Advertisement
SAP npm Packages Compromised by “Mini Shai-Hulud” Malware
The Mini Shai-Hulud campaign targets SAP cloud application developers with credential-stealing npm packages. Learn how to detect and mitigate this threat.
Fast16 Malware and XChat Exploitation: A Supply Chain Alert
Analysis of Fast16 malware, XChat launch vulnerabilities, and the resurgence of remote tool abuse in enterprise software supply chains.
Bitwarden CLI Supply Chain Attack: Malicious NPM Package Identified
Researchers have discovered a malicious payload in version 2026.4.0 of the Bitwarden CLI, targeting sensitive vault credentials in build environments.
Checkmarx KICS Docker Repository and VS Code Extension Hijacked
Unknown threat actors hijacked the checkmarx/kics Docker Hub repository, overwriting official image tags to distribute malicious code via supply chain.
Vercel Breach: Third-Party Context.ai Compromise Leads to Data Exposure
Vercel reports a security incident where a compromised third-party AI tool, Context.ai, allowed attackers to access internal Google Workspace accounts.
TeamPCP Supply Chain Attack: From Credential Theft to Payroll Fraud
TeamPCP leverages supply chain attacks to compromise trusted software, facilitating large-scale credential harvesting, logistics theft, and payroll fraud.
Smart Slider 3 Pro 3.5.1.35 Backdoor via Supply Chain Attack
Nextend's Smart Slider 3 Pro version 3.5.1.35 was compromised via a supply chain attack. Learn how to identify and remediate the backdoor today.
litellm 1.82.8 Supply Chain Compromise via Malicious .pth File
Security analysis of a supply chain compromise in litellm 1.82.8 on PyPI, where a malicious .pth file enables automatic code execution on Python startup.
Guardarian Users Targeted via 36 Malicious Strapi npm Packages
Analysis of a supply chain attack involving 36 malicious npm packages posing as Strapi plugins to target Guardarian users and harvest sensitive credentials.
European Commission AWS Breach: Trivy Supply Chain Attack Analysis
The European Commission confirms a 300GB data breach in its AWS environment linked to a Trivy supply chain attack. Learn about the impact and mitigations.
Stardust Chollima Compromises Axios npm Package
Technical analysis of the Stardust Chollima supply chain attack targeting the Axios npm package to exfiltrate developer credentials and data.
Axios Supply Chain Attack: RAT Found in Versions 1.14.1 and 0.30.4
Malicious Axios versions 1.14.1 and 0.30.4 inject a cross-platform RAT via a fake dependency. Identify and remediate this npm supply chain threat now.