Advertisement
OpenAI Breach: TanStack Supply Chain Attack Impacts Employee Devices
OpenAI confirms two employee devices compromised in a TanStack supply chain attack affecting npm and PyPI packages, prompting certificate rotation.
Malicious node-ipc Versions Compromise Developer Secrets via Supply Chain
Three versions of the node-ipc npm package (9.1.6, 9.2.3, 12.0.1) contain stealer/backdoor functionality targeting developer secrets. Urgent update advised.
RubyGems Supply Chain Attack: Malicious Packages Target UK Govt
Threat actors leverage malicious RubyGems packages, embedding scrapers that target public-facing UK government servers, utilizing the platform as a data dead drop
Hugging Face Model Supply Chain Vulnerability: Tokenizer Hijacking
Attackers can weaponize Hugging Face AI models by manipulating tokenizer files, leading to model output hijacking and sensitive data exfiltration. Learn how to mitigate
Shai-Hulud Supply Chain Attack: Malicious npm and Mistral Packages
The Shai-Hulud campaign targets developers with over 300 signed npm and PyPI packages impersonating TanStack and Mistral to steal sensitive credentials.
Compromised Checkmarx Jenkins Plugin Spreads Infostealer
Official Checkmarx Jenkins AST plugin version 2023.2.7 was compromised with an infostealer, risking credentials and system data. Immediate uninstallation and credential
Checkmarx Jenkins AST Plugin Compromised in TeamPCP Attack
TeamPCP compromised the Checkmarx Jenkins AST plugin on the Jenkins Marketplace. Defenders must revert to version 2.0.13 to secure CI/CD pipelines.
Fake OpenAI Hugging Face Repository Distributes Infostealer Malware
Attackers leveraged a fraudulent OpenAI repository on Hugging Face to distribute infostealers. Learn to detect and mitigate these AI supply chain threats.
Trellix Source Code Breach: Understanding Supply Chain Risks
A recent breach exposed Trellix source code, raising concerns about potential adversary insights into security product defenses and detection methods, impacting users
DAEMON Tools Supply Chain Attack: Compromised Official Installers
Official DAEMON Tools installers were compromised in a supply chain attack to distribute malware signed with legitimate certificates. Technical analysis and mitigation.
Trellix Source Code Breach: Understanding Potential Supply Chain Risks
A deep dive into the Trellix source code repository breach, analyzing potential supply chain implications, intellectual property risks, and recommended mitigations for
TeamPCP Targets SAP npm Packages: Mini Shai-Hulud Supply Chain Attack
TeamPCP broadens supply chain attacks, compromising npm packages in SAP's cloud development ecosystem with the 'Mini Shai-Hulud' malicious code injection.