#software-supply-chain-attacks

[ follow ]
#npm-package-compromise #pypi-malware #credential-theft #cicd-token-abuse #cicd-security
Information security
fromSecurityWeek
1 day ago

TanStack, Mistral AI, UiPath Hit in Fresh Supply Chain Attack

A coordinated Mini Shai-Hulud supply chain attack compromised 170+ packages, stealing tokens and credentials and spreading via CI publishing of malicious package versions.
Information security
fromSecurityWeek
2 days ago

Build Application Firewalls Aim to Stop the Next Supply Chain Attack

Supply chain attacks repeatedly compromise CI/CD build processes via trusted dependencies, enabling malicious code to enter builds and deliver payloads through automation.
Information security
fromTheregister
7 months ago

Fake Postmark MCP npm package stole emails with one-liner

A malicious npm package impersonating Postmark's MCP secretly BCC'd outgoing emails to an attacker, likely exfiltrating thousands of sensitive messages daily.
[ Load more ]