supply chain attacks

GitHub, Grafana Labs breaches traced back to TanStack supply chain compromise

Don't miss, GitHub, Grafana, Hot stuff, News, open source, supply chain attacks, supply chain compromise /

GitHub, Grafana Labs breaches traced back to TanStack supply chain compromise 2026-05-21 at 16:56 By Zeljka Zorz GitHub CISO Alexis Wales has named the malicious VS Code extension behind the breach they suffered at the hands of the threat group TeamPCP: Nx Console, a popular developer tool with 2.2 million installs. A malicious version of […]

GitHub, Grafana Labs breaches traced back to TanStack supply chain compromise Read More »

North Korean hackers trojanize gaming platform to spy on ethnic Koreans in China

attack, cybercrime, ESET, Malware, News, North Korea, online gaming, supply chain attacks, threats /

North Korean hackers trojanize gaming platform to spy on ethnic Koreans in China 2026-05-05 at 13:21 By Sinisa Markovic A gaming platform built for ethnic Koreans in China has been serving backdoored Windows and Android software to its users since late 2024. The platform, sqgame[.]net, hosts traditional card and board games for a community that

North Korean hackers trojanize gaming platform to spy on ethnic Koreans in China Read More »

North Korean hackers linked to Axios npm supply chain compromise

Arctic Wolf Networks, backdoor, cybercrime, Don't miss, Google Cloud, Hot stuff, Mandiant, News, North Korea, supply chain attacks, supply chain compromise /

North Korean hackers linked to Axios npm supply chain compromise 2026-04-01 at 18:56 By Zeljka Zorz The software supply chain attack that resulted in the compromise of npm packages of Axios, an extremely popular HTTP client library, is believed to be the work of financially-motivated North Korean attackers. Links to UNC1069 On March 31, 2026,

North Korean hackers linked to Axios npm supply chain compromise Read More »

Axios npm packages backdoored in supply chain attack

Don't miss, Hot stuff, JavaScript, News, Step Security, supply chain attacks, supply chain compromise, Wiz /

Axios npm packages backdoored in supply chain attack 2026-03-31 at 15:43 By Zeljka Zorz An unknown attacker has compromised the GitHub and npm accounts of the main developer of Axios, a widely used HTTP client library, and published npm packages backdoored with a malicious dependency that triggered the installation of droppers and remote access trojans.

Axios npm packages backdoored in supply chain attack Read More »

TeamPCP strikes again: Backdoored Telnyx PyPI package delivers malware

Aikido Security, Don't miss, Endor Labs, Hot stuff, Linux, macOS, Malware, News, open source, PyPI, SafeDep, supply chain attacks, supply chain compromise, Windows /

TeamPCP strikes again: Backdoored Telnyx PyPI package delivers malware 2026-03-27 at 15:46 By Zeljka Zorz TeamPCP continues is supply chain compromise rampage, with telnyx on PyPI being the latest maliciously modified package. What happened? Telnyx is a widely used software development kit (SDK) for the Telnyx AI Voice Agent service. According to Endor Labs researchers,

TeamPCP strikes again: Backdoored Telnyx PyPI package delivers malware Read More »

LiteLLM PyPI packages compromised in expanding TeamPCP supply chain attacks

Aikido Security, Aqua Security, Checkmarx, Don't miss, Hot stuff, Malware, News, open source, PyPI, Sonatype, supply chain attacks, supply chain compromise, Wiz /

LiteLLM PyPI packages compromised in expanding TeamPCP supply chain attacks 2026-03-25 at 14:01 By Zeljka Zorz A slew of supply chain attacks against popular open source tools and packages appears to have been orchestrated by TeamPCP, a cybercriminal group that rose to prominence in late 2025. The latest victim of the group is BerryAI’s popular

LiteLLM PyPI packages compromised in expanding TeamPCP supply chain attacks Read More »

Open-source attacks move through normal development workflows

attacks, Don't miss, News, open source, report, ReversingLabs, supply chain, supply chain attacks, vulnerability management /

Open-source attacks move through normal development workflows 2026-02-03 at 08:18 By Anamarija Pogorelec Software development relies on a steady flow of third-party code, automated updates, and fast release cycles. That environment has made the software supply chain a routine point of entry for attackers, with malicious activity blending into normal build and deployment processes. A

Open-source attacks move through normal development workflows Read More »

UK announces grand plan to secure online public services

Don't miss, Government, Hot stuff, News, Orange Cyberdefense, Proofpoint, public sector, supply chain attacks, UK /

UK announces grand plan to secure online public services 2026-01-07 at 15:32 By Zeljka Zorz The UK has announced a new Government Cyber Action Plan aimed at making online public services more secure and resilient, and has allocated £210 million (approximately $283 million) to implement it. Setting up a Government Cyber Unit “Cyber attacks can

UK announces grand plan to secure online public services Read More »

Shadow AI is breaking corporate security from within

Artificial Intelligence, Compliance, cybersecurity, IO, News, report, supply chain attacks, third party compromise /

Shadow AI is breaking corporate security from within 2025-09-18 at 08:26 By Anamarija Pogorelec Cybersecurity leaders know the attack surface has been growing for years, but the latest State of Information Security Report 2025 from IO shows how fast new risks are converging. Drawing on responses from more than 3,000 security professionals in the UK

Shadow AI is breaking corporate security from within Read More »

Self-replicating worm hits 180+ npm packages in (largely) automated supply chain attack

Aikido Security, Don't miss, Hot stuff, JavaScript, News, Node.js, open source, ReversingLabs, StepSecurity, supply chain attacks, Wiz, worms /

Self-replicating worm hits 180+ npm packages in (largely) automated supply chain attack 2025-09-17 at 01:18 By Zeljka Zorz A potentially monumental supply chain attack is underway, thanks to a self-replicating worm-like payload that has been compromising packages published on the npm Registry. The worm has been dubbed “Shai-hulud” as it steals credentials from victims who

Self-replicating worm hits 180+ npm packages in (largely) automated supply chain attack Read More »

Breaches are up, budgets are too, so why isn’t healthcare safer?

cyber resilience, cyber risk, cybersecurity, healthcare, News, report, resilience, security ROI, supply chain attacks, supply chain compromise /

Breaches are up, budgets are too, so why isn’t healthcare safer? 2025-08-11 at 07:11 By Sinisa Markovic A new report from Resilience outlines a growing cyber crisis in the U.S. healthcare sector, where ransomware attacks, vendor compromise, and human error continue to cause widespread disruption. In 2023, breaches exposed 168 million records, and the first

Breaches are up, budgets are too, so why isn’t healthcare safer? Read More »

CoinMarketCap, Cointelegraph compromised to serve pop-ups to drain crypto wallets

Blockaid, C/side, Cryptocurrency, Don't miss, Hot stuff, JavaScript, News, supply chain attacks /

CoinMarketCap, Cointelegraph compromised to serve pop-ups to drain crypto wallets 2025-06-23 at 16:38 By Zeljka Zorz The CoinMarketCap and CoinTelegraph websites have been compromised over the weekend to serve clever phishing pop-ups to visitors, asking them to verify/connect their crypto wallets. The CoinMarketCap compromise CoinMarketCap (aka CMC) is a website popular with crypto investors as

CoinMarketCap, Cointelegraph compromised to serve pop-ups to drain crypto wallets Read More »

What is a supply chain attack in crypto and how to prevent it?

supply chain attacks /

What is a supply chain attack in crypto and how to prevent it? 2025-06-11 at 18:02 By Cointelegraph by Dilip Kumar Patairya Supply chain attacks in crypto exploit trusted dependencies, emerging as a major threat to crypto projects, which now have to stay vigilant on such threats. This article is an excerpt from Cointelegraph.com News

What is a supply chain attack in crypto and how to prevent it? Read More »

Securing the invisible: Supply chain security trends

CISO, cybersecurity, Don't miss, Eclypsium, i-confidential, News, supply chain attacks, zero trust /

Securing the invisible: Supply chain security trends 2025-04-30 at 07:34 By Anamarija Pogorelec Adversaries are infiltrating upstream software, hardware, and vendor relationships to quietly compromise downstream targets. Whether it’s a malicious update injected into a CI/CD pipeline, a rogue dependency hidden in open-source code, or tampered hardware components, these attacks bypass traditional defenses by weaponizing

Securing the invisible: Supply chain security trends Read More »

Top 5 threats keeping CISOs up at night in 2025

Artificial Intelligence, CISO, cybersecurity, Don't miss, Hot stuff, News, Ransomware, regulation, strategy, supply chain attacks, threats, tips /

Top 5 threats keeping CISOs up at night in 2025 2025-03-14 at 08:05 By Help Net Security Cyber threats in 2025 require a proactive, adaptive approach. To stay ahead, CISOs must balance technical defenses, regulatory expectations, and human factors. By prioritizing AI-driven security, ransomware resilience, supply chain risk management, insider threat mitigation, and compliance preparedness,

Top 5 threats keeping CISOs up at night in 2025 Read More »

Malicious ML models found on Hugging Face Hub

Artificial Intelligence, Don't miss, Hot stuff, Hugging Face, JFrog, machine learning, News, ReversingLabs, software development, supply chain attacks /

Malicious ML models found on Hugging Face Hub 2025-02-10 at 15:52 By Zeljka Zorz Researchers have spotted two machine learning (ML) models containing malicious code on Hugging Face Hub, the popular online repository for datasets and pre-trained models. Once one of them is downloaded and executed on the developer’s machine, the malicious payload checks if

Malicious ML models found on Hugging Face Hub Read More »

Middle East Cybersecurity in 2024: From Zero-Day Exploits to Supply Chain Attacks 

Cyble Blogs, exploit, Middle East, Middle East Cybersecurity, supply chain attacks /

Middle East Cybersecurity in 2024: From Zero-Day Exploits to Supply Chain Attacks  2024-11-19 at 15:49 By Cyble Overview  In 2024, the Middle East faces an escalating wave of cyberattacks amid its rapid digital transformation, with zero-day exploits and advanced attack techniques targeting critical infrastructure, government entities, and supply chains. Cybercriminals are increasingly exploiting vulnerabilities like

Middle East Cybersecurity in 2024: From Zero-Day Exploits to Supply Chain Attacks  Read More »

Observations from Black Hat USA 2024, BSidesLV, and DEF CON 32

Artificial Intelligence, conferences, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, IoT, Microsoft, News, opinion, Privacy, SANS, Signal, software development, SonicWall, supply chain attacks /

Observations from Black Hat USA 2024, BSidesLV, and DEF CON 32 2024-08-16 at 12:46 By Help Net Security I recently spent six days in Las Vegas attending DEF CON, BsidesLV, and Black Hat USA 2024, where I had the opportunity to engage with and learn from some of the top security experts in the world.

Observations from Black Hat USA 2024, BSidesLV, and DEF CON 32 Read More »

Key metrics for monitoring and improving ZTNA implementations

Artificial Intelligence, cybersecurity, Don't miss, Features, Hot stuff, human error, News, opinion, policy, strategy, supply chain attacks, Wilson Perumal & Company, zero trust /

Key metrics for monitoring and improving ZTNA implementations 2024-08-13 at 07:01 By Mirko Zorz In this Help Net Security interview, Dean Hamilton, CTO at Wilson Perumal & Company, discusses the complexities of zero trust network access (ZTNA) implementation, focusing on balancing security with operational efficiency. Hamilton highlights strategic planning, collaboration between IT and business leaders,

Key metrics for monitoring and improving ZTNA implementations Read More »

New open-source project takeover attacks spotted, stymied

backdoor, CISA, Don't miss, Endor Labs, Hot stuff, News, O'Reilly, open source, OpenJS Foundation, OpenSSF, social engineering, supply chain attacks, tips /

New open-source project takeover attacks spotted, stymied 2024-04-16 at 16:16 By Zeljka Zorz The OpenJS Foundation has headed off a “credible takeover attempt” similar to the one that resulted in a backdoor getting included in the open-source XZ Utils package by someone who called themselves “Jia Tan”. This malicious maintainer achieved that coveted position after

New open-source project takeover attacks spotted, stymied Read More »

Scroll to Top