Supply Chain Security

eScan Antivirus Delivers Malware in Supply Chain Attack

eScan Antivirus Delivers Malware in Supply Chain Attack 2026-01-31 at 17:24 By Ionut Arghire Hackers compromised a MicroWorld Technologies update server and fed a malicious file to eScan customers. The post eScan Antivirus Delivers Malware in Supply Chain Attack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

eScan Antivirus Delivers Malware in Supply Chain Attack Read More »

‘PackageGate’ Flaws Open JavaScript Ecosystem to Supply Chain Attacks

‘PackageGate’ Flaws Open JavaScript Ecosystem to Supply Chain Attacks 2026-01-27 at 15:49 By Ionut Arghire The protections against NPM supply chain attacks could be bypassed, leading to arbitrary code execution. The post ‘PackageGate’ Flaws Open JavaScript Ecosystem to Supply Chain Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

‘PackageGate’ Flaws Open JavaScript Ecosystem to Supply Chain Attacks Read More »

Shai-Hulud Supply Chain Attack Led to $8.5 Million Trust Wallet Heist

Shai-Hulud Supply Chain Attack Led to $8.5 Million Trust Wallet Heist 2025-12-31 at 14:09 By Ionut Arghire The worm exposed Trust Wallet’s Developer GitHub secrets, allowing attackers to publish a backdoor extension and steal funds from 2,520 wallets. The post Shai-Hulud Supply Chain Attack Led to $8.5 Million Trust Wallet Heist appeared first on SecurityWeek.

Shai-Hulud Supply Chain Attack Led to $8.5 Million Trust Wallet Heist Read More »

Infostealer Malware Delivered in EmEditor Supply Chain Attack

Infostealer Malware Delivered in EmEditor Supply Chain Attack 2025-12-29 at 13:40 By Eduard Kovacs The ‘download’ button on the official EmEditor website served a malicious installer. The post Infostealer Malware Delivered in EmEditor Supply Chain Attack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Infostealer Malware Delivered in EmEditor Supply Chain Attack Read More »

From Open Source to OpenAI: The Evolution of Third-Party Risk

From Open Source to OpenAI: The Evolution of Third-Party Risk 2025-12-16 at 20:15 By Nadir Izrael From open source libraries to AI-powered coding assistants, speed-driven development is introducing new third-party risks that threat actors are increasingly exploiting. The post From Open Source to OpenAI: The Evolution of Third-Party Risk appeared first on SecurityWeek. This article

From Open Source to OpenAI: The Evolution of Third-Party Risk Read More »

Chinese APT Uses ‘Airstalk’ Malware in Supply Chain Attacks

Chinese APT Uses ‘Airstalk’ Malware in Supply Chain Attacks 2025-11-03 at 12:28 By Ionut Arghire PowerShell and .NET variants of the malware abuse AirWatch’s MDM API to establish a C&C communication channel. The post Chinese APT Uses ‘Airstalk’ Malware in Supply Chain Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

Chinese APT Uses ‘Airstalk’ Malware in Supply Chain Attacks Read More »

SBOM Pioneer Allan Friedman Joins NetRise to Advance Supply Chain Visibility

SBOM Pioneer Allan Friedman Joins NetRise to Advance Supply Chain Visibility 2025-10-21 at 18:16 By Kevin Townsend NetRise appointed the former CISA Senior Advisor and Strategist as a Strategic Advisor. The post SBOM Pioneer Allan Friedman Joins NetRise to Advance Supply Chain Visibility appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

SBOM Pioneer Allan Friedman Joins NetRise to Advance Supply Chain Visibility Read More »

GitHub Boosting Security in Response to NPM Supply Chain Attacks 

GitHub Boosting Security in Response to NPM Supply Chain Attacks  2025-09-24 at 13:18 By Ionut Arghire GitHub will implement local publishing with mandatory 2FA, granular tokens that expire after seven days, and trusted publishing. The post GitHub Boosting Security in Response to NPM Supply Chain Attacks  appeared first on SecurityWeek. This article is an excerpt

GitHub Boosting Security in Response to NPM Supply Chain Attacks  Read More »

Shai-Hulud Supply Chain Attack: Worm Used to Steal Secrets, 180+ NPM Packages Hit

Shai-Hulud Supply Chain Attack: Worm Used to Steal Secrets, 180+ NPM Packages Hit 2025-09-17 at 16:04 By Ionut Arghire The packages were injected with malicious code to harvest secrets, dump them to a public repository, and make private repositories public. The post Shai-Hulud Supply Chain Attack: Worm Used to Steal Secrets, 180+ NPM Packages Hit

Shai-Hulud Supply Chain Attack: Worm Used to Steal Secrets, 180+ NPM Packages Hit Read More »

Highly Popular NPM Packages Poisoned in New Supply Chain Attack

Highly Popular NPM Packages Poisoned in New Supply Chain Attack 2025-09-10 at 11:45 By Ionut Arghire Designed to intercept cryptocurrency transactions, the malicious code reached 10% of cloud environments. The post Highly Popular NPM Packages Poisoned in New Supply Chain Attack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Highly Popular NPM Packages Poisoned in New Supply Chain Attack Read More »

GitHub Workflows Attack Affects Hundreds of Repos, Thousands of Secrets

GitHub Workflows Attack Affects Hundreds of Repos, Thousands of Secrets 2025-09-08 at 16:20 By Eduard Kovacs A supply chain attack called GhostAction has enabled threat actors to steal secrets and exploit them. The post GitHub Workflows Attack Affects Hundreds of Repos, Thousands of Secrets appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

GitHub Workflows Attack Affects Hundreds of Repos, Thousands of Secrets Read More »

Over 6,700 Private Repositories Made Public in Nx Supply Chain Attack

Over 6,700 Private Repositories Made Public in Nx Supply Chain Attack 2025-09-08 at 13:46 By Ionut Arghire The private repositories of hundreds of organizations were published publicly in the second phase of the Nx supply chain attack. The post Over 6,700 Private Repositories Made Public in Nx Supply Chain Attack appeared first on SecurityWeek. This

Over 6,700 Private Repositories Made Public in Nx Supply Chain Attack Read More »

Hackers Target Popular Nx Build System in First AI-Weaponized Supply Chain Attack

Hackers Target Popular Nx Build System in First AI-Weaponized Supply Chain Attack 2025-08-28 at 13:55 By Ionut Arghire With more than 4 million weekly downloads, the Nx build platform became the first known supply chain breach where hackers weaponized AI assistants for data theft. The post Hackers Target Popular Nx Build System in First AI-Weaponized

Hackers Target Popular Nx Build System in First AI-Weaponized Supply Chain Attack Read More »

CISA Requests Public Feedback on Updated SBOM Guidance

CISA Requests Public Feedback on Updated SBOM Guidance 2025-08-25 at 13:54 By Ionut Arghire CISA has updated the Minimum Elements for a Software Bill of Materials (SBOM) guidance and is seeking public comment. The post CISA Requests Public Feedback on Updated SBOM Guidance appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

CISA Requests Public Feedback on Updated SBOM Guidance Read More »

High-Value NPM Developers Compromised in New Phishing Campaign

High-Value NPM Developers Compromised in New Phishing Campaign 2025-07-24 at 14:22 By Ionut Arghire Hackers have injected malware into popular NPM packages after compromising several developer accounts in a fresh phishing campaign. The post High-Value NPM Developers Compromised in New Phishing Campaign appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

High-Value NPM Developers Compromised in New Phishing Campaign Read More »

React Native Aria Packages Backdoored in Supply Chain Attack

React Native Aria Packages Backdoored in Supply Chain Attack 2025-06-09 at 17:22 By Ionut Arghire A threat actor published backdoored versions of 17 NPM packages from GlueStack in a fresh supply chain attack. The post React Native Aria Packages Backdoored in Supply Chain Attack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React Native Aria Packages Backdoored in Supply Chain Attack Read More »

Ongoing Campaign Uses 60 NPM Packages to Steal Data

Ongoing Campaign Uses 60 NPM Packages to Steal Data 2025-05-27 at 17:17 By Ionut Arghire Security firm Socket warns flags a campaign targeting NPM users with tens of malicious packages that can hijack system information. The post Ongoing Campaign Uses 60 NPM Packages to Steal Data appeared first on SecurityWeek. This article is an excerpt

Ongoing Campaign Uses 60 NPM Packages to Steal Data Read More »

Chinese Hackers Hit Drone Sector in Supply Chain Attacks

Chinese Hackers Hit Drone Sector in Supply Chain Attacks 2025-05-15 at 14:39 By Ionut Arghire The China-linked hacking group Earth Ammit has launched multi-wave attacks in Taiwan and South Korea to disrupt the drone sector. The post Chinese Hackers Hit Drone Sector in Supply Chain Attacks appeared first on SecurityWeek. This article is an excerpt

Chinese Hackers Hit Drone Sector in Supply Chain Attacks Read More »

China’s Secret Weapon? How EV Batteries Could be Weaponized to Disrupt America

China’s Secret Weapon? How EV Batteries Could be Weaponized to Disrupt America 2025-04-29 at 18:02 By Kevin Townsend As Xi Jinping advances his vision for China’s dominance by 2049, cybersecurity experts warn that connected technologies—like EV batteries—may quietly serve as tools of influence, espionage, and disruption. The post China’s Secret Weapon? How EV Batteries Could

China’s Secret Weapon? How EV Batteries Could be Weaponized to Disrupt America Read More »

Chainguard Raises Hefty $356M Series D at $3.5 Billion Valuation

Chainguard Raises Hefty $356M Series D at $3.5 Billion Valuation 2025-04-23 at 17:20 By Ryan Naraine The cash infusion brings Chainguard’s total funding to about $612 million since launching in 2021 and prices the company at $3.5 billion. The post Chainguard Raises Hefty $356M Series D at $3.5 Billion Valuation appeared first on SecurityWeek. This

Chainguard Raises Hefty $356M Series D at $3.5 Billion Valuation Read More »

Scroll to Top