supply chain attack Archives • Page 2 of 12 • Daily CyberSecurity

9.8 Severity Alert: Malicious Git Branches Can Hijack Your WebdriverIO Build Servers WebdriverIO Command Injection CVE-2026-25244

9.8 Severity Alert: Malicious Git Branches Can Hijack Your WebdriverIO Build Servers

Do Son May 13, 2026

A critical security vulnerability has been found in WebdriverIO, a popular open-source test automation framework used for...

GemStuffer RubyGems Campaign RubyGems Data Exfiltration TanStack npm Compromise Supply Chain Attack DNS Hijacking APT28 (Fancy Bear) OpenVSX Supply Chain Attack Checkmarx Plugin Breach Stryker Cyberattack CISA Alert Trans-Regional Cyber Conflict Operation Epic Fury Cyber Operation MacroMaze APT28 Cyber Espionage Notepad++ Supply Chain Attack Lotus Blossom Group Defense Industrial Base Threats GTIG Report APT28 Operation Neusploit CVE-2026-21509 Bookworm Malware

Supply Chain Siege: 84 TanStack Packages Compromised to Steal GitHub Secrets

Do Son May 12, 2026

The software supply chain has just weathered another high-impact assault. The Socket Threat Research team has uncovered...

Trust Hijacked: Official JDownloader Website Breached to Distribute Malicious Installers JDownloader Breach Supply Chain Attack

Trust Hijacked: Official JDownloader Website Breached to Distribute Malicious Installers

Do Son May 9, 2026

When millions of users rely on a popular utility, the implicit trust placed in its official download...

Highly Evasive NuGet Supply Chain Attack Hijacks 65,000 .NET Build Servers NuGet Supply Chain Attack .NET Malware

Highly Evasive NuGet Supply Chain Attack Hijacks 65,000 .NET Build Servers

Do Son May 8, 2026

A highly sophisticated software supply chain attack has compromised tens of thousands of developer workstations and CI/CD...

OceanLotus Hijacks PyPI to Deploy “ZiChatBot” via Enterprise Chat APIs Acreed Infostealer, BNB Smart Chain CVE-2023-20269 exploit

OceanLotus Hijacks PyPI to Deploy “ZiChatBot” via Enterprise Chat APIs

Do Son May 7, 2026

In a calculated move that signals the expansion of state-sponsored threats into open-source repositories, researchers at Kaspersky...

New Quasar Linux (QLNX) RAT Hijacks Cloud Keys and NPM Tokens Quasar Linux RAT Supply Chain Hijacking

New Quasar Linux (QLNX) RAT Hijacks Cloud Keys and NPM Tokens

Do Son May 6, 2026

A previously undocumented Linux remote access trojan (RAT) has been exposed for its surgical precision in targeting...

DAEMON Tools Supply Chain Attack QUIC RAT Malware

Trojanized Tools: DAEMON Tools Supply Chain Attack Compromises Global Systems

Do Son May 6, 2026

Kaspersky has uncovered a sophisticated supply chain attack targeting DAEMON Tools, the widely used disk imaging software....

Waking the Sleepers: The BufferZoneCorp Campaign Poisoning Ruby and Go Ecosystems

Do Son May 2, 2026

Security researchers at Socket have uncovered a coordinated software supply chain campaign orchestrated through the GitHub account...

AI’s Supply Chain Nightmare: The Lightning Framework Worm and the “Silence Developer” Meme Lightning Framework Attack TEAM PCP Supply Chain

AI’s Supply Chain Nightmare: The Lightning Framework Worm and the “Silence Developer” Meme

Do Son May 2, 2026

In a high-impact escalation of software supply chain attacks, security researchers have identified a major compromise of...

“TanStack”: Malicious Name-Squatting Campaign Steals Environment Secrets TanStack Typosquatting npm Supply Chain Attack Axios Supply Chain Attack npm Poisoning eScan Supply Chain Attack Antivirus Compromise APT-36, NCERT WhatsApp Advisory FBI alert, Salesforce Salt Typhoon, APT group ConnectWise ScreenConnect hack Nation-state cyberattack FortiGate Leak - zkLend vulnerability - TRIPLESTRENGTH Threat Actor Group Dark Storm

TanStack Typosquatting npm Supply Chain Attack Axios Supply Chain Attack npm Poisoning eScan Supply Chain Attack Antivirus Compromise APT-36, NCERT WhatsApp Advisory FBI alert, Salesforce Salt Typhoon, APT group ConnectWise ScreenConnect hack Nation-state cyberattack FortiGate Leak - zkLend vulnerability - TRIPLESTRENGTH Threat Actor Group Dark Storm

“TanStack”: Malicious Name-Squatting Campaign Steals Environment Secrets

Do Son May 2, 2026

Security researchers have uncovered a supply-chain attack on npm targeting developers who mistakenly install the unscoped tanstack...

The Worm Turns to PHP: Mini Shai-Hulud’s 20-Million-Install Hijack of Intercom Mini Shai-Hulud Packagist Supply Chain Attack

The Worm Turns to PHP: Mini Shai-Hulud’s 20-Million-Install Hijack of Intercom

Do Son May 2, 2026

Security researchers at Socket have identified a major expansion of the “Mini Shai-Hulud” supply chain campaign, which...

PromptMink Tricked AI Agents into Planting Malware PromptMink Campaign AI Agent Deception LIMINAL PANDA UNC1549 DLL Hijacking, VDI Breakout

PromptMink Tricked AI Agents into Planting Malware

Do Son May 1, 2026

Researchers at ReversingLabs (RL) have uncovered a campaign dubbed PromptMink. Attributed to the North Korean-linked group Famous...

Minirat’s Stealth Supply Chain Attack Targets macOS Developers Minirat macOS Malware Go-based RAT

Minirat’s Stealth Supply Chain Attack Targets macOS Developers

Do Son May 1, 2026

Security researchers at Iru have detailed a sophisticated new threat targeting macOS users through the software supply...

Single Actor Bypassed Open VSX Security with “Disposable” Tools Open VSX Malware String-Fragment Reconstruction DarkCloud Stealer, steganography APT 35 Charming Kitten cyclops

Open VSX Malware String-Fragment Reconstruction DarkCloud Stealer, steganography APT 35 Charming Kitten cyclops

Single Actor Bypassed Open VSX Security with “Disposable” Tools

Do Son May 1, 2026

Security researchers at Yeeth Security have uncovered a sophisticated campaign on the Open VSX marketplace, where a...

The “Mini Shai-Hulud” Attack Hijacking SAP Developer Pipelines SAP Supply Chain Attack Mini Shai-Hulud Malware

The “Mini Shai-Hulud” Attack Hijacking SAP Developer Pipelines

Do Son April 29, 2026

Security researchers have sounded the alarm on a precision-targeted supply-chain compromise striking the SAP developer ecosystem. The...

The Malware Factory: Unmasking the 108-Package North Korean Siege on npm npm Supply Chain Attack DPRK Malware Factory

The Malware Factory: Unmasking the 108-Package North Korean Siege on npm

Do Son April 29, 2026

Cybersecurity researchers at Panther Threat Research have released a detailed exposé on a massive, coordinated npm malware...

Check Point VPN vulnerability exploited in the wild Check Point VPN exploit CVE-2026-50751 zero-day Checkmarx Breach Supply Chain Attack Ivanti EPMM RCE CVE-2026-1281 Modular DS Vulnerability CVE-2026-23550 D-Link RCE Vulnerability CVE-2026-0625 Christmas 2025 GreyNoise Campaign, Japan-Based Initial Access Broker React2Shell Zero-Day, APT Active Exploitation WordPress vulnerability, authentication bypass FreePBX, zero-day Trend Micro Apex One, Remote Code Execution BitoPro Hack, Crypto Theft UNC5337 - CVE-2022-47945 Safe{Wallet} hack Fortinet vulnerability, CVE-2024-21762, FortiGate attack Balloonfly, Play ransomware Ivanti EPMM CVE-2025-4427 and CVE-2025-4428

Checkmarx Falls Victim to Credential Harvesting Attack

Do Son April 29, 2026

Checkmarx, a global leader in application security testing, has disclosed a significant breach of its internal systems....

Vimeo Data Exposed in Anodot Supply Chain Attack Third-Party Risk Vimeo Data Breach

Vimeo Data Exposed in Anodot Supply Chain Attack

Do Son April 29, 2026

Vimeo, the global video hosting giant, announced it has been swept up in a security incident involving...

Supply Chain Sabotage: Bitwarden CLI Compromised in Global “Checkmarx” Campaign Bitwarden CLI Compromise Dune Supply Chain Attack

Supply Chain Sabotage: Bitwarden CLI Compromised in Global “Checkmarx” Campaign

Do Son April 24, 2026

The password management world was rocked this week as researchers from Socket revealed a major supply chain...

Void Dokkaebi Unmasked: The “Worm-Like” Supply Chain Threat Targeting Developers Void Dokkaebi Supply Chain Infected VS Code Tasks

Void Dokkaebi Unmasked: The “Worm-Like” Supply Chain Threat Targeting Developers

Do Son April 23, 2026

A new report from researchers at TrendMicro has exposed the evolution of Void Dokkaebi (also known as...