supply-chain
450 articles with this tag
HIGH
HIGH
INFO
CRITICAL
HIGH
HIGH
HIGH
MEDIUM
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
MEDIUM
CRITICAL
HIGH
HIGH
HIGH
CRITICAL
INFO
MEDIUM
HIGH
HIGH
HIGH
HIGH
CRITICAL
HIGH
HIGH
CRITICAL
CRITICAL
CRITICAL
HIGH
INFO
HIGH
HIGH
HIGH
INFO
HIGH
INFO
HIGH
CRITICAL
HIGH
HIGH
HIGH
MEDIUM
MEDIUM
HIGH
HIGH
CRITICAL
HIGH
HIGH
CRITICAL
HIGH
HIGH
MEDIUM
HIGH
CRITICAL
CRITICAL
CRITICAL
MEDIUM
HIGH
HIGH
HIGH
MEDIUM
HIGH
HIGH
MEDIUM
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
HIGH
INFO
HIGH
INFO
CRITICAL
HIGH
MEDIUM
HIGH
HIGH
HIGH
CRITICAL
HIGH
HIGH
CRITICAL
HIGH
INFO
HIGH
HIGH
HIGH
INFO
HIGH
HIGH
HIGH
INFO
Typosquatted npm packages used to steal cloud and CI/CD secrets
Preinstall to persistence: Inside the Red Hat npm Miasma credential-stealing campaign
Protestware by open source maintainer to hinder agentic coding: The jqwik 1.10.0 Prompt Injection
Why supply chain attacks work and what detection can actually do about it
Attackers Hijack Red Hat npm Scope to Steal Cloud Secrets
Red Hat npm packages compromised in new Mini Shai-Hulud malware wave
Supply Chain Attack Hits 32 Red Hat NPM Packages
NuGet Code Execution As A Service
Shai-Hulud malware worms Red Hat npm package versions downloaded 80K times a week
Red Hat npm packages compromised to steal developer credentials
Miasma supply chain attack: malicious code found in @redhat-cloud-services npm packages
Poisoning Claude Code: One GitHub Issue to Break the Supply Chain
OpenAI Codex Authentication Tokens Stolen in codexui-android npm Supply Chain Attack
Containers on fire: from container escapes to supply chain attacks
Malicious npm packages abuse dependency confusion to profile developer environments
Lone attacker published 14 malicious npm packages mimicking popular OpenSearch, Elasticsearch libraries
A practical checklist for evaluating npm packages (supply chain attacks, slopsquatting, etc.)
CISA adds Daemon Tools, TanStack, and Nx Console compromised versions to KEV catalog
Malicious Sicoob NuGet Steals Banking Credentials as npm Packages Target Cloud Secrets
Typosquatted npm packages used to steal cloud and CI/CD secrets
Mini Shai Hulud: Compromised @antv npm packages enable CI/CD credential theft
Supply Chain Compromises Impact Nx Console and GitHub Repositories
ESB vill neyðarvald yfir örgjörvaframleiðendum
Download pumping: New npm deception technique for supply chain attacks
Malicious npm Package Stole Files From Claude AI User Directory via GitHub
GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure
‘SymJack’ Attack Turns AI Coding Agents Into Supply Chain Attack Delivery Systems
Risky Business #839 -- TeamPCP stole GitHub's internal repos
⚡ Weekly Recap: Linux Flaws, Defender 0-Days, Router Botnets, and Supply Chain Chaos
Over 5,500 GitHub Repositories Infected in ‘Megalodon’ Supply Chain Attack
Laravel Lang Supply Chain Advisory
Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware
Laravel-Lang PHP Packages Compromised to Deliver Cross-Platform Credential Stealer
Megalodon GitHub Attack Targets 5,561 Repos with Malicious CI/CD Workflows
Grafana Says Codebase and Other Data Stolen via TanStack Supply Chain Attack
FCC, Github, MiniShai-hulud, Stated of Supply Chain, Itron, CRA, NIS2, and more!! - PSW #927
Mini Shai-Hulud: Frequently asked questions about the TeamPCP npm and PyPI supply chain campaign
GitHub internal repositories breached
GitHub, Grafana Labs breaches traced back to TanStack supply chain compromise
Socket Raises $60 Million at $1 Billion Valuation
Grafana Labs Says Code Breach Stemmed from TanStack Attack
Supply Chain Security Crisis: Too Many Vulnerabilities, Too Little Visibility
GitHub links repo breach to TanStack npm supply-chain attack
GitHub Internal Repositories Breached via Malicious Nx Console VS Code Extension
Mini Shai Hulud: Compromised @antv npm packages enable CI/CD credential theft
Grafana breach caused by missed token rotation after TanStack attack
Mini Shai-Hulud Hits Hundreds of npm Packages in AntV Ecosystem
GitHub says internal repositories were taken in poisoned VS Code extension attack
The IBM X-Force Index 2026 explains all three in one finding.
GitHub hit by a compromised VSCode extension
Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack
Why some security fixes never reach your vulnerability dashboard
GitHub Confirms Hack Impacting 3,800 Internal Repositories
The AntV Supply Chain Campaign Expands: Microsoft's `durabletask` PyPI Package Compromised
Grafana GitHub Breach Exposes Source Code via TanStack npm Attack
AntV data visualization tool the latest to be hit by ongoing npm supply chain attacks
New Shai-Hulud malware wave compromises 600 npm packages
A 6-step guide for responding to the Foxconn ransomware/supply chain incident
Mini Shai-Hulud Hits AntV: 300+ Malicious npm Packages Published via Compromised Maintainer Account
Compromised Nx Console 18.95.0 Targeted VS Code Developers with Credential Stealer
Mini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer Account
GitHub Actions Supply Chain Attack Redirects Tags to Steal CI/CD Credentials
TanStack Supply Chain Attack (And How to Lock Down GitHub Actions)
First Shai-Hulud Worm Clones Emerge
TeamPCP releases ‘vibe coded’ Shai-Hulud source code, issues challenge
Expired domain leads to supply chain attack on node-ipc npm package
Undermining the trust boundary: Investigating a stealthy intrusion through third-party compromise
Popular node-ipc npm package compromised to steal credentials
Malicious node-ipc versions published to npm in suspected maintainer account compromise
OpenAI caught in TanStack npm supply chain chaos after employee devices compromised
TeamPCP Ups the Game, Releases Shai-Hulud Worm’s Source Code
OpenAI confirms security breach in TanStack supply chain attack
Stealer Backdoor Found in 3 Node-IPC Versions Targeting Developer Secrets
Hunting the Behavior Behind npm Supply Chain Attacks
Analyzing TeamPCP’s Supply Chain Attacks: Checkmarx KICS and elementary-data in CI/CD Credential Theft
Foxconn Attack Highlights Manufacturing's Cyber Crisis
RubyGems pauses new account sign-ups amid major malicious attack
Manifold Security expands supply chain intelligence to cover AI agent servers
Foxconn Confirms North American Factories Hit by Cyberattack
Risky Business #837 -- GitHub Actions footgun claims TanStack
‘Mini Shai-Hulud’ malware compromises hundreds of open-source packages in sprawling supply-chain attack
‘Mini’ Shai-Hulud attack compromises hundreds of npm, PyPI packages
Sophos Endpoint in action: Blocking a novel supply chain attack
Mistral AI SDK, TanStack Router hit in npm software supply chain attack
RubyGems Suspends New Signups After Hundreds of Malicious Packages Are Uploaded
Mini Shai-Hulud Hits TanStack npm Packages
Cache-poisoning caper turns TanStack npm packages toxic
Shai Hulud attack ships signed malicious TanStack, Mistral npm packages
Developer workstations are the new beachhead
cPanel flaw exposes enterprises to hosting supply-chain risks
TanStack, Mistral AI, UiPath Hit in Fresh Supply Chain Attack
Postmortem: TanStack npm supply-chain compromise
TanStack Npm Packages Compromised Inside The Mini Shai Hulud Supply Chain Attack
Official CheckMarx Jenkins package compromised with infostealer
TeamPCP Compromises Checkmarx Jenkins AST Plugin Weeks After KICS Supply Chain Attack
Build Application Firewalls Aim to Stop the Next Supply Chain Attack
Malicious Hugging Face model masquerading as OpenAI release hits 244K downloads
Fake OpenAI Privacy Filter Repo Hits #1 on Hugging Face, Draws 244K Downloads
JDownloader site hacked to replace installers with Python RAT malware
BTS #73 - Uncovering Firmware Risks: From Y2K to Modern Malware