supply chain attack Archives • Page 2 of 11 • Daily CyberSecurity

Waking the Sleepers: The BufferZoneCorp Campaign Poisoning Ruby and Go Ecosystems

Ddos May 2, 2026

Security researchers at Socket have uncovered a coordinated software supply chain campaign orchestrated through the GitHub account...

AI’s Supply Chain Nightmare: The Lightning Framework Worm and the “Silence Developer” Meme Lightning Framework Attack TEAM PCP Supply Chain

AI’s Supply Chain Nightmare: The Lightning Framework Worm and the “Silence Developer” Meme

Ddos May 2, 2026

In a high-impact escalation of software supply chain attacks, security researchers have identified a major compromise of...

“TanStack”: Malicious Name-Squatting Campaign Steals Environment Secrets TanStack Typosquatting npm Supply Chain Attack Axios Supply Chain Attack npm Poisoning eScan Supply Chain Attack Antivirus Compromise APT-36, NCERT WhatsApp Advisory FBI alert, Salesforce Salt Typhoon, APT group ConnectWise ScreenConnect hack Nation-state cyberattack FortiGate Leak - zkLend vulnerability - TRIPLESTRENGTH Threat Actor Group Dark Storm

TanStack Typosquatting npm Supply Chain Attack Axios Supply Chain Attack npm Poisoning eScan Supply Chain Attack Antivirus Compromise APT-36, NCERT WhatsApp Advisory FBI alert, Salesforce Salt Typhoon, APT group ConnectWise ScreenConnect hack Nation-state cyberattack FortiGate Leak - zkLend vulnerability - TRIPLESTRENGTH Threat Actor Group Dark Storm

“TanStack”: Malicious Name-Squatting Campaign Steals Environment Secrets

Ddos May 2, 2026

Security researchers have uncovered a supply-chain attack on npm targeting developers who mistakenly install the unscoped tanstack...

The Worm Turns to PHP: Mini Shai-Hulud’s 20-Million-Install Hijack of Intercom Mini Shai-Hulud Packagist Supply Chain Attack

The Worm Turns to PHP: Mini Shai-Hulud’s 20-Million-Install Hijack of Intercom

Ddos May 2, 2026

Security researchers at Socket have identified a major expansion of the “Mini Shai-Hulud” supply chain campaign, which...

PromptMink Tricked AI Agents into Planting Malware PromptMink Campaign AI Agent Deception LIMINAL PANDA UNC1549 DLL Hijacking, VDI Breakout

PromptMink Tricked AI Agents into Planting Malware

Ddos May 1, 2026

Researchers at ReversingLabs (RL) have uncovered a campaign dubbed PromptMink. Attributed to the North Korean-linked group Famous...

Minirat’s Stealth Supply Chain Attack Targets macOS Developers Minirat macOS Malware Go-based RAT

Minirat’s Stealth Supply Chain Attack Targets macOS Developers

Ddos May 1, 2026

Security researchers at Iru have detailed a sophisticated new threat targeting macOS users through the software supply...

Single Actor Bypassed Open VSX Security with “Disposable” Tools Open VSX Malware String-Fragment Reconstruction DarkCloud Stealer, steganography APT 35 Charming Kitten cyclops

Open VSX Malware String-Fragment Reconstruction DarkCloud Stealer, steganography APT 35 Charming Kitten cyclops

Single Actor Bypassed Open VSX Security with “Disposable” Tools

Ddos May 1, 2026

Security researchers at Yeeth Security have uncovered a sophisticated campaign on the Open VSX marketplace, where a...

The “Mini Shai-Hulud” Attack Hijacking SAP Developer Pipelines SAP Supply Chain Attack Mini Shai-Hulud Malware

The “Mini Shai-Hulud” Attack Hijacking SAP Developer Pipelines

Ddos April 29, 2026

Security researchers have sounded the alarm on a precision-targeted supply-chain compromise striking the SAP developer ecosystem. The...

The Malware Factory: Unmasking the 108-Package North Korean Siege on npm npm Supply Chain Attack DPRK Malware Factory

The Malware Factory: Unmasking the 108-Package North Korean Siege on npm

Ddos April 29, 2026

Cybersecurity researchers at Panther Threat Research have released a detailed exposé on a massive, coordinated npm malware...

Checkmarx Breach Supply Chain Attack Ivanti EPMM RCE CVE-2026-1281 Modular DS Vulnerability CVE-2026-23550 D-Link RCE Vulnerability CVE-2026-0625 Christmas 2025 GreyNoise Campaign, Japan-Based Initial Access Broker React2Shell Zero-Day, APT Active Exploitation WordPress vulnerability, authentication bypass FreePBX, zero-day Trend Micro Apex One, Remote Code Execution BitoPro Hack, Crypto Theft UNC5337 - CVE-2022-47945 Safe{Wallet} hack Fortinet vulnerability, CVE-2024-21762, FortiGate attack Balloonfly, Play ransomware Ivanti EPMM CVE-2025-4427 and CVE-2025-4428

Checkmarx Falls Victim to Credential Harvesting Attack

Ddos April 29, 2026

Checkmarx, a global leader in application security testing, has disclosed a significant breach of its internal systems....

Vimeo Data Exposed in Anodot Supply Chain Attack Third-Party Risk Vimeo Data Breach

Vimeo Data Exposed in Anodot Supply Chain Attack

Ddos April 29, 2026

Vimeo, the global video hosting giant, announced it has been swept up in a security incident involving...

Supply Chain Sabotage: Bitwarden CLI Compromised in Global “Checkmarx” Campaign Bitwarden CLI Compromise Dune Supply Chain Attack

Supply Chain Sabotage: Bitwarden CLI Compromised in Global “Checkmarx” Campaign

Ddos April 24, 2026

The password management world was rocked this week as researchers from Socket revealed a major supply chain...

Void Dokkaebi Unmasked: The “Worm-Like” Supply Chain Threat Targeting Developers Void Dokkaebi Supply Chain Infected VS Code Tasks

Void Dokkaebi Unmasked: The “Worm-Like” Supply Chain Threat Targeting Developers

Ddos April 23, 2026

A new report from researchers at TrendMicro has exposed the evolution of Void Dokkaebi (also known as...

TeamPCP Hijacks Checkmarx in Sprawling Supply Chain Strike Checkmarx Supply Chain Attack TeamPCP

TeamPCP Hijacks Checkmarx in Sprawling Supply Chain Strike

Ddos April 23, 2026

The cybersecurity world is facing a sprawling supply chain compromise as official distribution channels for Checkmarx, a...

Supply Chain Alert: TeamPCP Strikes Popular AI Framework Xinference Xinference Supply Chain Attack TeamPCP

Supply Chain Alert: TeamPCP Strikes Popular AI Framework Xinference

Ddos April 23, 2026

The Python ecosystem is reeling from a sophisticated supply chain attack targeting Xinference (Xorbits Inference), a widely...

The Next.js Nightmare? Vercel Investigates “Critical” Internal Breach and Supply Chain Threat Vercel Supply Chain Next.js Security

The Next.js Nightmare? Vercel Investigates “Critical” Internal Breach and Supply Chain Threat

Ddos April 19, 2026

The global development community is on high alert following reports of a major security incident at Vercel,...

The Invisible Patch: How PolinRider Rewrites Git History to Hide North Korean Malware PolinRider Malware Git History Falsification

The Invisible Patch: How PolinRider Rewrites Git History to Hide North Korean Malware

Ddos April 17, 2026

Security researchers from the OpenSourceMalware (OSM) team have uncovered a massive and rapidly expanding threat campaign targeting...

North Korea’s “OtterCookie” Hides Inside Benign npm Wrappers Seedworm Espionage Campaign 2026 ChromElevator Stealer DLL Sideloading SIM Swapping Crypto Theft Lazarus Comebacker, Aerospace Espionage Delete PlugX Malware