Advertisement
GlassWorm Malware Takedown: Disruption of Developer Supply Chain C2
CrowdStrike, Google, and Shadowserver disrupt the GlassWorm malware C2 infrastructure, halting a persistent developer-focused supply chain attack campaign.
Megalodon Campaign: 5,561 GitHub Repos Hit by Malicious Workflows
Automated Megalodon attack pushes 5,718 malicious commits to GitHub repositories to exfiltrate secrets via GitHub Actions workflows.
GitHub Internal Repositories Breached via Nx Console VS Code Extension
GitHub confirms internal repository breach after an employee device was compromised by a poisoned Nx Console VS Code extension in a supply chain attack.
Fake OpenAI Privacy Filter Repository Distributes Rust Info-Stealer
A malicious Hugging Face repository impersonating OpenAI's privacy tool reached 244k downloads, delivering a Rust-based information stealer to Windows users.
Trojanized CPU-Z and HWMonitor Distributed via CPUID Site Hack
Russian-speaking threat actors compromised the CPUID website to distribute STX RAT through trojanized versions of CPU-Z and HWMonitor diagnostic tools.
TeamPCP Supply Chain Campaign: Databricks and AstraZeneca Impact
TeamPCP's supply chain campaign weaponizes security scanners for dual ransomware operations, impacting Databricks and AstraZeneca in a major breach.
AppsFlyer Web SDK Hijacked to Deliver Crypto-Stealing Malware
AppsFlyer's Web SDK was compromised in a supply chain attack to steal cryptocurrency. Learn how to detect and mitigate this JavaScript injection threat.
Chrome Extensions QuickLens and BuildMelon Hijacked via Ownership Transfer
Attackers are exploiting Chrome extension ownership transfers to weaponize QuickLens and BuildMelon tools for code injection and data harvesting.
AI-Driven Package Hallucination: A New Frontier in Supply Chain Exploitation
Analysis of a novel attack vector where autonomous AI agents facilitate malicious package injection through dependency confusion and LLM hallucinations.