Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack The developers of Rspack have revealed that two of their npm packages, @rspack/core and @rspack/cli, were compromised in a software supply chain attack that allowed a malicious actor to publish malicious versions to the official package registry with Read more…
LottieFiles ends crypto wallet-targeting supply chain attack • The Register LottieFiles is overcoming something of a Halloween fright after battling to regain control of a compromised developer account that was used to exploit users’ crypto wallets. Nattu Adnan, co-founder and CTO at LottieFiles – best known for its popular website Read more…
Supply Chain Attacks Can Exploit Entry Points in Python, npm, and Open-Source Ecosystems Cybersecurity researchers have found that entry points could be abused across multiple programming ecosystems like PyPI, npm, Ruby Gems, NuGet, Dart Pub, and Rust Crates to stage software supply chain attacks. “Attackers can leverage these entry points Read more…
Practical Guidance For Securing Your Software Supply Chain The heightened regulatory and legal pressure on software-producing organizations to secure their supply chains and ensure the integrity of their software should come as no surprise. In the last several years, the software supply chain has become an increasingly attractive target for Read more…
Over 110,000 Websites Affected by Hijacked Polyfill Supply Chain Attack Jun 26, 2024NewsroomSupply Chain Attack / Web Security Google has taken steps to block ads for e-commerce sites that use the Polyfill.io service after a Chinese company acquired the domain and modified the JavaScript library (“polyfill.js”) to redirect users to Read more…
New R Programming Vulnerability Exposes Projects to Supply Chain Attacks A security vulnerability has been discovered in the R programming language that could be exploited by a threat actor to create a malicious RDS (R Data Serialization) file such that it results in code execution when loaded and referenced. The flaw, assigned Read more…
Webinar: Learn Proactive Supply Chain Threat Hunting Techniques In the high-stakes world of cybersecurity, the battleground has shifted. Supply chain attacks have emerged as a potent threat, exploiting the intricate web of interconnected systems and third-party dependencies to breach even the most formidable defenses. But what if you could turn Read more…
Hackers Hijack GitHub Accounts in Supply Chain Attack Affecting Top-gg and Others Unidentified adversaries orchestrated a sophisticated attack campaign that has impacted several individual developers as well as the GitHub organization account associated with Top.gg, a Discord bot discovery site. “The threat actors used multiple TTPs in this attack, including Read more…
Chinese State Hackers Target Tibetans with Supply Chain, Watering Hole Attacks The China-linked threat actor known as Evasive Panda orchestrated both watering hole and supply chain attacks targeting Tibetan users at least since September 2023. The end of the attacks is to deliver malicious downloaders for Windows and macOS that deploy a Read more…
New Hugging Face Vulnerability Exposes AI Models to Supply Chain Attacks Cybersecurity researchers have found that it’s possible to compromise the Hugging Face Safetensors conversion service to ultimately hijack the models submitted by users and result in supply chain attacks. “It’s possible to send malicious pull requests with attacker-controlled data Read more…