Advertisement
Magecart Skimmer Hides in Pixel-Sized SVG on Magento Stores
A sophisticated Magecart campaign targets nearly 100 Magento stores, concealing credit card-stealing JavaScript within tiny, pixel-sized SVG images.
North Korean Hackers Distribute 1,700 Malicious Packages via npm and PyPI
North Korean threat actors expand the Contagious Interview campaign, deploying 1,700 malicious packages across npm, PyPI, Go, and Rust ecosystems.
Snowflake Data Theft Via SaaS Integrator Breach: Mitigation
Snowflake customers face data theft due to compromised third-party SaaS integrators and stolen authentication tokens. Learn to secure integrations and detect compromise.
Axios Attack: Industrialized Social Engineering on NPM Maintainers
An analysis of the Axios NPM package attack reveals advanced, scaled social engineering campaigns targeting open-source maintainers, elevating supply chain risk.
AI-Assisted Supply Chain Attack Targets GitHub Misconfigurations
Analysis of the AI-assisted PRT-scan supply chain attack targeting GitHub misconfigurations. Learn about automated threats and securing repositories.
TeamPCP Supply Chain: CERT-EU Confirms Cloud Breach, 1000+ SaaS Environments Affected
CERT-EU confirms European Commission cloud breach via TeamPCP supply chain campaign. Mandiant identifies over 1,000 compromised SaaS environments. Learn about
TeamPCP Supply Chain Attacks Escalate Amidst Hacker Infighting
Runtime Rebel details how TeamPCP's supply chain attacks are leading to breaches, with ShinyHunters and Lapsus$ adding to the chaos. Learn to defend against these
UNC1069 Social Engineering Leads to Axios npm Supply Chain Compromise
Runtime Rebel details how North Korean threat actor UNC1069 leveraged targeted social engineering against an Axios npm package maintainer, leading to a critical supply
Fake GitHub Repositories Deliver Vidar Infostealer via Claude Leak
Threat actors are exploiting the Claude Code leak, deploying fake GitHub repositories to distribute Vidar infostealer malware, targeting unsuspecting developers and
Mercor Hit by LiteLLM Supply Chain Attack – Lapsus$ Claims 4TB Data Theft
AI recruiting firm Mercor is investigating a LiteLLM supply chain attack, with Lapsus$ claiming to have stolen 4TB of sensitive data.
TeamPCP Supply Chain Campaign: First Victim, Cloud Enumeration, Ransomware
Detailed analysis of TeamPCP supply chain campaign, covering the first confirmed victim, post-compromise cloud enumeration tactics, and dual ransomware operations.
UNC1069 Leverages Axios NPM Supply Chain to Deploy WAVESHAPER.V2
North Korea-nexus UNC1069 compromised widely used Axios NPM package (v1.14.1, 0.30.4) by injecting plain-crypto-js to deploy WAVESHAPER.V2 backdoor across multiple OS.