Software Supply Chain Archives • Daily CyberSecurity

AI Generated Code Vulnerabilities Threaten Emerging Dev Ecosystems

AI generated code vulnerabilities MCP server repositories

AI Generated Code Vulnerabilities Threaten Emerging Dev Ecosystems

Do Son June 4, 2026

Artificial intelligence now shapes the landscape of modern software development. However, this rapid automation introduces significant security...

SymJack AI Attack Technique Exposes Coding Assistants to Exploitation SymJack AI attack technique AI coding agent security

SymJack AI Attack Technique Exposes Coding Assistants to Exploitation

Do Son June 3, 2026

A dangerous new vulnerability pattern threatens modern software developers. Specifically, researchers recently exposed the SymJack AI attack...

The xmldom CDATA Flaw That Puts 23 Million Weekly Users at Risk xmldom Vulnerability XML Injection

The xmldom CDATA Flaw That Puts 23 Million Weekly Users at Risk

Do Son April 2, 2026

A significant vulnerability has been discovered in xmldom, a massive JavaScript library with over 23.5 million weekly...

OpenSSF Warns: Open Source Software Is Not a Free Service OpenSSF, open source

OpenSSF Warns: Open Source Software Is Not a Free Service

Do Son September 24, 2025

The Open Source Security Foundation (OpenSSF), together with several prominent open-source and software foundations, has issued a...

Critical XZ Backdoor Still Lurks in Docker Images, Posing Supply Chain Risk XZ backdoor, Docker Hub MIFARE classic backdoor C++/CLI IIS Backdoor

Critical XZ Backdoor Still Lurks in Docker Images, Posing Supply Chain Risk

Do Son August 13, 2025

The backdoor vulnerability in XZ-Utils first came to light in March 2024, and had it not been...

Lazarus Group’s Covert Supply Chain Attack: North Korean APT Poisons Open Source to Steal Developer Secrets Lazarus Group, Software Supply Chain

Lazarus Group’s Covert Supply Chain Attack: North Korean APT Poisons Open Source to Steal Developer Secrets

Do Son July 31, 2025

In a recently expose, Sonatype reveals a covert cyberespionage campaign orchestrated by the North Korea-linked Lazarus Group,...

Banana Squad Strikes Again: 60+ GitHub Repositories Trojanized in New Software Supply Chain Attack

Do Son June 20, 2025

A newly uncovered software supply chain campaign by the threat group Banana Squad has compromised more than...

Critical CI/CD Cache Poisoning Threatens Supply Chain: Undetectable Code Injection Possible! CI/CD Security, Cache Poisoning

Critical CI/CD Cache Poisoning Threatens Supply Chain: Undetectable Code Injection Possible!

Do Son June 13, 2025

A newly disclosed vulnerability tracked as CVE-2025-36852 has shaken the foundation of modern CI/CD systems and supply...

AI Interface Hijacked: Open WebUI Exploited for Cryptominers and Stealthy AI Malware Seedworm Espionage Campaign 2026 ChromElevator Stealer DLL Sideloading SIM Swapping Crypto Theft Lazarus Comebacker, Aerospace Espionage Delete PlugX Malware

Seedworm Espionage Campaign 2026 ChromElevator Stealer DLL Sideloading SIM Swapping Crypto Theft Lazarus Comebacker, Aerospace Espionage Delete PlugX Malware

AI Interface Hijacked: Open WebUI Exploited for Cryptominers and Stealthy AI Malware

Do Son June 4, 2025

The Sysdig Threat Research Team (TRT) has uncovered a malicious campaign exploiting a misconfigured Open WebUI instance—an...

Critical Open Source Library ‘easyjson’ Linked to Russian VK Group easyjson, supply chain security

Critical Open Source Library ‘easyjson’ Linked to Russian VK Group

Do Son May 7, 2025

Hunted Labs has uncovered that a widely used open source library—easyjson—is maintained and controlled by developers associated...

JPMorgan Chase CISO Warns of SaaS Security Crisis and Supply Chain Risk SaaS Security Software Supply Chain

JPMorgan Chase CISO Warns of SaaS Security Crisis and Supply Chain Risk

Do Son April 30, 2025

In an open letter, Patrick Opet, Chief Information Security Officer (CISO) at JPMorgan Chase, raises a critical...

Malicious Packages Stealing Crypto Credentials: A Warning for Developers npm package, crypto drainer Malicious Packages Cryptocurrency Theft

npm package, crypto drainer Malicious Packages Cryptocurrency Theft

Malicious Packages Stealing Crypto Credentials: A Warning for Developers

Do Son April 23, 2025

The Socket Threat Research Team has exposed three malicious open-source packages masquerading as developer tools — designed...

Critical Alert 1 Active Exploit Detected Today