supply chain attack Archives • Page 10 of 11 • Daily CyberSecurity

VS Code ETHcode Extension Hacked: Just 2 Lines of Code Led to Supply Chain Compromise Via GitHub PR ETH

VS Code ETHcode Extension Hacked: Just 2 Lines of Code Led to Supply Chain Compromise Via GitHub PR

Ddos July 9, 2025

Researchers at ReversingLabs (RL) have uncovered a supply chain compromise of the popular ETHcode extension for Visual...

IBM X-Force Uncovers Azure Arc Flaws: Hybrid-Cloud Tool Becomes Stealthy RCE & Privilege Escalation Vector Azure Arc, Hybrid Cloud Security

IBM X-Force Uncovers Azure Arc Flaws: Hybrid-Cloud Tool Becomes Stealthy RCE & Privilege Escalation Vector

Ddos July 7, 2025

IBM X-Force has peeled back the layers on Microsoft Azure Arc, uncovering how the hybrid-cloud management tool—meant...

North Korean APT Launches Massive npm Supply Chain Attack: Typosquatting & Fake Jobs Steal Crypto from Devs npm Supply Chain Attack, North Korean APT

npm Supply Chain Attack, North Korean APT

North Korean APT Launches Massive npm Supply Chain Attack: Typosquatting & Fake Jobs Steal Crypto from Devs

Ddos June 26, 2025

In a detailed expose, the Socket Threat Research Team has uncovered an ongoing and highly targeted supply...

Banana Squad Strikes Again: 60+ GitHub Repositories Trojanized in New Software Supply Chain Attack

Ddos June 20, 2025

A newly uncovered software supply chain campaign by the threat group Banana Squad has compromised more than...

ComfyUI Under Attack: “Pickai” C++ Backdoor Compromises 700+ AI Image Generation Servers Globally

Ddos June 20, 2025

In a concerning development for AI infrastructure security, XLab has uncovered an active exploitation campaign targeting ComfyUI—a...

Water Curse: GitHub Supply Chain Attack Spreads Malware via Fake Tools, Targets Devs & Gamers

Ddos June 17, 2025

In a sweeping campaign that blends social engineering with software subversion, a newly identified threat actor dubbed...

Urgent CISA Alert: Ransomware Actors Exploiting SimpleHelp RMM Flaw (CVE-2024-57727) SimpleHelp RMM, Ransomware

Urgent CISA Alert: Ransomware Actors Exploiting SimpleHelp RMM Flaw (CVE-2024-57727)

Ddos June 13, 2025

The Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with its federal partners, has issued a high-priority...

Insyde UEFI Flaw (CVE-2025-4275): Secure Boot Bypass Allows Rootkits & Undetectable Malware Insyde UEFI, Secure Boot Bypass CVE-2025-4275

Insyde UEFI Flaw (CVE-2025-4275): Secure Boot Bypass Allows Rootkits & Undetectable Malware

Ddos June 11, 2025

A newly disclosed vulnerability in Insyde H2O UEFI firmware, tracked as CVE-2025-4275, allows attackers to bypass Secure...

Chinese Cyberespionage Groups Probe SentinelOne in Sophisticated ShadowPad and PurpleHaze Campaigns China-nexus, Cyber-espionage

Chinese Cyberespionage Groups Probe SentinelOne in Sophisticated ShadowPad and PurpleHaze Campaigns

Ddos June 10, 2025

SentinelLABS has unveiled an extensive report detailing a wave of cyber-espionage activity that directly targeted SentinelOne and...

Destructive npm Packages Disguised as Utilities Trigger Remote System Wipes on Demand Wiping Systems

Destructive npm Packages Disguised as Utilities Trigger Remote System Wipes on Demand

Ddos June 9, 2025

The Socket Threat Research Team has disclosed two dangerous npm packages that masquerade as helpful developer tools—but...

Alert: Malicious RubyGems Impersonate Fastlane Plugins, Steal CI/CD Data

Ddos June 4, 2025

Socket’s Threat Research Team has uncovered a targeted supply chain attack leveraging malicious RubyGems impersonating Fastlane plugins....

New npm Packages Exposed: Crypto Drainers Targeting BSC & Ethereum Wallets npm security, crypto drainer

New npm Packages Exposed: Crypto Drainers Targeting BSC & Ethereum Wallets

Ddos June 4, 2025

Socket Threat Research Team has uncovered a new threat lurking within the JavaScript ecosystem: four malicious npm...

Stealthy npm Supply Chain Attack: Typosquatting Leads to Remote Code Execution and Data Destruction npm supply chain attack, typosquatting

Stealthy npm Supply Chain Attack: Typosquatting Leads to Remote Code Execution and Data Destruction

Ddos June 3, 2025

In a recent revelation, Socket’s Threat Research Team has uncovered a stealthy npm supply chain attack leveraging...

PyPI Supply Chain Attack Steals Solana Private Keys via Covert Monkey-Patching PyPI Supply Chain, Solana Theft

PyPI Supply Chain Attack Steals Solana Private Keys via Covert Monkey-Patching

Ddos June 2, 2025

Socket’s Threat Research Team has uncovered a sophisticated supply chain attack on the Python Package Index (PyPI)...

RVTools Supply Chain Attack: Bumblebee Malware Delivered via Trusted VMware Utility RVTools Bumblebee Malware

RVTools Supply Chain Attack: Bumblebee Malware Delivered via Trusted VMware Utility

Ddos May 19, 2025

Aidan Leon, cybersecurity practitioner and threat analyst at ZeroDay Labs, has disclosed a sophisticated supply chain attack...

Interlock Ransomware Hits U.S. Defense Contractor AMTEC in Espionage-Driven Data Breach Interlock Ransomware, defense contractor breach

Interlock Ransomware Hits U.S. Defense Contractor AMTEC in Espionage-Driven Data Breach

Ddos May 15, 2025

A sophisticated ransomware campaign targeting National Defense Corporation (NDC) and its subsidiaries affected the defense supply chain,...

Obfuscated Malware Delivered via Google Calendar Invites and Unicode PUAs Google Calendar malware, Unicode PUAs

Obfuscated Malware Delivered via Google Calendar Invites and Unicode PUAs

Ddos May 15, 2025

Malware authors have begun exploiting Google Calendar invites and Unicode Private Use Area (PUA) characters to deliver...

PyPI Malware Alert: Malicious ‘solana-token’ Package Targets Solana Developers PyPI malware, Solana developers

PyPI Malware Alert: Malicious ‘solana-token’ Package Targets Solana Developers

Ddos May 15, 2025

The ReversingLabs research team has uncovered yet another software supply chain attack targeting the cryptocurrency ecosystem, this...

Earth Ammit Strikes Drone Supply Chains: VENOM and TIDRONE Campaigns Expose East Asia’s Critical Infrastructure Earth Ammit, Supply Chain Attack

Earth Ammit Strikes Drone Supply Chains: VENOM and TIDRONE Campaigns Expose East Asia’s Critical Infrastructure

Ddos May 14, 2025

rend Micro researchers have uncovered the full extent of an elaborate, multi-phase cyber-espionage operation attributed to Earth...

Aikido Uncovers Malicious Code in Popular npm Package rand-user-agent

Ddos May 8, 2025

Aikido Security has uncovered a Remote Access Trojan (RAT) embedded in rand-user-agent, a JavaScript package downloaded ~45,000...