mitre-t1195
363 articles with this tag
HIGH
HIGH
CRITICAL
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
CRITICAL
HIGH
HIGH
HIGH
HIGH
HIGH
MEDIUM
HIGH
CRITICAL
MEDIUM
HIGH
MEDIUM
MEDIUM
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
CRITICAL
CRITICAL
HIGH
CRITICAL
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
CRITICAL
HIGH
HIGH
MEDIUM
HIGH
HIGH
HIGH
HIGH
CRITICAL
HIGH
HIGH
HIGH
HIGH
HIGH
MEDIUM
HIGH
CRITICAL
CRITICAL
HIGH
MEDIUM
CRITICAL
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
MEDIUM
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
CRITICAL
HIGH
MEDIUM
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
MEDIUM
HIGH
HIGH
HIGH
CRITICAL
HIGH
HIGH
MEDIUM
HIGH
HIGH
HIGH
HIGH
MEDIUM
CRITICAL
HIGH
Typosquatted npm packages used to steal cloud and CI/CD secrets
Preinstall to persistence: Inside the Red Hat npm Miasma credential-stealing campaign
Why supply chain attacks work and what detection can actually do about it
Four coordinated npm supply chain campaigns active in May–June 2026 — TTPs, IOCs, and detection notes
Infected Red Hat npm packages expose developer credentials
Attackers Hijack Red Hat npm Scope to Steal Cloud Secrets
Supply Chain Attack Hits 32 Red Hat NPM Packages
Shai-Hulud malware worms Red Hat npm package versions downloaded 80K times a week
Red Hat npm packages compromised to steal developer credentials
Dozens of Red Hat packages backdoored through its offical NPM channel
Poisoning Claude Code: One GitHub Issue to Break the Supply Chain
OpenAI Codex Authentication Tokens Stolen in codexui-android npm Supply Chain Attack
Containers on fire: from container escapes to supply chain attacks
Malicious npm packages abuse dependency confusion to profile developer environments
Lone attacker published 14 malicious npm packages mimicking popular OpenSearch, Elasticsearch libraries
A practical checklist for evaluating npm packages (supply chain attacks, slopsquatting, etc.)
Typosquatted npm packages used to steal cloud and CI/CD secrets
Supply Chain Compromises Impact Nx Console and GitHub Repositories
Download pumping: New npm deception technique for supply chain attacks
CrowdStrike, Google shatter Glassworm botnet
CrowdStrike, Google Take Down Glassworm Botnet
CrowdStrike disrupts Glassworm botnet that preyed on open-source supply chain
GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure
‘SymJack’ Attack Turns AI Coding Agents Into Supply Chain Attack Delivery Systems
Laravel-Lang Packages Poisoned for Malware Delivery
Over 5,500 GitHub Repositories Infected in ‘Megalodon’ Supply Chain Attack
TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO
Laravel Lang packages hijacked to deploy credential-stealing malware
Laravel Lang Supply Chain Advisory
Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware
Laravel-Lang PHP Packages Compromised to Deliver Cross-Platform Credential Stealer
Megalodon chums the waters in 5.5K+ GitHub repo poisonings
Megalodon GitHub Attack Targets 5,561 Repos with Malicious CI/CD Workflows
A hacker group is poisoning open source code at an unprecedented scale
Grafana Says Codebase and Other Data Stolen via TanStack Supply Chain Attack
Mini Shai-Hulud: Frequently asked questions about the TeamPCP npm and PyPI supply chain campaign
GitHub Breach Traced to Malicious 'Nx Console' VS Code Extension
GitHub internal repositories breached
A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale
GitHub links repo breach to TanStack npm supply-chain attack
GitHub Internal Repositories Breached via Malicious Nx Console VS Code Extension
Mini Shai Hulud: Compromised @antv npm packages enable CI/CD credential theft
Mini Shai-Hulud Hits Hundreds of npm Packages in AntV Ecosystem
The IBM X-Force Index 2026 explains all three in one finding.
Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack
Typosquatting Is No Longer a User Problem. It's a Supply Chain Problem
GitHub Confirms Hack Impacting 3,800 Internal Repositories
The AntV Supply Chain Campaign Expands: Microsoft's `durabletask` PyPI Package Compromised
Grafana GitHub Breach Exposes Source Code via TanStack npm Attack
AntV data visualization tool the latest to be hit by ongoing npm supply chain attacks
Biometrics, diagnoses, and bank details exposed in major healthcare breach
GitHub Actions workflow compromised to steal CI/CD credentials
Microsoft Takes Down Fox Tempest for Providing Ransomware-Enabling Signing Tool
New Shai-Hulud malware wave compromises 600 npm packages
A 6-step guide for responding to the Foxconn ransomware/supply chain incident
Mini Shai-Hulud Hits AntV: 300+ Malicious npm Packages Published via Compromised Maintainer Account
Mini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer Account
GitHub Actions Supply Chain Attack Redirects Tags to Steal CI/CD Credentials
Shai-Hulud Worm Clones Spread After Code Release
TanStack weighs invitation-only pull requests after supply chain attack
Four Malicious npm Packages Deliver Infostealers and Phantom Bot DDoS Malware
First Shai-Hulud Worm Clones Emerge
TeamPCP releases ‘vibe coded’ Shai-Hulud source code, issues challenge
Popular node-ipc npm package compromised to steal credentials
Malicious node-ipc versions published to npm in suspected maintainer account compromise
TanStack Supply Chain Attack Hits Two OpenAI Employee Devices, Forces macOS Updates
OpenAI Hit by TanStack Supply Chain Attack
OpenAI caught in TanStack npm supply chain chaos after employee devices compromised
TeamPCP Ups the Game, Releases Shai-Hulud Worm’s Source Code
TeamPCP hackers advertise Mistral AI code repos for sale
Axios breach shows why software supply chains need zero trust
Hunting the Behavior Behind npm Supply Chain Attacks
Analyzing TeamPCP’s Supply Chain Attacks: Checkmarx KICS and elementary-data in CI/CD Credential Theft
RubyGems pauses new account sign-ups amid major malicious attack
‘Mini Shai-Hulud’ malware compromises hundreds of open-source packages in sprawling supply-chain attack
‘Mini’ Shai-Hulud attack compromises hundreds of npm, PyPI packages
Sophos Endpoint in action: Blocking a novel supply chain attack
Mistral AI SDK, TanStack Router hit in npm software supply chain attack
RubyGems Suspends New Signups After Hundreds of Malicious Packages Are Uploaded
Mini Shai-Hulud Hits TanStack npm Packages
Shai Hulud attack ships signed malicious TanStack, Mistral npm packages
TanStack, Mistral AI, UiPath Hit in Fresh Supply Chain Attack
JDownloader website compromised to distribute malicious installers
Official CheckMarx Jenkins package compromised with infostealer
TeamPCP Compromises Checkmarx Jenkins AST Plugin Weeks After KICS Supply Chain Attack
Checkmarx tackles another TeamPCP intrusion as Jenkins plugin sabotaged
Checkmarx Jenkins AST Plugin Compromised in Supply Chain Attack
Fake OpenAI Privacy Filter Repo Hits #1 on Hugging Face, Draws 244K Downloads
JDownloader site hacked to replace installers with Python RAT malware
Quasar Linux RAT Steals Developer Credentials for Software Supply Chain Compromise
ScarCruft hackers push BirdCall Android malware via game platform
Chinese-linked Salt Typhoon suspected in Italy's Sistemi Informativi breach
Trellix Source Code Repository Breached
Backdoored PyTorch Lightning package drops credential stealer
New software supply chain attack uses sleeper packages for credential theft and CI tampering
Supply chain attack against SAP npm packages facilitates credential theft
Illicit AI-assisted commit-linked npm dependency compromises crypto wallets
Arbitrary code pushed by long concealed backdoor in widely used WordPress redirect add-on
Poisoned Ruby Gems and Go Modules Exploit CI Pipelines for Credential Theft
The Vercel Breach: OAuth Supply Chain Attack Exposes the Hidden Risk in Platform Environment Variables