supply chain attack Archives • Page 3 of 11 • Daily CyberSecurity

CVE-2026-34208 (CVSS 10): Critical Sandbox Escape Uncovered in SandboxJS SandboxJS Escape Host Object Poisoning SandboxJS Vulnerability CVE-2026-26954

SandboxJS Escape Host Object Poisoning SandboxJS Vulnerability CVE-2026-26954

CVE-2026-34208 (CVSS 10): Critical Sandbox Escape Uncovered in SandboxJS

Ddos April 8, 2026

In the world of secure software development, sandboxing is the ultimate safety net—a controlled environment designed to...

The 1,700-Package Blitz: North Korea’s “Contagious Interview” Infiltrates Every Major Dev Registry Contagious Interview Malicious Packages

The 1,700-Package Blitz: North Korea’s “Contagious Interview” Infiltrates Every Major Dev Registry

Ddos April 8, 2026

Researchers at Socket have identified a massive new cluster of malicious packages linked to North Korea’s notorious...

Malicious VeloraDEX SDK Compromises Developer Machines via npm npm Supply Chain Attack @velora-dex/sdk Malware

Malicious VeloraDEX SDK Compromises Developer Machines via npm

Ddos April 8, 2026

Security researchers at StepSecurity have sounded the alarm on a compromised version of the @velora-dex/sdk package. On...

UAT-10608 Uses a Next.js “React2Shell” Flaw to Map Your Entire Cloud NEXUS Listener React2Shell Vulnerability

UAT-10608 Uses a Next.js “React2Shell” Flaw to Map Your Entire Cloud

Ddos April 7, 2026

Cisco Talos has revealed a major automated credential harvesting campaign, tracked as UAT-10608, that has already compromised...

Apple Google EU alliance DMA European Commission Breach Trivy Supply Chain Attack Europa.eu Breach EU Cloud Infrastructure EU Cyber Sanctions State-Sponsored Hacking EU 2040 Emissions Target, Europe Climate Leadership AWS Azure DMA Cloud Gatekeeper DSA violation, illegal content Apple DMA Delay, iPhone Mirroring EU EU Age Verification, Google Play Integrity Corning Antitrust, EU Competition Apple EU Digital Markets Act App Store commission European Union cyberattacks - InvestAI EU Targets Musk’s X Digital Markets Act, EU fines

The EU’s AWS “Master Key”: How a Compromised Trivy Update Leaked 340GB of Data

Ddos April 3, 2026

The digital defenses of the European Union faced a significant test this March as a sophisticated supply-chain...

The Human Variable: How a Masterful Phishing Ruse Hijacked Axios and 100 Million Users Axios Vulnerability Cloud Hijacking Axios npm supply chain attack Axios Vulnerability Node.js DoS CVE-2025-58754 CVE-2025-27152 Axios Vulnerability, Form-Data Flaw

Axios Vulnerability Cloud Hijacking Axios npm supply chain attack Axios Vulnerability Node.js DoS CVE-2025-58754 CVE-2025-27152 Axios Vulnerability, Form-Data Flaw

The Human Variable: How a Masterful Phishing Ruse Hijacked Axios and 100 Million Users

Ddos April 3, 2026

The esteemed open-source library Axios, a staple of the contemporary industry, recently fell victim to a cyber...

The BPO Backdoor: How “Mr. Raccoon” Swiped 13 Million Adobe Support Tickets Adobe BPO Breach Mr. Raccoon Hacker

The BPO Backdoor: How “Mr. Raccoon” Swiped 13 Million Adobe Support Tickets

Ddos April 3, 2026

The cybersecurity world is reeling following reports of a massive data breach at Adobe, orchestrated by a...

Weaver E-cology RCE CVE-2026-22679 CVE-2026-20127 Cisco SD-WAN Exploitation AI-Driven Cyberattack ARXON Malware React Server Components Vulnerability CVE-2025-55182 FortiWeb Auth Bypass, Unauthenticated Admin Takeover RayInitiator Bootkit, LINE VIPER CVE-2025-59689 Department of the Treasury cybersecurity - CVE-2025-0108 PoC CVE-2025-31103 Dior Data Breach SK Telecom data breach, long-term intrusion

TrueChaos: The TrueConf Zero-Day That Turned Secure Updates Into a Government Espionage Backdoor

Ddos April 1, 2026

A trusted communication tool has been turned into a weapon of mass malware distribution. Check Point Research...

183 Million Targets: Inside the North Korean Supply Chain Strike on Axios and the WAVESHAPER Backdoor axios Supply Chain Attack WAVESHAPER.V2 SnappyBee Malware Salt Typhoon Stately Taurus ScoringMathTea RAT, Lazarus Reflective DLL

axios Supply Chain Attack WAVESHAPER.V2 SnappyBee Malware Salt Typhoon Stately Taurus ScoringMathTea RAT, Lazarus Reflective DLL

183 Million Targets: Inside the North Korean Supply Chain Strike on Axios and the WAVESHAPER Backdoor

Ddos April 1, 2026

The Google Threat Intelligence Group (GTIG) has issued an urgent warning regarding a sophisticated software supply chain...

Axios Under Siege: Critical npm Supply Chain Attack Hijacks Lead Maintainer to Drop Multi-Platform RAT TanStack Typosquatting npm Supply Chain Attack Axios Supply Chain Attack npm Poisoning eScan Supply Chain Attack Antivirus Compromise APT-36, NCERT WhatsApp Advisory FBI alert, Salesforce Salt Typhoon, APT group ConnectWise ScreenConnect hack Nation-state cyberattack FortiGate Leak - zkLend vulnerability - TRIPLESTRENGTH Threat Actor Group Dark Storm

TanStack Typosquatting npm Supply Chain Attack Axios Supply Chain Attack npm Poisoning eScan Supply Chain Attack Antivirus Compromise APT-36, NCERT WhatsApp Advisory FBI alert, Salesforce Salt Typhoon, APT group ConnectWise ScreenConnect hack Nation-state cyberattack FortiGate Leak - zkLend vulnerability - TRIPLESTRENGTH Threat Actor Group Dark Storm

Axios Under Siege: Critical npm Supply Chain Attack Hijacks Lead Maintainer to Drop Multi-Platform RAT

Ddos March 31, 2026

Security researchers at StepSecurity have issued an emergency warning regarding a high-stakes supply chain attack targeting axios,...

Nasir Security’s Hybrid Warfare Against Middle East Energy Infrastructure Nasir Security Supply Chain Attack

Nasir Security’s Hybrid Warfare Against Middle East Energy Infrastructure

Ddos March 27, 2026

A new and enigmatic threat actor is casting a long shadow over the Middle East’s energy sector....

GhostClaw Rising: AI-Assisted Malware Campaign Targets macOS via Malicious GitHub Repos GhostClaw Malware GitHub Supply Chain

GhostClaw Rising: AI-Assisted Malware Campaign Targets macOS via Malicious GitHub Repos

Ddos March 26, 2026

Jamf Threat Labs has released a new report detailing the evolution of GhostClaw, a sophisticated malware campaign...

Critical 9.4 CVSS Flaw Exposes Harbor Registries to Total Hijack Harbor Registry Supply Chain Attack

Critical 9.4 CVSS Flaw Exposes Harbor Registries to Total Hijack

Ddos March 25, 2026

The CERT Coordination Center (CERT/CC) has issued a critical security warning regarding GoHarbor’s Harbor, a widely used...

95 Million Downloads Hijacked: The LiteLLM PyPI Backdoor Targeting AI Developers LiteLLM PyPI Supply Chain Attack

95 Million Downloads Hijacked: The LiteLLM PyPI Backdoor Targeting AI Developers

Ddos March 25, 2026

A relentless cyber-espionage campaign has expanded its reach into the heart of the AI development ecosystem. Security...

‘Keenadu’ Firmware Backdoor Hijacks Android from the Inside Out Keenadu Malware Android Firmware Backdoor

‘Keenadu’ Firmware Backdoor Hijacks Android from the Inside Out

Ddos March 24, 2026

Security analysts have uncovered a sophisticated firmware-level infection targeting the heart of the Android operating system. A...

GemStuffer RubyGems Campaign RubyGems Data Exfiltration TanStack npm Compromise Supply Chain Attack DNS Hijacking APT28 (Fancy Bear) OpenVSX Supply Chain Attack Checkmarx Plugin Breach Stryker Cyberattack CISA Alert Trans-Regional Cyber Conflict Operation Epic Fury Cyber Operation MacroMaze APT28 Cyber Espionage Notepad++ Supply Chain Attack Lotus Blossom Group Defense Industrial Base Threats GTIG Report APT28 Operation Neusploit CVE-2026-21509 Bookworm Malware

Checkmarx Alert: Malicious Plugins and GitHub Actions Hit OpenVSX in New Supply Chain Attack

Ddos March 24, 2026

Today, security firm Checkmarx has identified a recent supply chain security incident. The breach involved the publication...

‘Speagle’ Malware Hijacks Security Software to Steal Missile Secrets TanStack Typosquatting npm Supply Chain Attack Axios Supply Chain Attack npm Poisoning eScan Supply Chain Attack Antivirus Compromise APT-36, NCERT WhatsApp Advisory FBI alert, Salesforce Salt Typhoon, APT group ConnectWise ScreenConnect hack Nation-state cyberattack FortiGate Leak - zkLend vulnerability - TRIPLESTRENGTH Threat Actor Group Dark Storm

‘Speagle’ Malware Hijacks Security Software to Steal Missile Secrets

Ddos March 23, 2026

In a sophisticated display of “parasitic” engineering, a mysterious new threat has been discovered living within the...

Malicious Windsurf IDE Extension Uses Solana Blockchain to Steal Developer Data Windsurf Stealer Solana Blockchain Malware

Malicious Windsurf IDE Extension Uses Solana Blockchain to Steal Developer Data

Ddos March 22, 2026

Security researchers at Bitdefender have uncovered a sophisticated cyberattack targeting the developer community through a malicious extension...

Below the EDR: How Unsecured IP-KVM Switches Grant Total System Takeover IP-KVM Vulnerabilities Hardware Security

Below the EDR: How Unsecured IP-KVM Switches Grant Total System Takeover

Ddos March 22, 2026

Security researchers Reynaldo Vasquez Garcia and Paul Asadoorian from Eclypsium have issued a warning regarding a category...

Developer Alert: “CursorJack” Technique Weaponizes Deeplinks to Hijack Cursor IDE CursorJack Cursor Vulnerability

Developer Alert: “CursorJack” Technique Weaponizes Deeplinks to Hijack Cursor IDE

Ddos March 20, 2026

Security researchers at Proofpoint Threat Research have detailed a novel exploitation method dubbed CursorJack, which targets the...