Advertisement
Checkmarx Supply Chain Attack: GitHub Data Exfiltration Confirmed
Checkmarx confirms data exfiltration from its GitHub environment following a malicious code publication. Learn about the TTPs and mitigation strategies.
Lazarus Group's $2B+ Crypto Theft: Defending Against Supply Chain Attacks
An analysis of Lazarus Group's persistent and financially motivated cyber operations, highlighting over $2B in crypto theft and critical supply chain attack risks.
GlassWorm Campaign Leverages Malicious VS Code Extensions
Runtime Rebel details the GlassWorm campaign, which infects developers via malicious Visual Studio Code extensions on Open VSX, facilitating a supply chain attack.
GlassWorm Malware: Cloned Open VSX Extensions Target Developers
Over 70 malicious Open VSX extensions cloned from popular tools deliver GlassWorm malware, highlighting risks in developer-focused supply chain attacks.
GlassWorm Malware Resurfaces via 73 OpenVSX Sleeper Extensions
A new GlassWorm campaign exploits the OpenVSX ecosystem with 73 'sleeper' extensions, posing a significant supply chain threat to developers.
TeamPCP Supply Chain: Checkmarx KICS, Bitwarden CLI, xinference PyPI Attacks
TeamPCP resumes supply chain attacks with new compromises targeting Checkmarx KICS, Bitwarden CLI, and xinference PyPI. UNC6780 credential theft campaign continues.
Checkmarx GitHub Repository Data Leaked Following Supply Chain Attack
Checkmarx confirms internal GitHub repository data was published on the dark web following a March 2026 supply chain incident. Learn the impact and TTPs.
Supply Chain Attack: Bitwarden CLI npm Package Compromised
Analysis of the Bitwarden CLI npm package compromise (version 2023.12.0) leading to developer credential theft and supply chain risk. Includes mitigation.
Compromised Checkmarx KICS: Supply Chain Attack on Developer Environments
A supply chain attack compromised Checkmarx KICS Docker images and extensions, exposing developer environments to sensitive data theft. Learn mitigation.
CPUID Supply Chain Attack: Trojanized CPU-Z Distributes STX RAT
Attackers compromised the CPUID website to distribute malicious versions of CPU-Z and HWMonitor containing the STX RAT during a 24-hour breach window.
Windows Zero-Day, Stryker Breach, & Mac Stealer Malware: Mitigating Diverse Threats
Analysis of a Windows zero-day, cyberattacks on Stryker and Jones Day, a China supercomputer hack, and new Mac stealer malware.
TeamPCP Supply Chain Campaign: Cisco Source Code Stolen, UNC6780 Activity
Analysis of the TeamPCP supply chain campaign, including the theft of Cisco source code and over 1,000 compromised SaaS environments tracked by Google GTIG as UNC6780.