supply chain attack Archives • Page 10 of 12 • Daily CyberSecurity

SilentRoute: Trojanized SonicWall VPN Client Used to Steal Enterprise Credentials SonicWall Malware, Supply Chain Attack

SilentRoute: Trojanized SonicWall VPN Client Used to Steal Enterprise Credentials

Do Son July 21, 2025

In a newly uncovered software supply chain attack, threat actors have successfully deployed a backdoored version of...

PyPI Supply Chain Attack: “cloudscrapersafe” Steals Credit Cards via Fake Python Library PyPI Supply Chain, Credit Card Theft

PyPI Supply Chain Attack: “cloudscrapersafe” Steals Credit Cards via Fake Python Library

Do Son July 20, 2025

Imperva researchers have uncovered a supply chain attack masquerading as a popular Python utility. The package in...

Major npm Supply Chain Attack: Phishing Campaign Steals Maintainer Credentials, Injects Malware into Popular Packages npm Phishing, Supply Chain Attack

Major npm Supply Chain Attack: Phishing Campaign Steals Maintainer Credentials, Injects Malware into Popular Packages

Do Son July 19, 2025

A deceptive and highly targeted phishing campaign has successfully compromised several popular npm packages, including eslint-config-prettier, eslint-plugin-prettier,...

Hidden Protestware Found in 28+ npm Packages: Silently Targeting Russian Users npm Protestware, Supply Chain Attack

Hidden Protestware Found in 28+ npm Packages: Silently Targeting Russian Users

Do Son July 17, 2025

In a revelation for the JavaScript ecosystem, Socket’s Threat Research Team has uncovered the widespread proliferation of...

Cursor AI IDE Hacked: Fraudulent Extension Steals $500K in Crypto from Russian Developer Cursor AI, Crypto Theft

Cursor AI IDE Hacked: Fraudulent Extension Steals $500K in Crypto from Russian Developer

Do Son July 15, 2025

A fraudulent extension for the Cursor AI IDE—an editor built upon Microsoft’s open-source Visual Studio Code—was used...

XORIndex: North Korea’s Evolving Supply Chain Malware Targets npm Ecosystem Again NPM Supply Chain, North Korea Malware

XORIndex: North Korea’s Evolving Supply Chain Malware Targets npm Ecosystem Again

Do Son July 15, 2025

A new chapter in the ongoing Contagious Interview campaign has emerged, as the Socket Threat Research Team...

WordPress Supply Chain Attack: Gravity Forms Plugin Backdoored Through Official Downloads WordPress Supply Chain, Plugin Backdoor

WordPress Supply Chain Attack: Gravity Forms Plugin Backdoored Through Official Downloads

Do Son July 14, 2025

In a concerning development for WordPress site administrators, the Patchstack team has uncovered a targeted supply chain...

VS Code ETHcode Extension Hacked: Just 2 Lines of Code Led to Supply Chain Compromise Via GitHub PR

Do Son July 9, 2025

Researchers at ReversingLabs (RL) have uncovered a supply chain compromise of the popular ETHcode extension for Visual...

IBM X-Force Uncovers Azure Arc Flaws: Hybrid-Cloud Tool Becomes Stealthy RCE & Privilege Escalation Vector Azure Arc, Hybrid Cloud Security

IBM X-Force Uncovers Azure Arc Flaws: Hybrid-Cloud Tool Becomes Stealthy RCE & Privilege Escalation Vector

Do Son July 7, 2025

IBM X-Force has peeled back the layers on Microsoft Azure Arc, uncovering how the hybrid-cloud management tool—meant...

North Korean APT Launches Massive npm Supply Chain Attack: Typosquatting & Fake Jobs Steal Crypto from Devs npm Supply Chain Attack, North Korean APT

npm Supply Chain Attack, North Korean APT

North Korean APT Launches Massive npm Supply Chain Attack: Typosquatting & Fake Jobs Steal Crypto from Devs

Do Son June 26, 2025

In a detailed expose, the Socket Threat Research Team has uncovered an ongoing and highly targeted supply...

Banana Squad Strikes Again: 60+ GitHub Repositories Trojanized in New Software Supply Chain Attack

Do Son June 20, 2025

A newly uncovered software supply chain campaign by the threat group Banana Squad has compromised more than...

ComfyUI Under Attack: “Pickai” C++ Backdoor Compromises 700+ AI Image Generation Servers Globally

Do Son June 20, 2025

In a concerning development for AI infrastructure security, XLab has uncovered an active exploitation campaign targeting ComfyUI—a...

Water Curse: GitHub Supply Chain Attack Spreads Malware via Fake Tools, Targets Devs & Gamers

Do Son June 17, 2025

In a sweeping campaign that blends social engineering with software subversion, a newly identified threat actor dubbed...

7.5 Urgent CISA Alert: Ransomware Actors Exploiting SimpleHelp RMM Flaw (CVE-2024-57727) SimpleHelp RMM, Ransomware

7.5 Urgent CISA Alert: Ransomware Actors Exploiting SimpleHelp RMM Flaw (CVE-2024-57727)

Do Son June 13, 2025

The Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with its federal partners, has issued a high-priority...

7.8 Insyde UEFI Flaw (CVE-2025-4275): Secure Boot Bypass Allows Rootkits & Undetectable Malware Insyde UEFI, Secure Boot Bypass CVE-2025-4275

7.8 Insyde UEFI Flaw (CVE-2025-4275): Secure Boot Bypass Allows Rootkits & Undetectable Malware

Do Son June 11, 2025

A newly disclosed vulnerability in Insyde H2O UEFI firmware, tracked as CVE-2025-4275, allows attackers to bypass Secure...

Chinese Cyberespionage Groups Probe SentinelOne in Sophisticated ShadowPad and PurpleHaze Campaigns China-nexus, Cyber-espionage

Chinese Cyberespionage Groups Probe SentinelOne in Sophisticated ShadowPad and PurpleHaze Campaigns

Do Son June 10, 2025

SentinelLABS has unveiled an extensive report detailing a wave of cyber-espionage activity that directly targeted SentinelOne and...

Destructive npm Packages Disguised as Utilities Trigger Remote System Wipes on Demand Wiping Systems

Destructive npm Packages Disguised as Utilities Trigger Remote System Wipes on Demand

Do Son June 9, 2025

The Socket Threat Research Team has disclosed two dangerous npm packages that masquerade as helpful developer tools—but...

Alert: Malicious RubyGems Impersonate Fastlane Plugins, Steal CI/CD Data

Do Son June 4, 2025

Socket’s Threat Research Team has uncovered a targeted supply chain attack leveraging malicious RubyGems impersonating Fastlane plugins....

New npm Packages Exposed: Crypto Drainers Targeting BSC & Ethereum Wallets npm security, crypto drainer

New npm Packages Exposed: Crypto Drainers Targeting BSC & Ethereum Wallets

Do Son June 4, 2025

Socket Threat Research Team has uncovered a new threat lurking within the JavaScript ecosystem: four malicious npm...

Stealthy npm Supply Chain Attack: Typosquatting Leads to Remote Code Execution and Data Destruction npm supply chain attack, typosquatting

Stealthy npm Supply Chain Attack: Typosquatting Leads to Remote Code Execution and Data Destruction

Do Son June 3, 2025

In a recent revelation, Socket’s Threat Research Team has uncovered a stealthy npm supply chain attack leveraging...