Advertisement
Red Hat npm Supply Chain Compromise: Miasma Steals Dev Credentials
Over 30 Red Hat npm packages under @redhat-cloud-services were compromised in a supply chain attack distributing Miasma malware to steal developer credentials.
Miasma Supply Chain Attack: Defending Red Hat npm Environments
Analysis of the Miasma supply chain attack targeting Red Hat npm packages with credential-stealing worms. Technical details and mitigation guide for SOC teams.
Shai-Hulud Campaign: TeamPCP Targets Open-Source Supply Chain
Analysis of the Shai-Hulud campaign by TeamPCP, detailing their open-source supply chain attacks, TTPs, and critical mitigation strategies.
TeamPCP Supply Chain Attack Targets Microsoft SDKs and GitHub
TeamPCP expands its supply chain campaign to trojanize official Microsoft Python SDKs and infiltrate GitHub, requiring immediate dependency audits.
Megalodon Supply Chain Attack Infects 5,500+ GitHub Repositories
Attackers used automated commits to inject malicious GitHub Actions workflows into 5,500+ repositories, targeting CI/CD secrets and sensitive tokens.
Packagist Supply Chain Attack: 8 Packages Deliver Linux Malware
Security researchers identified a supply chain attack on Packagist involving eight infected packages that deploy Linux malware via GitHub Releases URLs.
Grafana Breach After TanStack Attack: Token Rotation Failure
Grafana suffered a data breach due to a GitHub workflow token not rotated after the TanStack npm supply-chain attack, impacting user data. Learn the details.
GitHub Repository Breach: 3,800 Repos Accessed via VS Code Extension
GitHub confirms a security incident where a malicious VS Code extension compromised an employee account, leading to the unauthorized access of 3,800 repos.
Nx Console 18.95.0 Compromise: VS Code Extension Credential Stealer
Security researchers have identified a compromised version of the Nx Console VS Code extension (18.95.0) containing a malicious credential stealer.
TeamPCP Jenkins Plugin Compromise and Mini Shai-Hulud Worm Analysis
TeamPCP escalates its supply chain campaign with a confirmed Jenkins plugin compromise and a self-spreading worm targeting the npm and PyPI ecosystems.
OpenAI Employee Devices Targeted in TanStack Supply Chain Attack
OpenAI reports compromise of two employee macOS devices via the TanStack supply chain attack. Learn how to detect and mitigate the Mini Shai-Hulud threat.
_Futuristic_overlay_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale)
SecurityScorecard Acquires Driftnet: Boosting Supply Chain Threat Intelligence
SecurityScorecard's acquisition of Driftnet aims to enhance third-party ecosystem visibility, strengthening defenses against supply chain attack vectors.