supply chain attack

CPUID Hacked to Serve Trojanized CPU-Z and HWMonitor Downloads

CPU-Z, CPUID, Featured, Malware, Malware & Threats, STX RAT, supply chain attack, Supply Chain Security, watering hole /

CPUID Hacked to Serve Trojanized CPU-Z and HWMonitor Downloads 2026-04-13 at 15:44 By Eduard Kovacs Download links were replaced by a Russian-speaking threat actor to distribute a recently emerged malware named STX RAT. The post CPUID Hacked to Serve Trojanized CPU-Z and HWMonitor Downloads appeared first on SecurityWeek. This article is an excerpt from SecurityWeek […]

CPUID Hacked to Serve Trojanized CPU-Z and HWMonitor Downloads Read More »

OpenAI Impacted by North Korea-Linked Axios Supply Chain Hack

Artificial Intelligence, Axios, certificate, North Korea, OpenAI, supply chain attack, Supply Chain Security /

OpenAI Impacted by North Korea-Linked Axios Supply Chain Hack 2026-04-13 at 15:44 By Eduard Kovacs The AI giant is taking action after determining that a macOS code signing certificate may have been compromised. The post OpenAI Impacted by North Korea-Linked Axios Supply Chain Hack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

OpenAI Impacted by North Korea-Linked Axios Supply Chain Hack Read More »

Guardarian Users Targeted With Malicious Strapi NPM Packages

Malware & Threats, NPM, Strapi, supply chain attack, Supply Chain Security /

Guardarian Users Targeted With Malicious Strapi NPM Packages 2026-04-06 at 15:32 By Ionut Arghire Hackers published 36 NPM packages posing as Strapi plugins to execute shells, escape containers, and harvest credentials. The post Guardarian Users Targeted With Malicious Strapi NPM Packages appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Guardarian Users Targeted With Malicious Strapi NPM Packages Read More »

North Korean Hackers Target High-Profile Node.js Maintainers

Node.js, North Korea, supply chain attack, Supply Chain Security /

North Korean Hackers Target High-Profile Node.js Maintainers 2026-04-06 at 14:12 By Ionut Arghire The threat actor behind the Axios supply chain attack has been aiming at other maintainers in its social engineering campaign. The post North Korean Hackers Target High-Profile Node.js Maintainers appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

North Korean Hackers Target High-Profile Node.js Maintainers Read More »

European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack

data breach, Data Breaches, EU, European Commission, Featured, supply chain attack, TeamPCP, Trivy /

European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack 2026-04-04 at 13:31 By Ionut Arghire Hackers stole over 300GB of data from the Commission’s AWS environment, including personal information. The post European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack Read More »

Mercor Hit by LiteLLM Supply Chain Attack

AI, data breach, Featured, LiteLLM, Mercor, supply chain attack, Supply Chain Security, TeamPCP /

Mercor Hit by LiteLLM Supply Chain Attack 2026-04-02 at 13:45 By Ionut Arghire The AI recruiting firm is investigating the incident as Lapsus$ claimed the theft of 4TB of Mercor data. The post Mercor Hit by LiteLLM Supply Chain Attack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Mercor Hit by LiteLLM Supply Chain Attack Read More »

Axios NPM Package Breached in North Korean Supply Chain Attack

Application Security, Axios, Featured, North Korea, NPM, supply chain attack, Supply Chain Security /

Axios NPM Package Breached in North Korean Supply Chain Attack 2026-04-01 at 11:46 By Ionut Arghire A long-lived NPM access token was used to bypass the GitHub Actions OIDC-based CI/CD publishing workflow and push backdoored package versions. The post Axios NPM Package Breached in North Korean Supply Chain Attack appeared first on SecurityWeek. This article

Axios NPM Package Breached in North Korean Supply Chain Attack Read More »

TeamPCP Moves From OSS to AWS Environments

Application Security, AWS, cloud security, supply chain attack, TeamPCP /

TeamPCP Moves From OSS to AWS Environments 2026-03-31 at 17:42 By Ionut Arghire After validating stolen credentials using TruffleHog, the hacking group started AWS services enumeration and lateral movement activities. The post TeamPCP Moves From OSS to AWS Environments appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

TeamPCP Moves From OSS to AWS Environments Read More »

Telnyx Targeted in Growing TeamPCP Supply Chain Attack

Malware & Threats, open source, PyPI, supply chain attack, Supply Chain Security, TeamPCP, Telnyx /

Telnyx Targeted in Growing TeamPCP Supply Chain Attack 2026-03-30 at 14:26 By Ionut Arghire Two malicious versions of the popular SDK were uploaded to the PyPI registry, targeting Windows, macOS, and Linux. The post Telnyx Targeted in Growing TeamPCP Supply Chain Attack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

Telnyx Targeted in Growing TeamPCP Supply Chain Attack Read More »

From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI

Application Security, Featured, Lapsus$, Malware & Threats, NPM, OSS, PyPI, supply chain attack, TeamPCP /

From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI 2026-03-25 at 14:00 By Ionut Arghire The hackers compromised GitHub Action tags, then shifted to NPM, Docker Hub, VS Code, and PyPI, and teamed with Lapsus$. The post From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI appeared

From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI Read More »

Aqua’s Trivy Vulnerability Scanner Hit by Supply Chain Attack

Aqua Security, GitHub, open source, supply chain attack, Supply Chain Security, Trivy, vulnerability scanner /

Aqua’s Trivy Vulnerability Scanner Hit by Supply Chain Attack 2026-03-23 at 16:12 By Ionut Arghire Hackers published a malicious scanner release and replaced tags to point to information-stealer malware. The post Aqua’s Trivy Vulnerability Scanner Hit by Supply Chain Attack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Aqua’s Trivy Vulnerability Scanner Hit by Supply Chain Attack Read More »

New ‘Sandworm_Mode’ Supply Chain Attack Hits NPM

Malware & Threats, NPM, Shai-Hulud, supply chain, supply chain attack, worm /

New ‘Sandworm_Mode’ Supply Chain Attack Hits NPM 2026-02-24 at 15:47 By Ionut Arghire The malicious code propagates like a worm, poisons AI assistants, exfiltrates secrets, and contains a destructive dead switch. The post New ‘Sandworm_Mode’ Supply Chain Attack Hits NPM appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

New ‘Sandworm_Mode’ Supply Chain Attack Hits NPM Read More »

Taiwan Security Firm Confirms Flaw Flagged by CISA Likely Exploited by Chinese APTs

China APT, CISA KEV, exploited, Featured, Nation-State, supply chain attack, Taiwan, TeamT5, Vulnerabilities /

Taiwan Security Firm Confirms Flaw Flagged by CISA Likely Exploited by Chinese APTs 2026-02-24 at 14:00 By Eduard Kovacs The vulnerability in TeamT5 ThreatSonar Anti-Ransomware was recently added to CISA’s KEV catalog. The post Taiwan Security Firm Confirms Flaw Flagged by CISA Likely Exploited by Chinese APTs appeared first on SecurityWeek. This article is an

Taiwan Security Firm Confirms Flaw Flagged by CISA Likely Exploited by Chinese APTs Read More »

Notepad++ Supply Chain Hack Conducted by China via Hosting Provider

Featured, Notepad++, supply chain attack, Supply Chain Security /

Notepad++ Supply Chain Hack Conducted by China via Hosting Provider 2026-02-02 at 11:20 By Eduard Kovacs The likely state-sponsored threat actor had access to the hosting provider for months and targeted only certain Notepad++ customers. The post Notepad++ Supply Chain Hack Conducted by China via Hosting Provider appeared first on SecurityWeek. This article is an

Notepad++ Supply Chain Hack Conducted by China via Hosting Provider Read More »

eScan Antivirus Delivers Malware in Supply Chain Attack

antivirus, eScan, Featured, Malware, Malware & Threats, supply chain, supply chain attack, Supply Chain Security /

eScan Antivirus Delivers Malware in Supply Chain Attack 2026-01-31 at 17:24 By Ionut Arghire Hackers compromised a MicroWorld Technologies update server and fed a malicious file to eScan customers. The post eScan Antivirus Delivers Malware in Supply Chain Attack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

eScan Antivirus Delivers Malware in Supply Chain Attack Read More »

‘PackageGate’ Flaws Open JavaScript Ecosystem to Supply Chain Attacks

NPM, supply chain, supply chain attack, Supply Chain Security /

‘PackageGate’ Flaws Open JavaScript Ecosystem to Supply Chain Attacks 2026-01-27 at 15:49 By Ionut Arghire The protections against NPM supply chain attacks could be bypassed, leading to arbitrary code execution. The post ‘PackageGate’ Flaws Open JavaScript Ecosystem to Supply Chain Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

‘PackageGate’ Flaws Open JavaScript Ecosystem to Supply Chain Attacks Read More »

Shai-Hulud Supply Chain Attack Led to $8.5 Million Trust Wallet Heist

Application Security, cryptocurrency heist, Shai-Hulud, supply chain, supply chain attack, Supply Chain Security, Trust Wallet /

Shai-Hulud Supply Chain Attack Led to $8.5 Million Trust Wallet Heist 2025-12-31 at 14:09 By Ionut Arghire The worm exposed Trust Wallet’s Developer GitHub secrets, allowing attackers to publish a backdoor extension and steal funds from 2,520 wallets. The post Shai-Hulud Supply Chain Attack Led to $8.5 Million Trust Wallet Heist appeared first on SecurityWeek.

Shai-Hulud Supply Chain Attack Led to $8.5 Million Trust Wallet Heist Read More »

Infostealer Malware Delivered in EmEditor Supply Chain Attack

EmEditor, infostealer, Malware, Malware & Threats, supply chain attack, Supply Chain Security /

Infostealer Malware Delivered in EmEditor Supply Chain Attack 2025-12-29 at 13:40 By Eduard Kovacs The ‘download’ button on the official EmEditor website served a malicious installer. The post Infostealer Malware Delivered in EmEditor Supply Chain Attack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Infostealer Malware Delivered in EmEditor Supply Chain Attack Read More »

Scroll to Top