#supply-chain-attack

[ follow ]
#phishing
more#phishing
#cybersecurity
Software development
fromInfoQ
3 months ago

Google Go Module Mirror Served Backdoor for 3+ Years

Research uncovered a major supply chain attack in the Go ecosystem involving a backdoored package.
The attack exploited caching in the Go Module Proxy, emphasizing security vulnerabilities in module management.
DevOps
fromTheregister
4 months ago

Separate supply chain attack tied to 23K pwned GitHub repos

The GitHub supply chain attack was likely initiated through a compromised GitHub Action, reviewdog/action-setup, leading to extensive data breaches.
Information security
fromThe Hacker News
1 month ago

DragonForce Exploits SimpleHelp Flaws to Deploy Ransomware Across Customer Endpoints

DragonForce ransomware exploited vulnerabilities in a Managed Service Provider's SimpleHelp tool for data exfiltration and ransomware deployment.
E-Commerce
fromArs Technica
2 months ago

Hundreds of e-commerce sites hacked in supply-chain attack

A supply-chain attack compromised hundreds of e-commerce sites, allowing malware to steal payment information from visitors.
Malware that had been dormant for six years is now actively stealing sensitive data from e-commerce customers.
Software development
fromInfoQ
3 months ago

Google Go Module Mirror Served Backdoor for 3+ Years

Research uncovered a major supply chain attack in the Go ecosystem involving a backdoored package.
The attack exploited caching in the Go Module Proxy, emphasizing security vulnerabilities in module management.
DevOps
fromTheregister
4 months ago

Separate supply chain attack tied to 23K pwned GitHub repos

The GitHub supply chain attack was likely initiated through a compromised GitHub Action, reviewdog/action-setup, leading to extensive data breaches.
Information security
fromThe Hacker News
1 month ago

DragonForce Exploits SimpleHelp Flaws to Deploy Ransomware Across Customer Endpoints

DragonForce ransomware exploited vulnerabilities in a Managed Service Provider's SimpleHelp tool for data exfiltration and ransomware deployment.
E-Commerce
fromArs Technica
2 months ago

Hundreds of e-commerce sites hacked in supply-chain attack

A supply-chain attack compromised hundreds of e-commerce sites, allowing malware to steal payment information from visitors.
Malware that had been dormant for six years is now actively stealing sensitive data from e-commerce customers.
more#cybersecurity
Node JS
fromThe Hacker News
3 months ago

Ripple's xrpl.js npm Package Backdoored to Steal Private Keys in Major Supply Chain Attack

XRPL.js, a popular JavaScript library, was compromised in a supply chain attack aimed at harvesting users' private keys.
DevOps
fromInfoQ
3 months ago

Compromised GitHub Action Highlights Risks in CI/CD Supply Chains

A popular GitHub Action was compromised, exposing critical security weaknesses in the CI/CD pipeline of open-source Actions.
fromTheregister
7 months ago

OpenWrt supply chain attack scare prompts urgent upgrades

"Due to the combination of the command injection in the 'openwrt/imagebuilder' image and the truncated SHA-256 hash included in the build request hash, an attacker can pollute the legitimate image by providing a package list that causes the hash collision."
Information security
[ Load more ]