Advertisement
Microsoft Exchange Zero-Day and npm Supply Chain Worm Under Active Use
Critical security briefing on the active exploitation of an Exchange Server zero-day, npm supply chain worms, and Cisco network control vulnerabilities.
Developer Workstations: The New Front in Software Supply Chain Attacks
A surge in attacks targeting npm, PyPI, and Docker Hub highlights a shift toward stealing developer credentials and API keys from workstations and CI/CD pipelines.
OpenAI Breach: TanStack Supply Chain Attack Impacts Employee Devices
OpenAI confirms two employee devices compromised in a TanStack supply chain attack affecting npm and PyPI packages, prompting certificate rotation.
Malicious node-ipc Versions Compromise Developer Secrets via Supply Chain
Three versions of the node-ipc npm package (9.1.6, 9.2.3, 12.0.1) contain stealer/backdoor functionality targeting developer secrets. Urgent update advised.
Shai-Hulud Supply Chain Attack: Malicious npm and Mistral Packages
The Shai-Hulud campaign targets developers with over 300 signed npm and PyPI packages impersonating TanStack and Mistral to steal sensitive credentials.
Mini Shai-Hulud Worm Compromises TanStack and Mistral AI Packages
TeamPCP actor compromises major npm and PyPI packages including TanStack and Mistral AI via the Mini Shai-Hulud worm, deploying profiling malware.
TeamPCP Targets SAP npm Packages: Mini Shai-Hulud Supply Chain Attack
TeamPCP broadens supply chain attacks, compromising npm packages in SAP's cloud development ecosystem with the 'Mini Shai-Hulud' malicious code injection.
Official SAP npm Packages Compromised in TeamPCP Supply Chain Attack
Attackers compromised official SAP npm packages to exfiltrate developer credentials and tokens. Learn how to detect and remediate this supply chain threat.
AI-Generated npm Supply Chain Attack: DPRK Exploits Claude Opus
North Korean actors leverage LLMs like Claude Opus to insert malicious npm packages into developer workflows, leading to RCE and data theft via @validate-sdk/v2.
SAP npm Packages Compromised by “Mini Shai-Hulud” Malware
The Mini Shai-Hulud campaign targets SAP cloud application developers with credential-stealing npm packages. Learn how to detect and mitigate this threat.
TeamPCP Supply Chain: Checkmarx KICS, Bitwarden CLI, xinference PyPI Attacks
TeamPCP resumes supply chain attacks with new compromises targeting Checkmarx KICS, Bitwarden CLI, and xinference PyPI. UNC6780 credential theft campaign continues.
Bitwarden NPM Supply Chain Attack: Analyzing the TeamPCP Campaign
A malicious npm package impersonating Bitwarden was discovered exfiltrating sensitive data via the Shai-Hulud worm in a recent supply chain attack.