Klue breach lead to Salesforce data theft, Huntress affected 2026-06-19 at 15:57 By Zeljka Zorz Cybersecurity vendor Huntress was among multiple companies hit by a breach originating at Klue, a market intelligence platform used to integrate CRM and sales data across various business tools. Huntress published a detailed account of the incident on June 18, […]
Klue breach lead to Salesforce data theft, Huntress affected Read More »
GitHub, Grafana Labs breaches traced back to TanStack supply chain compromise 2026-05-21 at 16:56 By Zeljka Zorz GitHub CISO Alexis Wales has named the malicious VS Code extension behind the breach they suffered at the hands of the threat group TeamPCP: Nx Console, a popular developer tool with 2.2 million installs. A malicious version of
GitHub, Grafana Labs breaches traced back to TanStack supply chain compromise Read More »
TeamPCP breached GitHub’s internal codebase via poisoned VS Code extension 2026-05-20 at 13:47 By Zeljka Zorz Following TeamPCP’s claim that they’ve breached GitHub’s own private code repositories, the Microsoft-owned company launched an investigation and confirmed the compromise. “Our current assessment is that the activity involved exfiltration of GitHub-internal repositories only. The attacker’s current claims of
TeamPCP breached GitHub’s internal codebase via poisoned VS Code extension Read More »
Trivy supply chain attack enabled European Commission cloud breach 2026-04-03 at 09:35 By Zeljka Zorz CERT-EU confirmed that ShinyHunters are behind the recent breach of the cloud infrastructure underpinning websites of the European Commission, and that they stole and subsequently leaked approximately 340 GB of data. “Analysis of the published dataset has so far confirmed
Trivy supply chain attack enabled European Commission cloud breach Read More »
Software supply chain hacks trigger wave of intrusions, data theft 2026-04-02 at 18:58 By Zeljka Zorz After linking the Axios npm supply chain attack to North Korean hackers, Google researchers warned that “hundreds of thousands of stolen secrets could potentially be circulating” as a result of this and the Trivy, KICS, LiteLLM, and Telnyx supply
Software supply chain hacks trigger wave of intrusions, data theft Read More »
North Korean hackers linked to Axios npm supply chain compromise 2026-04-01 at 18:56 By Zeljka Zorz The software supply chain attack that resulted in the compromise of npm packages of Axios, an extremely popular HTTP client library, is believed to be the work of financially-motivated North Korean attackers. Links to UNC1069 On March 31, 2026,
North Korean hackers linked to Axios npm supply chain compromise Read More »
Axios npm packages backdoored in supply chain attack 2026-03-31 at 15:43 By Zeljka Zorz An unknown attacker has compromised the GitHub and npm accounts of the main developer of Axios, a widely used HTTP client library, and published npm packages backdoored with a malicious dependency that triggered the installation of droppers and remote access trojans.
Axios npm packages backdoored in supply chain attack Read More »
TeamPCP’s attack spree slows, but threat escalates with ransomware pivot 2026-03-30 at 18:52 By Zeljka Zorz TeamPCP’s destructive run of supply chain breaches has stopped, for now: it has been three days since the group published malicious versions of Telnyx’s SDK on PyPI, and there haven’t been reports of new open-source project compromises. Partnership with
TeamPCP’s attack spree slows, but threat escalates with ransomware pivot Read More »
TeamPCP strikes again: Backdoored Telnyx PyPI package delivers malware 2026-03-27 at 15:46 By Zeljka Zorz TeamPCP continues is supply chain compromise rampage, with telnyx on PyPI being the latest maliciously modified package. What happened? Telnyx is a widely used software development kit (SDK) for the Telnyx AI Voice Agent service. According to Endor Labs researchers,
TeamPCP strikes again: Backdoored Telnyx PyPI package delivers malware Read More »
CISA sounds alarm on Langflow RCE, Trivy supply chain compromise after rapid exploitation 2026-03-27 at 12:43 By Zeljka Zorz The US Cybersecurity and Infrastructure Security Agency (CISA) has added two new vulnerabilities to its Known Exploited Vulnerabilities catalog: CVE-2026-33017, a recently disclosed code injection vulnerability in Langflow, an open-source framework for building AI agents and
LiteLLM PyPI packages compromised in expanding TeamPCP supply chain attacks 2026-03-25 at 14:01 By Zeljka Zorz A slew of supply chain attacks against popular open source tools and packages appears to have been orchestrated by TeamPCP, a cybercriminal group that rose to prominence in late 2025. The latest victim of the group is BerryAI’s popular
LiteLLM PyPI packages compromised in expanding TeamPCP supply chain attacks Read More »
How state-sponsored attackers hijacked Notepad++ updates 2026-02-02 at 15:38 By Zeljka Zorz Suspected Chinese state-sponsored attackers hijacked the Notepad++ update mechanism by compromising the software project’s shared hosting server and intercepting and redirecting update traffic destined for notepad-plus-plus.org, the software’s maintainer Don Ho confirmed on Monday. The attack timeline In early December 2025, security researcher
How state-sponsored attackers hijacked Notepad++ updates Read More »
eScan AV supply chain compromise: Users targeted with malicious updates 2026-01-29 at 17:29 By Zeljka Zorz The update infrastructure for eScan antivirus, a product of Indian cybersecurity company MicroWorld Technologies, has been compromised by unknown attackers to deliver a persistent downloader to enterprise and consumer endpoints. The supply chain compromise also resulted in the eScan
eScan AV supply chain compromise: Users targeted with malicious updates Read More »
Gainsight breach: Salesforce details attack window, issues investigation guidance 2025-11-26 at 16:30 By Zeljka Zorz The number of Salesforce customers affected by the recent compromise of Gainsight-published applications is yet to be publicly confirmed, but Salesforce released indicators of compromise (IoCs) and simultaneously shed some light on when the attack likely started. The provided list
Gainsight breach: Salesforce details attack window, issues investigation guidance Read More »
Salesforce Gainsight compromise: Early findings and customer guidance 2025-11-21 at 14:16 By Zeljka Zorz In the wake of Salesforce’s announcement about “unusual activity involving Gainsight-published applications” and the company’s revocation of access and refresh tokens associated with them, Gainsight has been doing a good job keeping customers updated on current investigation findings. On the status
Salesforce Gainsight compromise: Early findings and customer guidance Read More »
Salesforce investigates new incident echoing Salesloft Drift compromise 2025-11-20 at 23:14 By Zeljka Zorz In what may be a repeat of the Salesloft Drift supply chain compromise, Salesforce confirmed that they’ve identified unusual activity involving Gainsight-published apps connected to Salesforce. “Our investigation indicates this activity may have enabled unauthorized access to certain customers’ Salesforce data
Salesforce investigates new incident echoing Salesloft Drift compromise Read More »
Fake npm 2FA reset email led to compromise of popular code packages 2025-09-09 at 16:51 By Zeljka Zorz Malicious versions of at least 18 widely used npm packages were uploaded to the npm Registry on Monday, following the compromise of their maintainer’s account. “The packages were updated to contain a piece of code that would
Fake npm 2FA reset email led to compromise of popular code packages Read More »
Salesloft Drift data breach: Investigation reveals how attackers got in 2025-09-08 at 14:33 By Zeljka Zorz The attack that resulted in the Salesloft Drift data breach started with the compromise of the company’s GitHub account, Salesloft confirmed this weekend. Supply chain compromise On August 26, the company publicly revealed that earlier that month, a threat
Salesloft Drift data breach: Investigation reveals how attackers got in Read More »
Cloudflare confirms data breach linked to Salesloft Drift supply chain compromise 2025-09-03 at 16:13 By Zeljka Zorz Cloudflare has also been affected by the Salesloft Drift breach, the US web infrastructure and security company confirmed on Tuesday, and the attackers got their hands on 104 Cloudflare API tokens. “We have identified no suspicious activity associated
Cloudflare confirms data breach linked to Salesloft Drift supply chain compromise Read More »
Breaches are up, budgets are too, so why isn’t healthcare safer? 2025-08-11 at 07:11 By Sinisa Markovic A new report from Resilience outlines a growing cyber crisis in the U.S. healthcare sector, where ransomware attacks, vendor compromise, and human error continue to cause widespread disruption. In 2023, breaches exposed 168 million records, and the first
Breaches are up, budgets are too, so why isn’t healthcare safer? Read More »