen from OpenAI code repositories. The post OpenAI Hit by TanStack Supply Chain Attack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

OpenAI Hit by TanStack Supply Chain Attack Read More »

TanStack, Mistral AI, UiPath Hit in Fresh Supply Chain Attack

Featured, Malware & Threats, Mini Shai-Hulud, supply chain attack, Supply Chain Security, TeamPCP /

TanStack, Mistral AI, UiPath Hit in Fresh Supply Chain Attack 2026-05-12 at 13:20 By Ionut Arghire Over 400 malicious versions of 170 packages were published as part of the new Mini Shai-Hulud campaign. The post TanStack, Mistral AI, UiPath Hit in Fresh Supply Chain Attack appeared first on SecurityWeek. This article is an excerpt from

TanStack, Mistral AI, UiPath Hit in Fresh Supply Chain Attack Read More »

Checkmarx Jenkins AST Plugin Compromised in Supply Chain Attack

Checkmarx, Jenkins, supply chain attack, Supply Chain Security, TeamPCP, Trivy /

Checkmarx Jenkins AST Plugin Compromised in Supply Chain Attack 2026-05-11 at 13:57 By Ionut Arghire A malicious version of the plugin was published to the Jenkins Marketplace late last week. The post Checkmarx Jenkins AST Plugin Compromised in Supply Chain Attack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Checkmarx Jenkins AST Plugin Compromised in Supply Chain Attack Read More »

Vendor Says Daemon Tools Supply Chain Attack Contained

Daemon Tools, Malware, Malware & Threats, supply chain attack, Supply Chain Security /

Vendor Says Daemon Tools Supply Chain Attack Contained 2026-05-07 at 17:33 By Ionut Arghire The software developer has identified the impacted systems, removed potentially compromised files, and validated installation packages. The post Vendor Says Daemon Tools Supply Chain Attack Contained appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Vendor Says Daemon Tools Supply Chain Attack Contained Read More »

Government, Scientific Entities Hit via Daemon Tools Supply Chain Attack

Daemon Tools, Malware & Threats, supply chain attack, Supply Chain Security /

Government, Scientific Entities Hit via Daemon Tools Supply Chain Attack 2026-05-06 at 12:03 By Ionut Arghire While trojanized Daemon Tools versions were installed worldwide, a sophisticated backdoor was dropped only on a dozen systems. The post Government, Scientific Entities Hit via Daemon Tools Supply Chain Attack appeared first on SecurityWeek. This article is an excerpt

Government, Scientific Entities Hit via Daemon Tools Supply Chain Attack Read More »

1,800 Hit in Mini Shai-Hulud Attack on SAP, Lightning, Intercom

Intercomp, Lightning, Mini Shai-Hulud, NPM, SAP, Shai-Hulud, supply chain attack, Supply Chain Security /

1,800 Hit in Mini Shai-Hulud Attack on SAP, Lightning, Intercom 2026-05-01 at 10:33 By Ionut Arghire The compromised Lightning and Intercom packages have a combined monthly download count of nearly 10 million. The post 1,800 Hit in Mini Shai-Hulud Attack on SAP, Lightning, Intercom appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

1,800 Hit in Mini Shai-Hulud Attack on SAP, Lightning, Intercom Read More »

SAP NPM Packages Targeted in Supply Chain Attack

Malware & Threats, NPM, SAP, Shai-Hulud, supply chain attack, Supply Chain Security, TeamPCP /

SAP NPM Packages Targeted in Supply Chain Attack 2026-04-30 at 17:35 By Ionut Arghire The Mini Shai-Hulud attack introduced a preinstall hook to fetch and execute a Bun binary and bypass security monitoring. The post SAP NPM Packages Targeted in Supply Chain Attack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

SAP NPM Packages Targeted in Supply Chain Attack Read More »

Critical Gemini CLI Flaw Enabled Host Code Execution, Supply Chain Attacks

AI, Artificial Intelligence, Gemini, Gemini CLI, supply chain attack, vulnerability /

Critical Gemini CLI Flaw Enabled Host Code Execution, Supply Chain Attacks 2026-04-30 at 16:02 By Eduard Kovacs An attacker could have planted a malicious configuration to execute commands outside the sandbox. The post Critical Gemini CLI Flaw Enabled Host Code Execution, Supply Chain Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

Critical Gemini CLI Flaw Enabled Host Code Execution, Supply Chain Attacks Read More »

Checkmarx Confirms Data Stolen in Supply Chain Attack

Checkmarx, data breach, Data Breaches, Lapsus$, supply chain attack, TeamPCP /

Checkmarx Confirms Data Stolen in Supply Chain Attack 2026-04-29 at 14:03 By Ionut Arghire The hackers exfiltrated the data from Checkmarx’s GitHub environment on March 30, a week after publishing malicious code. The post Checkmarx Confirms Data Stolen in Supply Chain Attack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

Checkmarx Confirms Data Stolen in Supply Chain Attack Read More »

Bitwarden NPM Package Hit in Supply Chain Attack

Bitwarden, NPM, Shai-Hulud, supply chain attack, Supply Chain Security, TeamPCP /

Bitwarden NPM Package Hit in Supply Chain Attack 2026-04-24 at 11:27 By Ionut Arghire Tied to a fresh Checkmarx supply chain attack claimed by TeamPCP, the incident references the Shai-Hulud worm. The post Bitwarden NPM Package Hit in Supply Chain Attack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Bitwarden NPM Package Hit in Supply Chain Attack Read More »

Scroll to Top