supply chain attack Archives • Page 7 of 12 • Daily CyberSecurity

Critical Hackers Weaponize npm to Hunt Critical Infrastructure Sales Teams Supply Chain Phishing, npm Abuse

Critical Hackers Weaponize npm to Hunt Critical Infrastructure Sales Teams

Do Son December 25, 2025

A new investigation by The Socket Threat Research Team has uncovered a sophisticated spear-phishing operation that has...

Poisoned Dependencies: How Nethereum.All and 10M+ Fake Downloads Looted .NET Crypto Developers Nethereum.All Malicious Package, NuGet Supply Chain

Nethereum.All Malicious Package, NuGet Supply Chain

Poisoned Dependencies: How Nethereum.All and 10M+ Fake Downloads Looted .NET Crypto Developers

Do Son December 19, 2025

A sophisticated supply chain campaign targeting .NET developers working with cryptocurrency has been uncovered, revealing a network...

5-Year Threat: Malicious NuGet Package Used Homoglyphs and Typosquatting to Steal Crypto Wallets NuGet Crypto Stealer, Homoglyph Attack

5-Year Threat: Malicious NuGet Package Used Homoglyphs and Typosquatting to Steal Crypto Wallets

Do Son December 16, 2025

A malicious NuGet package masquerading as a popular .NET logging tool has been caught stealing cryptocurrency wallet...

VS Code Supply Chain Attack: 19 Extensions Used Typosquatting & Steganography to Deploy Rust Trojan

Do Son December 15, 2025

A sophisticated malware campaign has been uncovered within the Visual Studio Code (VS Code) Marketplace, exposing a...

Urgent Patch: Notepad++ WinGUp Flaw Allowed Malware to Hijack Updates CVE-2023-40031 Notepad++ Update Hijacking, WinGUp Vulnerability

Urgent Patch: Notepad++ WinGUp Flaw Allowed Malware to Hijack Updates

Do Son December 11, 2025

Security researchers recently uncovered a vulnerability in the open-source text and code editor Notepad++, allowing attackers in...

Stealth Supply Chain Attack: Malicious Rust Crate Used Unpinned Dependency for Silent Payload Upgrades Rust Typosquatting, Unpinned Dependency Attack

Rust Typosquatting, Unpinned Dependency Attack

Stealth Supply Chain Attack: Malicious Rust Crate Used Unpinned Dependency for Silent Payload Upgrades

Do Son December 8, 2025

A popular bioinformatics tool became the latest lure in a software supply chain attack, as threat actors...

Malicious Rust Package ‘evm-units’ Exposes Crypto Developers to Stealth Attacks Rust Crates.io Backdoor, EVM Stealth Loader

Malicious Rust Package ‘evm-units’ Exposes Crypto Developers to Stealth Attacks

Do Son December 3, 2025

A seemingly innocent utility for Ethereum developers has been unmasked as a sophisticated stealth loader. The Socket...

ChatGPT Lockdown Mode OpenAI OpenClaw acquisition OpenAI Prism GPT-5.2 LaTeX, scientific research AI workspace OpenAI, Mixpanel Breach ChatGPT Data Preservation, NYT Lawsuit ChatGPT Apps SDK, super app OpenAI Jony Ive, AI Hardware Delay Musk Apple lawsuit, App Store antitrust UK AI Partnership, OpenAI Collaboration Jony Ive OpenAI, DoD Contract OpenAI Lawsuit, ChatGPT Privacy North Korea ChatGPT - GPT-4.5 model OpenAI Models, AI Advancements OpenAI pricing, Flex API

OpenAI API Users Exposed in Mixpanel Security Breach

Do Son November 28, 2025

In a significant reminder of the risks inherent to the digital supply chain, artificial intelligence giant OpenAI...

The “Korean Leaks” Siege: Qilin & North Korea Cripple Financial Sector via MSP Hack Korean Leaks, Qilin Ransomware

The “Korean Leaks” Siege: Qilin & North Korea Cripple Financial Sector via MSP Hack

Do Son November 28, 2025

A sophisticated and unprecedented cyber campaign has struck the heart of South Korea’s financial infrastructure. In a...

China’s APT24 Launches Stealth BADAUDIO Malware, Hitting 1,000+ Domains via Taiwanese Supply Chain Hack APT24 BADAUDIO, Taiwan Supply Chain Hack

China’s APT24 Launches Stealth BADAUDIO Malware, Hitting 1,000+ Domains via Taiwanese Supply Chain Hack

Do Son November 24, 2025

Google’s Threat Intelligence Group (GTIG) has released a comprehensive analysis exposing a long-running and adaptive cyber-espionage campaign...

PyPI Typosquat Delivers Multi-Layer Python RAT, Bypassing Scanners with XOR Encryption PyPI supply chain attack Socket malware detection PyPI Typosquat, Python RAT

PyPI supply chain attack Socket malware detection PyPI Typosquat, Python RAT

PyPI Typosquat Delivers Multi-Layer Python RAT, Bypassing Scanners with XOR Encryption

Do Son November 24, 2025

HelixGuard researchers have uncovered a malicious Python package uploaded to PyPI that impersonates the widely used “pyspellchecker”...

Salesforce Revokes Access Tokens: Gainsight App Breach May Have Exposed Customer Data Salesforce Gainsight Breach AppExchange Security Vishing, Salesforce Attack UNC6040

Salesforce Gainsight Breach AppExchange Security Vishing, Salesforce Attack UNC6040

Salesforce Revokes Access Tokens: Gainsight App Breach May Have Exposed Customer Data

Do Son November 21, 2025

Salesforce has issued an urgent security alert after discovering unusual activity involving Gainsight-published applications connected to its...

npm Supply Chain Attack: Hackers Use Adspect Cloaking and Fake Crypto CAPTCHA to Deceive Victims and Researchers npm Adspect Cloaking, Fake Crypto CAPTCHA

npm Adspect Cloaking, Fake Crypto CAPTCHA

npm Supply Chain Attack: Hackers Use Adspect Cloaking and Fake Crypto CAPTCHA to Deceive Victims and Researchers

Do Son November 19, 2025

The Socket Threat Research Team has uncovered a highly coordinated malware campaign operating across seven npm packages,...

Record Supply Chain Attack: 150,000+ Malicious npm Packages Flooded Registry for Token Farming Rewards npm Token Farming, Supply Chain Flooding

Record Supply Chain Attack: 150,000+ Malicious npm Packages Flooded Registry for Token Farming Rewards

Do Son November 17, 2025

In one of the largest open-source supply chain incidents ever recorded, Amazon Inspector security researchers have uncovered...

NuGet Sabotage: Time-Delayed Logic in 9 Packages Risks Total App Destruction on Hardcoded Dates NuGet Supply Chain Sabotage, Time-Delayed Destructive Logic

NuGet Supply Chain Sabotage, Time-Delayed Destructive Logic

NuGet Sabotage: Time-Delayed Logic in 9 Packages Risks Total App Destruction on Hardcoded Dates

Do Son November 10, 2025

A sophisticated supply-chain attack has been uncovered in the NuGet package registry, where nine packages published under...

GlassWorm Worm Resurfaces: Invisible Unicode Malware Re-Infects VS Code Extensions, Spreads to GitHub LokiBot Steganography, .NET Loader PlugX malware YiBackdoor, ransomware

LokiBot Steganography, .NET Loader PlugX malware YiBackdoor, ransomware

GlassWorm Worm Resurfaces: Invisible Unicode Malware Re-Infects VS Code Extensions, Spreads to GitHub

Do Son November 10, 2025

A sophisticated, self-propagating malware campaign known as GlassWorm has re-emerged, infecting three new VS Code extensions and...

Vidar Infostealer Hits npm for the First Time via 17 Typosquatted Packages and Postinstall Scripts Vidar npm Supply Chain, Typosquatting

Vidar Infostealer Hits npm for the First Time via 17 Typosquatted Packages and Postinstall Scripts

Do Son November 10, 2025

Researchers at Datadog Security Research have uncovered a major supply-chain compromise in the npm ecosystem involving 17...

PhantomRaven: 126 Malicious npm Packages Steal Developer Tokens and Secrets Using Hidden Dependencies npm RDD Supply Chain, Slopsquatting

PhantomRaven: 126 Malicious npm Packages Steal Developer Tokens and Secrets Using Hidden Dependencies

Do Son October 31, 2025

Koi Security has uncovered a massive supply-chain campaign dubbed PhantomRaven, which has silently infected the npm ecosystem...

Nation-State Espionage: Airstalk Malware Hijacks VMware AirWatch (MDM) API for Covert C2 Channel

Do Son October 31, 2025

Palo Alto Networks’ Unit 42 Threat Intelligence team has uncovered a sophisticated new malware family dubbed Airstalk,...

npm Typosquat Campaign: 10 Malicious Packages Deliver PyInstaller Infostealer via Fake CAPTCHA npm Typosquatting, PyInstaller Stealer

npm Typosquat Campaign: 10 Malicious Packages Deliver PyInstaller Infostealer via Fake CAPTCHA

Do Son October 30, 2025

The Socket Threat Research Team has uncovered an extensive supply chain attack targeting the npm ecosystem, involving...