Advertisement
Bitwarden NPM Supply Chain Attack: Analyzing the TeamPCP Campaign
A malicious npm package impersonating Bitwarden was discovered exfiltrating sensitive data via the Shai-Hulud worm in a recent supply chain attack.
Vercel Breach and QEMU Abuse: Analyzing Modern Trust-Based Attacks
Analysis of the Vercel infrastructure compromise, QEMU-based evasion techniques, and the rise of Android RATs leveraging update channels for delivery.
Third-Party Risk Intelligence: Beyond Legacy Cyber Risk Ratings
Discover why modern cybersecurity strategies are shifting from static vendor risk ratings to dynamic, real-time third-party risk intelligence operations.
36 Malicious npm Packages Target Strapi, Redis, and PostgreSQL
36 malicious npm packages disguised as Strapi CMS plugins target Redis and PostgreSQL environments to deploy persistent implants and reverse shells.
Axios npm Hijack Attempt: Detecting Social Engineering Tactics
North Korean threat actors targeted an Axios maintainer with a fake Microsoft Teams fix, highlighting critical risks to open-source supply chains.
FCC Regulates Foreign Consumer Routers Over Supply Chain Risk
The US Executive Branch and FCC have restricted foreign-made consumer routers to mitigate critical infrastructure risks and supply chain vulnerabilities.
Claude Code Source Leaked via npm Packaging Error
Anthropic confirms internal Claude Code source code was leaked due to an npm packaging error. Analysis of supply chain risks and mitigation strategies.
Axios npm Supply Chain Attack Attributed to North Korea's UNC1069
Google Threat Intelligence attributes a major Axios npm supply chain attack to North Korean group UNC1069, emphasizing risks to developer environments.
GlassWorm: Stolen GitHub Tokens Fuel Python Malware Injection
The GlassWorm campaign uses stolen GitHub tokens to inject malicious code into Python repositories, including Django and machine learning projects.
Malicious Rust Crates Steal Developer Secrets on Crates.io
Five malicious Rust crates on crates.io masquerade as time utilities to exfiltrate .env files, targeting developer environments and CI/CD pipelines.
Strategic Board Oversight: Supply Chain, AI, and Regulatory Risks
An analysis of critical cybersecurity risks for board oversight, covering supply chain integrity, AI weaponization, and regulatory liability requirements.