Supply Chain Security

Build Application Firewalls Aim to Stop the Next Supply Chain Attack

Build Application Firewalls Aim to Stop the Next Supply Chain Attack 2026-05-11 at 17:12 By Kevin Townsend Rather than scanning code alone, Build Application Firewalls inspect runtime behavior inside the software build pipeline. The post Build Application Firewalls Aim to Stop the Next Supply Chain Attack appeared first on SecurityWeek. This article is an excerpt […]

Build Application Firewalls Aim to Stop the Next Supply Chain Attack Read More »

Checkmarx Jenkins AST Plugin Compromised in Supply Chain Attack

Checkmarx Jenkins AST Plugin Compromised in Supply Chain Attack 2026-05-11 at 13:57 By Ionut Arghire A malicious version of the plugin was published to the Jenkins Marketplace late last week. The post Checkmarx Jenkins AST Plugin Compromised in Supply Chain Attack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Checkmarx Jenkins AST Plugin Compromised in Supply Chain Attack Read More »

AI Coding Agents Could Fuel Next Supply Chain Crisis

AI Coding Agents Could Fuel Next Supply Chain Crisis 2026-05-07 at 17:33 By Kevin Townsend “TrustFall” attack shows how AI coding agents can be manipulated into launching stealthy supply chain compromises. The post AI Coding Agents Could Fuel Next Supply Chain Crisis appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

AI Coding Agents Could Fuel Next Supply Chain Crisis Read More »

Vendor Says Daemon Tools Supply Chain Attack Contained

Vendor Says Daemon Tools Supply Chain Attack Contained 2026-05-07 at 17:33 By Ionut Arghire The software developer has identified the impacted systems, removed potentially compromised files, and validated installation packages. The post Vendor Says Daemon Tools Supply Chain Attack Contained appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Vendor Says Daemon Tools Supply Chain Attack Contained Read More »

Government, Scientific Entities Hit via Daemon Tools Supply Chain Attack

Government, Scientific Entities Hit via Daemon Tools Supply Chain Attack 2026-05-06 at 12:03 By Ionut Arghire While trojanized Daemon Tools versions were installed worldwide, a sophisticated backdoor was dropped only on a dozen systems. The post Government, Scientific Entities Hit via Daemon Tools Supply Chain Attack appeared first on SecurityWeek. This article is an excerpt

Government, Scientific Entities Hit via Daemon Tools Supply Chain Attack Read More »

1,800 Hit in Mini Shai-Hulud Attack on SAP, Lightning, Intercom

1,800 Hit in Mini Shai-Hulud Attack on SAP, Lightning, Intercom 2026-05-01 at 10:33 By Ionut Arghire The compromised Lightning and Intercom packages have a combined monthly download count of nearly 10 million. The post 1,800 Hit in Mini Shai-Hulud Attack on SAP, Lightning, Intercom appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

1,800 Hit in Mini Shai-Hulud Attack on SAP, Lightning, Intercom Read More »

SAP NPM Packages Targeted in Supply Chain Attack

SAP NPM Packages Targeted in Supply Chain Attack 2026-04-30 at 17:35 By Ionut Arghire The Mini Shai-Hulud attack introduced a preinstall hook to fetch and execute a Bun binary and bypass security monitoring. The post SAP NPM Packages Targeted in Supply Chain Attack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

SAP NPM Packages Targeted in Supply Chain Attack Read More »

Bitwarden NPM Package Hit in Supply Chain Attack

Bitwarden NPM Package Hit in Supply Chain Attack 2026-04-24 at 11:27 By Ionut Arghire Tied to a fresh Checkmarx supply chain attack claimed by TeamPCP, the incident references the Shai-Hulud worm. The post Bitwarden NPM Package Hit in Supply Chain Attack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Bitwarden NPM Package Hit in Supply Chain Attack Read More »

Are SBOMs Failing? Supply Chain Attacks Rise as Security Teams Struggle With SBOM Data

Are SBOMs Failing? Supply Chain Attacks Rise as Security Teams Struggle With SBOM Data 2026-04-22 at 14:47 By Kevin Townsend Researcher says the missing piece is a governance-driven intelligence layer that turns SBOM and VEX data into explainable security decisions. The post Are SBOMs Failing? Supply Chain Attacks Rise as Security Teams Struggle With SBOM

Are SBOMs Failing? Supply Chain Attacks Rise as Security Teams Struggle With SBOM Data Read More »

CPUID Hacked to Serve Trojanized CPU-Z and HWMonitor Downloads

CPUID Hacked to Serve Trojanized CPU-Z and HWMonitor Downloads 2026-04-13 at 15:44 By Eduard Kovacs Download links were replaced by a Russian-speaking threat actor to distribute a recently emerged malware named STX RAT. The post CPUID Hacked to Serve Trojanized CPU-Z and HWMonitor Downloads appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

CPUID Hacked to Serve Trojanized CPU-Z and HWMonitor Downloads Read More »

OpenAI Impacted by North Korea-Linked Axios Supply Chain Hack

OpenAI Impacted by North Korea-Linked Axios Supply Chain Hack 2026-04-13 at 15:44 By Eduard Kovacs The AI giant is taking action after determining that a macOS code signing certificate may have been compromised. The post OpenAI Impacted by North Korea-Linked Axios Supply Chain Hack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

OpenAI Impacted by North Korea-Linked Axios Supply Chain Hack Read More »

Guardarian Users Targeted With Malicious Strapi NPM Packages

Guardarian Users Targeted With Malicious Strapi NPM Packages 2026-04-06 at 15:32 By Ionut Arghire Hackers published 36 NPM packages posing as Strapi plugins to execute shells, escape containers, and harvest credentials. The post Guardarian Users Targeted With Malicious Strapi NPM Packages appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Guardarian Users Targeted With Malicious Strapi NPM Packages Read More »

North Korean Hackers Target High-Profile Node.js Maintainers

North Korean Hackers Target High-Profile Node.js Maintainers 2026-04-06 at 14:12 By Ionut Arghire The threat actor behind the Axios supply chain attack has been aiming at other maintainers in its social engineering campaign. The post North Korean Hackers Target High-Profile Node.js Maintainers appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

North Korean Hackers Target High-Profile Node.js Maintainers Read More »

Mercor Hit by LiteLLM Supply Chain Attack

Mercor Hit by LiteLLM Supply Chain Attack 2026-04-02 at 13:45 By Ionut Arghire The AI recruiting firm is investigating the incident as Lapsus$ claimed the theft of 4TB of Mercor data. The post Mercor Hit by LiteLLM Supply Chain Attack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Mercor Hit by LiteLLM Supply Chain Attack Read More »

Axios NPM Package Breached in North Korean Supply Chain Attack

Axios NPM Package Breached in North Korean Supply Chain Attack 2026-04-01 at 11:46 By Ionut Arghire A long-lived NPM access token was used to bypass the GitHub Actions OIDC-based CI/CD publishing workflow and push backdoored package versions. The post Axios NPM Package Breached in North Korean Supply Chain Attack appeared first on SecurityWeek. This article

Axios NPM Package Breached in North Korean Supply Chain Attack Read More »

Telnyx Targeted in Growing TeamPCP Supply Chain Attack

Telnyx Targeted in Growing TeamPCP Supply Chain Attack 2026-03-30 at 14:26 By Ionut Arghire Two malicious versions of the popular SDK were uploaded to the PyPI registry, targeting Windows, macOS, and Linux. The post Telnyx Targeted in Growing TeamPCP Supply Chain Attack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

Telnyx Targeted in Growing TeamPCP Supply Chain Attack Read More »

Aqua’s Trivy Vulnerability Scanner Hit by Supply Chain Attack

Aqua’s Trivy Vulnerability Scanner Hit by Supply Chain Attack 2026-03-23 at 16:12 By Ionut Arghire Hackers published a malicious scanner release and replaced tags to point to information-stealer malware. The post Aqua’s Trivy Vulnerability Scanner Hit by Supply Chain Attack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Aqua’s Trivy Vulnerability Scanner Hit by Supply Chain Attack Read More »

Virtual Summit Today: Supply Chain & Third-Party Risk Summit

Virtual Summit Today: Supply Chain & Third-Party Risk Summit 2026-03-18 at 17:05 By SecurityWeek News Cyber risk doesn’t stop at your perimeter. Today’s most dangerous threats could be hiding in your software supply chain. The post Virtual Summit Today: Supply Chain & Third-Party Risk Summit appeared first on SecurityWeek. This article is an excerpt from

Virtual Summit Today: Supply Chain & Third-Party Risk Summit Read More »

Open VSX Publisher Account Hijacked in Fresh GlassWorm Attack

Open VSX Publisher Account Hijacked in Fresh GlassWorm Attack 2026-02-02 at 16:18 By Ionut Arghire A hacker published malicious versions of four established VS Code extensions to distribute a GlassWorm malware loader. The post Open VSX Publisher Account Hijacked in Fresh GlassWorm Attack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

Open VSX Publisher Account Hijacked in Fresh GlassWorm Attack Read More »

Notepad++ Supply Chain Hack Conducted by China via Hosting Provider

Notepad++ Supply Chain Hack Conducted by China via Hosting Provider 2026-02-02 at 11:20 By Eduard Kovacs The likely state-sponsored threat actor had access to the hosting provider for months and targeted only certain Notepad++ customers. The post Notepad++ Supply Chain Hack Conducted by China via Hosting Provider appeared first on SecurityWeek. This article is an

Notepad++ Supply Chain Hack Conducted by China via Hosting Provider Read More »

Scroll to Top