Supply Chain Security

North Korean Hackers Blamed for Mastra NPM Supply Chain Attack

Mastra, North Korea, NPM, supply chain attack, Supply Chain Security /

North Korean Hackers Blamed for Mastra NPM Supply Chain Attack 2026-06-22 at 14:10 By Ionut Arghire A malicious dependency the attackers added to over 140 Mastra packages fetches a payload targeting cryptocurrency extensions. The post North Korean Hackers Blamed for Mastra NPM Supply Chain Attack appeared first on SecurityWeek. This article is an excerpt from […]

North Korean Hackers Blamed for Mastra NPM Supply Chain Attack Read More »

More Cybersecurity Firms Disclose Impact From Klue Hack

data breach, Data Breaches, Klue, supply chain attack, Supply Chain Security /

More Cybersecurity Firms Disclose Impact From Klue Hack 2026-06-22 at 12:03 By Ionut Arghire HackerOne, Huntress, Jamf, OneTrust, Recorded Future, Snyk, and Tanium are among the affected Klue customers. The post More Cybersecurity Firms Disclose Impact From Klue Hack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

More Cybersecurity Firms Disclose Impact From Klue Hack Read More »

Cybersecurity Firms Impacted by Klue Supply Chain Attack

Huntress, Klue, Recorded Future, security company hacked, supply chain attack, Supply Chain Security /

Cybersecurity Firms Impacted by Klue Supply Chain Attack 2026-06-19 at 12:19 By Ionut Arghire The hackers exfiltrated data from Salesforce instances of Klue customers, such as Huntress and Recorded Future. The post Cybersecurity Firms Impacted by Klue Supply Chain Attack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Cybersecurity Firms Impacted by Klue Supply Chain Attack Read More »

Atomic Arch Supply Chain Attack Hits 1,500 AUR Packages

Arch Linux, AUR, Linux, Malware & Threats, NPM, supply chain attack, Supply Chain Security /

Atomic Arch Supply Chain Attack Hits 1,500 AUR Packages 2026-06-16 at 13:51 By Ionut Arghire Arch Linux suspended account registrations in response to the wave of malicious packages being uploaded to AUR. The post Atomic Arch Supply Chain Attack Hits 1,500 AUR Packages appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

Atomic Arch Supply Chain Attack Hits 1,500 AUR Packages Read More »

NPM 12 Will Change Script Execution Behavior to Prevent Supply Chain Attacks

GitHub, NPM, supply chain, Supply Chain Security /

NPM 12 Will Change Script Execution Behavior to Prevent Supply Chain Attacks 2026-06-13 at 18:52 By Ionut Arghire By default, npm install will no longer execute scripts from dependencies, unless explicitly allowed. The post NPM 12 Will Change Script Execution Behavior to Prevent Supply Chain Attacks appeared first on SecurityWeek. This article is an excerpt

NPM 12 Will Change Script Execution Behavior to Prevent Supply Chain Attacks Read More »

Over 100 NPM, PyPI Packages Hit in New Shai-Hulud Supply Chain Attacks

Malware & Threats, NPM, PyPI, Shai-Hulud, supply chain attack, Supply Chain Security /

Over 100 NPM, PyPI Packages Hit in New Shai-Hulud Supply Chain Attacks 2026-06-09 at 15:21 By Ionut Arghire The most recent variants of the self-propagating attacks are named Miasma and Hades. The post Over 100 NPM, PyPI Packages Hit in New Shai-Hulud Supply Chain Attacks appeared first on SecurityWeek. This article is an excerpt from

Over 100 NPM, PyPI Packages Hit in New Shai-Hulud Supply Chain Attacks Read More »

OWASP Incubator Project Helps Developers Find and Fix Vulnerable Dependencies in Seconds

Supply Chain Security, Vulnerabilities /

OWASP Incubator Project Helps Developers Find and Fix Vulnerable Dependencies in Seconds 2026-06-05 at 19:37 By Kevin Townsend CVE Lite CLI is a free, open-source command line tool that scans your projects in seconds and tells you exactly which included packages contain a vulnerability. The post OWASP Incubator Project Helps Developers Find and Fix Vulnerable

OWASP Incubator Project Helps Developers Find and Fix Vulnerable Dependencies in Seconds Read More »

Supply Chain Attack Hits 32 Red Hat NPM Packages

Featured, NPM, Red Hat, supply chain attack, Supply Chain Security /

Supply Chain Attack Hits 32 Red Hat NPM Packages 2026-06-02 at 15:46 By Ionut Arghire Hackers published 96 malicious package versions, injected with a credential-stealing worm similar to Mini Shai-Hulud. The post Supply Chain Attack Hits 32 Red Hat NPM Packages appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Supply Chain Attack Hits 32 Red Hat NPM Packages Read More »

Laravel-Lang Packages Poisoned for Malware Delivery

Laravel, Laravel-Lang, Malware, supply chain attack, Supply Chain Security /

Laravel-Lang Packages Poisoned for Malware Delivery 2026-05-25 at 15:31 By Ionut Arghire Published within a 15-minute window, the malicious tags introduced backdoors to exfiltrate CI secrets. The post Laravel-Lang Packages Poisoned for Malware Delivery appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Laravel-Lang Packages Poisoned for Malware Delivery Read More »

Over 5,500 GitHub Repositories Infected in ‘Megalodon’ Supply Chain Attack

Application Security, Featured, GitHub, Megalodon, supply chain attack, Supply Chain Security /

Over 5,500 GitHub Repositories Infected in ‘Megalodon’ Supply Chain Attack 2026-05-25 at 10:56 By Ionut Arghire Fake automated commits injected GitHub Actions workflows containing payloads to steal credentials, CI secrets, keys, and tokens. The post Over 5,500 GitHub Repositories Infected in ‘Megalodon’ Supply Chain Attack appeared first on SecurityWeek. This article is an excerpt from

Over 5,500 GitHub Repositories Infected in ‘Megalodon’ Supply Chain Attack Read More »

Grafana Says Codebase and Other Data Stolen via TanStack Supply Chain Attack

Data Breaches, Grafana, Mini Shai-Hulud, source code, supply chain attack, Supply Chain Security, TanStack /

Grafana Says Codebase and Other Data Stolen via TanStack Supply Chain Attack 2026-05-22 at 10:53 By Ionut Arghire Hackers accessed Grafana’s GitHub repositories after a token compromised in the TanStack attack was not rotated. The post Grafana Says Codebase and Other Data Stolen via TanStack Supply Chain Attack appeared first on SecurityWeek. This article is

Grafana Says Codebase and Other Data Stolen via TanStack Supply Chain Attack Read More »

Socket Raises $60 Million at $1 Billion Valuation

Cybersecurity Funding, funding, Socket, supply chain, Supply Chain Security /

Socket Raises $60 Million at $1 Billion Valuation 2026-05-21 at 13:50 By Ionut Arghire The company will invest in its firewall, certified patches, protection extensions, new products, and team expansion. The post Socket Raises $60 Million at $1 Billion Valuation appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Socket Raises $60 Million at $1 Billion Valuation Read More »

Supply Chain Security Crisis: Too Many Vulnerabilities, Too Little Visibility

Black Kite, report, supply chain, Supply Chain Security, Vulnerabilities, vulnerability /

Supply Chain Security Crisis: Too Many Vulnerabilities, Too Little Visibility 2026-05-21 at 11:40 By Kevin Townsend New vulnerabilities are being discovered too fast, the time-to-exploitation is too short, and our visibility into them is largely lacking. The post Supply Chain Security Crisis: Too Many Vulnerabilities, Too Little Visibility appeared first on SecurityWeek. This article is

Supply Chain Security Crisis: Too Many Vulnerabilities, Too Little Visibility Read More »

Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack

Malware & Threats, Mini Shai-Hulud, supply chain attack, Supply Chain Security, TeamPCP /

Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack 2026-05-20 at 14:21 By Ionut Arghire A compromised maintainer account was used to publish malicious package versions across the @antv namespace. The post Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack appeared first on SecurityWeek. This article is an

Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack Read More »

OpenAI Hit by TanStack Supply Chain Attack

AI, Artificial Intelligence, certificates, OpenAI, supply chain attack, Supply Chain Security, TanStack /

OpenAI Hit by TanStack Supply Chain Attack 2026-05-15 at 14:32 By Ionut Arghire Two employee devices were compromised in the attack, and credential material was stolen from OpenAI code repositories. The post OpenAI Hit by TanStack Supply Chain Attack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

OpenAI Hit by TanStack Supply Chain Attack Read More »

TeamPCP Ups the Game, Releases Shai-Hulud Worm’s Source Code

Malware, Malware & Threats, Shai-Hulud, source code, Supply Chain Security, TeamPCP, worm /

TeamPCP Ups the Game, Releases Shai-Hulud Worm’s Source Code 2026-05-15 at 14:32 By Ionut Arghire The hacking group is encouraging miscreants to use the code in supply chain attacks, promising monetary rewards. The post TeamPCP Ups the Game, Releases Shai-Hulud Worm’s Source Code appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

TeamPCP Ups the Game, Releases Shai-Hulud Worm’s Source Code Read More »

TanStack, Mistral AI, UiPath Hit in Fresh Supply Chain Attack

Featured, Malware & Threats, Mini Shai-Hulud, supply chain attack, Supply Chain Security, TeamPCP /

TanStack, Mistral AI, UiPath Hit in Fresh Supply Chain Attack 2026-05-12 at 13:20 By Ionut Arghire Over 400 malicious versions of 170 packages were published as part of the new Mini Shai-Hulud campaign. The post TanStack, Mistral AI, UiPath Hit in Fresh Supply Chain Attack appeared first on SecurityWeek. This article is an excerpt from

TanStack, Mistral AI, UiPath Hit in Fresh Supply Chain Attack Read More »

Build Application Firewalls Aim to Stop the Next Supply Chain Attack

supply chain, Supply Chain Security, Vulnerabilities /

Build Application Firewalls Aim to Stop the Next Supply Chain Attack 2026-05-11 at 17:12 By Kevin Townsend Rather than scanning code alone, Build Application Firewalls inspect runtime behavior inside the software build pipeline. The post Build Application Firewalls Aim to Stop the Next Supply Chain Attack appeared first on SecurityWeek. This article is an excerpt

Build Application Firewalls Aim to Stop the Next Supply Chain Attack Read More »

Checkmarx Jenkins AST Plugin Compromised in Supply Chain Attack

Checkmarx, Jenkins, supply chain attack, Supply Chain Security, TeamPCP, Trivy /

Checkmarx Jenkins AST Plugin Compromised in Supply Chain Attack 2026-05-11 at 13:57 By Ionut Arghire A malicious version of the plugin was published to the Jenkins Marketplace late last week. The post Checkmarx Jenkins AST Plugin Compromised in Supply Chain Attack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Checkmarx Jenkins AST Plugin Compromised in Supply Chain Attack Read More »

AI Coding Agents Could Fuel Next Supply Chain Crisis

Artificial Intelligence, Claude Code, Featured, supply chain, Supply Chain Security /

AI Coding Agents Could Fuel Next Supply Chain Crisis 2026-05-07 at 17:33 By Kevin Townsend “TrustFall” attack shows how AI coding agents can be manipulated into launching stealthy supply chain compromises. The post AI Coding Agents Could Fuel Next Supply Chain Crisis appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

AI Coding Agents Could Fuel Next Supply Chain Crisis Read More »

Scroll to Top