supply chain attack Archives • Page 6 of 11 • Daily CyberSecurity

“Evelyn Stealer” Weaponizes Visual Studio Code Extensions KTLVdoor backdoor - CoffeeLoader Malware

“Evelyn Stealer” Weaponizes Visual Studio Code Extensions

Ddos January 21, 2026

The tools that software developers trust most are being turned against them in a sophisticated new malware...

CodeBreach: Missing Regex Anchors Exposed AWS Console to Takeover CodeBreach Vulnerability AWS Supply Chain Attack

CodeBreach: Missing Regex Anchors Exposed AWS Console to Takeover

Ddos January 17, 2026

A seemingly minor misconfiguration in a regular expression could have allowed attackers to seize control of critical...

Keylogger Found Harvesting Credentials on Top US Bank’s Employee Store Bank Employee Store Breach Sansec Keylogger

Keylogger Found Harvesting Credentials on Top US Bank’s Employee Store

Ddos January 17, 2026

Security researchers at Sansec have discovered an active keylogger planted on the employee merchandise store of a...

Zero-Day Threat: UAT-8837 Targets North American Infrastructure Mercenary Akula European Financial Targeting AI-Generated Malware React2Shell Exploit UAT-8837 Critical Infrastructure Attack APT36, BOSS Linux BRICKSTORM Malware, China Espionage Curly COMrades, MucorAgent Chinese APT - HTTP Client Tools Shuckworm Cyber Espionage

Mercenary Akula European Financial Targeting AI-Generated Malware React2Shell Exploit UAT-8837 Critical Infrastructure Attack APT36, BOSS Linux BRICKSTORM Malware, China Espionage Curly COMrades, MucorAgent Chinese APT - HTTP Client Tools Shuckworm Cyber Espionage

Zero-Day Threat: UAT-8837 Targets North American Infrastructure

Ddos January 16, 2026

A sophisticated threat actor, tentatively linked to China, is aggressively targeting critical infrastructure in North America with...

Trusted Tool Turned Traitor: Signed ‘ahost.exe’ Weaponized to Sideload Malware ahost.exe DLL Sideloading Signed Application Abuse PS1Bot, malware ransomware attacks bill

ahost.exe DLL Sideloading Signed Application Abuse PS1Bot, malware ransomware attacks bill

Trusted Tool Turned Traitor: Signed ‘ahost.exe’ Weaponized to Sideload Malware

Ddos January 16, 2026

A routine utility often bundled with developer tools has been weaponized by cybercriminals to bypass security scanners...

VoidLink: The “Cloud-First” Malware Hunting Your Linux Servers Lotus Wiper Digital Sabotage G_Wagon Malware NPM Supply Chain Attack IMAPLoader malware ResolverRAT Malware Evasion

Lotus Wiper Digital Sabotage G_Wagon Malware NPM Supply Chain Attack IMAPLoader malware ResolverRAT Malware Evasion

VoidLink: The “Cloud-First” Malware Hunting Your Linux Servers

Ddos January 14, 2026

A new, highly sophisticated malware framework has emerged from the shadows, specifically engineered to infest the modern...

NodeCordRAT: The Trojan Hiding in NPM to Steal Crypto via Discord NodeCordRAT NPM Supply Chain Attack

NodeCordRAT: The Trojan Hiding in NPM to Steal Crypto via Discord

Ddos January 9, 2026

The open-source ecosystem has once again been weaponized, this time targeting developers working with cryptocurrency libraries. In...

macOS Developers in the Crosshairs: GlassWorm’s Wave 4 Exploits VS Code to Trojanize Hardware Wallets GlassWorm Wave 4, macOS Supply Chain Attack

GlassWorm Wave 4, macOS Supply Chain Attack

macOS Developers in the Crosshairs: GlassWorm’s Wave 4 Exploits VS Code to Trojanize Hardware Wallets

Ddos January 6, 2026

The resilient “GlassWorm” threat actor, known for embedding malicious code into Visual Studio Code extensions, has returned...

New “Eternl Desktop” Phishing Lure Drops LogMeIn to Hijack Cardano Wallets

Ddos January 2, 2026

The Cardano community is currently in the crosshairs of a highly sophisticated “wolf in sheep’s clothing” campaign....

EmEditor Compromised: “WALSHAM” Imposter Poisons Official Installer with Spyware Kali365 phishing platform EmEditor Supply Chain Attack, WALSHAM INVESTMENTS LIMITED EggStreme, fileless malware North Korea Cybercrime, Remote IT Job Fraud RedDelta APT

Kali365 phishing platform EmEditor Supply Chain Attack, WALSHAM INVESTMENTS LIMITED EggStreme, fileless malware North Korea Cybercrime, Remote IT Job Fraud RedDelta APT

EmEditor Compromised: “WALSHAM” Imposter Poisons Official Installer with Spyware

Ddos December 29, 2025

In a major supply chain security incident, the popular text editor EmEditor has confirmed that its official...

The Christmas Drain: How a Backdoor in Trust Wallet v2.68 Stole $7M Trust Wallet Shai-Hulud attack, NPM supply chain crypto heist Trust Wallet supply-chain attack 2025, v2.68.0 malicious update

Trust Wallet Shai-Hulud attack, NPM supply chain crypto heist Trust Wallet supply-chain attack 2025, v2.68.0 malicious update

The Christmas Drain: How a Backdoor in Trust Wallet v2.68 Stole $7M

Ddos December 29, 2025

The well-known cryptocurrency wallet extension Trust Wallet appears to have recently fallen victim to a supply-chain attack....

“Prefix Swap” Panic: Sophisticated “Jackson” Imposter Infiltrates Maven Central Maven Prefix Swap, jackson-databind Malware Effective Malware Cleaner

Maven Prefix Swap, jackson-databind Malware Effective Malware Cleaner

“Prefix Swap” Panic: Sophisticated “Jackson” Imposter Infiltrates Maven Central

Ddos December 29, 2025

The Java ecosystem, long considered a fortress compared to the wild west of npm, has been breached...

“LotusBail” Trap: 56,000 Developers Downloaded a Fake WhatsApp API That Works perfectly—While Stealing Everything

Ddos December 25, 2025

A new investigation by Koi Security has exposed a highly sophisticated supply chain attack lurking in the...

Hackers Weaponize npm to Hunt Critical Infrastructure Sales Teams Supply Chain Phishing, npm Abuse

Hackers Weaponize npm to Hunt Critical Infrastructure Sales Teams

Ddos December 25, 2025

A new investigation by The Socket Threat Research Team has uncovered a sophisticated spear-phishing operation that has...

Poisoned Dependencies: How Nethereum.All and 10M+ Fake Downloads Looted .NET Crypto Developers Nethereum.All Malicious Package, NuGet Supply Chain

Nethereum.All Malicious Package, NuGet Supply Chain

Poisoned Dependencies: How Nethereum.All and 10M+ Fake Downloads Looted .NET Crypto Developers

Ddos December 19, 2025

A sophisticated supply chain campaign targeting .NET developers working with cryptocurrency has been uncovered, revealing a network...

5-Year Threat: Malicious NuGet Package Used Homoglyphs and Typosquatting to Steal Crypto Wallets NuGet Crypto Stealer, Homoglyph Attack

5-Year Threat: Malicious NuGet Package Used Homoglyphs and Typosquatting to Steal Crypto Wallets

Ddos December 16, 2025

A malicious NuGet package masquerading as a popular .NET logging tool has been caught stealing cryptocurrency wallet...

VS Code Supply Chain Attack: 19 Extensions Used Typosquatting & Steganography to Deploy Rust Trojan

Ddos December 15, 2025

A sophisticated malware campaign has been uncovered within the Visual Studio Code (VS Code) Marketplace, exposing a...

Urgent Patch: Notepad++ WinGUp Flaw Allowed Malware to Hijack Updates CVE-2023-40031 Notepad++ Update Hijacking, WinGUp Vulnerability

Urgent Patch: Notepad++ WinGUp Flaw Allowed Malware to Hijack Updates

Ddos December 11, 2025

Security researchers recently uncovered a vulnerability in the open-source text and code editor Notepad++, allowing attackers in...

Stealth Supply Chain Attack: Malicious Rust Crate Used Unpinned Dependency for Silent Payload Upgrades Rust Typosquatting, Unpinned Dependency Attack

Rust Typosquatting, Unpinned Dependency Attack

Stealth Supply Chain Attack: Malicious Rust Crate Used Unpinned Dependency for Silent Payload Upgrades

Ddos December 8, 2025

A popular bioinformatics tool became the latest lure in a software supply chain attack, as threat actors...

Malicious Rust Package ‘evm-units’ Exposes Crypto Developers to Stealth Attacks Rust Crates.io Backdoor, EVM Stealth Loader

Malicious Rust Package ‘evm-units’ Exposes Crypto Developers to Stealth Attacks

Ddos December 3, 2025

A seemingly innocent utility for Ethereum developers has been unmasked as a sophisticated stealth loader. The Socket...