Supply Chain Archives • Page 2 of 4 • Daily CyberSecurity

CERT/CC Warns of Code Execution Flaws in Lite XL Text Editor (CVE-2025-12120, CVE-2025-12121) Lite XL RCE, Lua Autoloading

CERT/CC Warns of Code Execution Flaws in Lite XL Text Editor (CVE-2025-12120, CVE-2025-12121)

Do Son November 13, 2025

The CERT Coordination Center (CERT/CC) has issued a vulnerability note highlighting two severe security flaws in Lite...

Cloud Abuse: TruffleNet BEC Campaign Hijacks AWS SES and Portainer to Orchestrate 800+ Malicious Hosts AWS SES Abuse, Portainer C2

Cloud Abuse: TruffleNet BEC Campaign Hijacks AWS SES and Portainer to Orchestrate 800+ Malicious Hosts

Do Son November 3, 2025

Fortinet’s FortiGuard Labs has identified a widespread cloud abuse campaign, dubbed “TruffleNet,” that leverages stolen AWS credentials...

Symantec Exposes Chinese APT Overlap: Zingdoor, ShadowPad, and KrustyLoader Used in Global Espionage Chinese APT Overlap, Zingdoor ShadowPad

Symantec Exposes Chinese APT Overlap: Zingdoor, ShadowPad, and KrustyLoader Used in Global Espionage

Do Son October 23, 2025

Symantec’s investigation uncovered a complex web of interconnected Chinese espionage operations, with infrastructure and tooling overlapping multiple...

Socket Uncovers Malicious NuGet Typosquat “Netherеum.All” Exfiltrating Wallet Keys via Solana-Themed C2 NuGet Typosquat, Homoglyph Attack

Socket Uncovers Malicious NuGet Typosquat “Netherеum.All” Exfiltrating Wallet Keys via Solana-Themed C2

Do Son October 23, 2025

Researchers from Socket’s Threat Research Team have uncovered an active homoglyph typosquat on NuGet impersonating the widely...

North Korea’s Famous Chollima APT Uses Trojanized Node.js App to Deploy OtterCookie RAT for Crypto Theft

Do Son October 17, 2025

A new report from Cisco Talos has exposed a malware campaign linked to Famous Chollima, a North...

Qilin Ransomware’s Resilience Exposed: Bulletproof Hosting Network Underpins Asahi Group Holdings Attack Qilin Bulletproof Hosting, Asahi Group Ransomware

Qilin Bulletproof Hosting, Asahi Group Ransomware

Qilin Ransomware’s Resilience Exposed: Bulletproof Hosting Network Underpins Asahi Group Holdings Attack

Do Son October 17, 2025

A new report from Resecurity’s HUNTER unit has exposed the global web of bulletproof hosting (BPH) providers...

F5 Networks Breached by Nation-State Actor, BIG-IP Source Code and Undisclosed Vulnerabilities Stolen F5 Nation-State Breach, BIG-IP Source Code Leak

F5 Nation-State Breach, BIG-IP Source Code Leak

F5 Networks Breached by Nation-State Actor, BIG-IP Source Code and Undisclosed Vulnerabilities Stolen

Do Son October 16, 2025

F5 Networks has disclosed that a “highly sophisticated nation-state threat actor” infiltrated its internal systems, exfiltrating files...

China’s Jewelbug APT Breaches Russian IT Provider for 5 Months, Using Yandex Cloud and Graph API C2 Jewelbug Russian Intrusion, Graph API C2

China’s Jewelbug APT Breaches Russian IT Provider for 5 Months, Using Yandex Cloud and Graph API C2

Do Son October 16, 2025

A new investigation by The Symantec Threat Hunter Team has revealed that the Chinese APT group “Jewelbug”...

China-Backed Flax Typhoon APT Maintained Year-Long Access by Turning ArcGIS SOE into Web Shell Backdoor Flax Typhoon ArcGIS Backdoor, SOE Web Shell

Flax Typhoon ArcGIS Backdoor, SOE Web Shell

China-Backed Flax Typhoon APT Maintained Year-Long Access by Turning ArcGIS SOE into Web Shell Backdoor

Do Son October 16, 2025

A newly released report from ReliaQuest reveals how the China-backed advanced persistent threat (APT) group “Flax Typhoon”...

Critical Supply Chain Flaw: Clevo UEFI Firmware Leaked Intel Boot Guard Private Keys (CVE-2025-11577) Intel Boot Guard Key Leak, Clevo UEFI

Critical Supply Chain Flaw: Clevo UEFI Firmware Leaked Intel Boot Guard Private Keys (CVE-2025-11577)

Do Son October 14, 2025

The CERT Coordination Center (CERT/CC) has issued a warning regarding a critical supply chain vulnerability — CVE-2025-11577...

iOS 27 Liquid Glass slider iPhone Flip rumors 2026 Setapp Mobile iOS shutdown, Apple DMA political delay tactics Apple AI pin wearable 2027, Siri Campos Gemini integration Apple AI strategy 2026, Liquid Glass interface Apple Intelligence Mac Pro Cancelled Mac Studio Future App Store antitrust, UK lawsuit iPhone Fold Hinge, Cost Optimization MacBook Pro, OLED display Apple supply chain, manufacturing automation Apple home security, smart camera Apple Earnings, AI Investment Apple EU Fine, DMA Appeal CVE-2023-23529

iPhone Fold Hinge Costs Drop to $70-$80, Boosting Viability for Mass Production in 2026

Do Son October 14, 2025

The long-rumored foldable iPhone — tentatively referred to as the iPhone Fold — has yet to be...

Axis Communications Leaks Azure Credentials in Autodesk Plugin Via Hardcoded SAS Tokens Fiverr Data Leak Claude Code Leak Anthropic DMCA Takedown Coupang 33.7M Breach South Korea Data Leak Red Hat Breach, Customer Data Theft Farmers Insurance, Salesforce ESLint Plugin -Mamont Android banking Trojan

Fiverr Data Leak Claude Code Leak Anthropic DMCA Takedown Coupang 33.7M Breach South Korea Data Leak Red Hat Breach, Customer Data Theft Farmers Insurance, Salesforce ESLint Plugin -Mamont Android banking Trojan

Axis Communications Leaks Azure Credentials in Autodesk Plugin Via Hardcoded SAS Tokens

Do Son October 13, 2025

Trend Micro’s Threat Research team has uncovered a serious cloud credential exposure involving Axis Communications, a leading...

Beamglea Campaign: Hackers Abuse 175 npm Packages and unpkg CDN for Large-Scale Phishing npm Phishing, Beamglea

Beamglea Campaign: Hackers Abuse 175 npm Packages and unpkg CDN for Large-Scale Phishing

Do Son October 11, 2025

Socket’s Threat Research Team has uncovered a massive supply-chain abuse campaign leveraging npm’s public registry and unpkg.com’s...

Apple’s Indian Supply Chain Expands: 350,000 Jobs Created and Full iPhone 17 Assembly Planned iOS Android Interoperability, DMA Ecosystem Apple India Supply Chain, iPhone Manufacturing

iOS Android Interoperability, DMA Ecosystem Apple India Supply Chain, iPhone Manufacturing

Apple’s Indian Supply Chain Expands: 350,000 Jobs Created and Full iPhone 17 Assembly Planned

Do Son October 6, 2025

As the scale of iPhone assembly and exports in India continues to expand year after year, Apple’s...

ShinyHunters Expands With AI-Powered Vishing, Supply Chain Intrusions, and Insider Recruitment Open VSX Malware String-Fragment Reconstruction DarkCloud Stealer, steganography APT 35 Charming Kitten cyclops

Open VSX Malware String-Fragment Reconstruction DarkCloud Stealer, steganography APT 35 Charming Kitten cyclops

ShinyHunters Expands With AI-Powered Vishing, Supply Chain Intrusions, and Insider Recruitment

Do Son September 19, 2025

ShinyHunters, one of the most notorious financially motivated eCrime groups, is broadening its arsenal with AI-driven social...

shell-quote command injection AI-Driven Vulnerabilities Q1 2026 Cyber Threats vm2 Sandbox Escape Node.js RCE upKeeper Privilege Escalation CVE-2026-2449 Pharos Controls Vulnerability Root Access Exploit Cybersecurity Vulnerability Roundup CVSS 10.0 Flaws Shadow Archives CVE-2026-0866 MS-Agent Prompt Injection CVE-2026-2256 basic-ftp Path Traversal CVE-2026-27699 telnetd Root Vulnerability CVE-1999-0073 Regression USR-W610 Vulnerabilities End-of-Life IoT Security IceWarp Security Update IceWarp Vulnerabilities Airleader Master Vulnerability CVE-2026-1358 ZLAN5143D Vulnerability CISA ICS Advisory Acronis Cyber Protect Vulnerability CVE-2025-30411 WAGO 852 Vulnerability OT Network Security SandboxJS Vulnerability Sandbox Escape (CVSS 10.0) Kubernetes Local Path Provisioner CVE-2025-62878 CISA Unresponsive Vendors Avation & RISS Vulnerabilities KiloView Vulnerability CVE-2026-1453 OpenClaw RCE vulnerability Johnson Controls Vulnerability CVE-2025-26385 SandboxJS Vulnerability CVE-2026-23830 ibaPDA Vulnerability CVE-2025-14988 Protobuf Vulnerability CVE-2026-0994 AVEVA Process Optimization Vulnerability CVE-2025-61937 ConnectWise PSA Vulnerability CVE-2026-0695 Aruba VIA Vulnerability CVE-2025-37186 aiohttp v3.13.3, Denial of Service (DoS) SmarterMail RCE, CVE-2025-52691 Airoha RACE, Headphone Jacking HPE OneView RCE CVE-2025-37164 FreePBX Auth Bypass, PBX Takeover ScreenConnect Config Flaw, Untrusted Extensions Ruby SAML Auth Bypass, XML Parser Differential Devolutions SQL Injection, Password Manager Flaw Vivotek Unauthenticated RCE, EOL IP Camera Flaw Lynx+ Critical Flaw, Unauthenticated Reset Firebox Default Credentials, CVE-2025-59396 Veeder-Root RCE, Critical ATG Flaw ArcGIS Server SQLi Watchdoc RCE, CVE-2025-58384 Delta DIALink Daikin Security Gateway, authentication bypass Frostbyte10, industrial controller security SunPower, vulnerability Ubiquiti UniFi Connect, EV Station Vulnerabilities Adobe Experience Manager, RCE Vulnerability UniFi Access, Command Injection LDAPNightmare - CVE-2025-1316

Frostbyte10: The Critical Flaws Threatening Global Supply Chains

Do Son September 4, 2025

Researchers at Armis Labs have uncovered a set of ten severe vulnerabilities in Copeland E2 and E3...

Apple Is Forcing Its Suppliers to Embrace Full Automation

Do Son September 2, 2025

Reports suggest that Apple is restructuring its global supply chain, not merely shifting production away from China...

CVE-2025-58158 Flaw in Harness Gitness Allows Arbitrary File Write Harness Gitness, arbitrary file write

CVE-2025-58158 Flaw in Harness Gitness Allows Arbitrary File Write

Do Son September 2, 2025

The open-source DevOps ecosystem has been hit with another critical security issue—this time in Harness Open Source,...

A New Race for Silicon: Apple Secures Half of TSMC’s 2nm Chip Production Apple silicon, in-house chips Apple Event, iPhone 17 Air TSMC, 2nm chips

A New Race for Silicon: Apple Secures Half of TSMC’s 2nm Chip Production

Do Son August 29, 2025

According to information obtained by DigiTimes, Apple has reportedly reserved nearly half of TSMC’s 2nm production capacity,...

The Reversed Phishing Attack: New Campaign Triggers Victims to Call Hackers NATS-as-C2 Sysdig CVE-2026-33017 Langflow RCE Microsoft Phone Link Hijack CloudZ Pheno Plugin Insider Threat BlackCat (ALPHV) OFAC Sanctions DPRK IT Workers Transparent Tribe APT36 React2Shell, EtherRAT SideWinder Espionage, Netlify Phishing DDNS Abuse, C2 Infrastructure Hacking Health Club

NATS-as-C2 Sysdig CVE-2026-33017 Langflow RCE Microsoft Phone Link Hijack CloudZ Pheno Plugin Insider Threat BlackCat (ALPHV) OFAC Sanctions DPRK IT Workers Transparent Tribe APT36 React2Shell, EtherRAT SideWinder Espionage, Netlify Phishing DDNS Abuse, C2 Infrastructure Hacking Health Club

The Reversed Phishing Attack: New Campaign Triggers Victims to Call Hackers

Do Son August 28, 2025

Check Point Research (CPR) has exposed a new phishing campaign dubbed ZipLine, which flips the traditional social...

Critical Alert 3 Active Exploits Detected Today

Critical Alert

Supply Chain

CERT/CC Warns of Code Execution Flaws in Lite XL Text Editor (CVE-2025-12120, CVE-2025-12121)

Symantec Exposes Chinese APT Overlap: Zingdoor, ShadowPad, and KrustyLoader Used in Global Espionage

Socket Uncovers Malicious NuGet Typosquat “Netherеum.All” Exfiltrating Wallet Keys via Solana-Themed C2

North Korea’s Famous Chollima APT Uses Trojanized Node.js App to Deploy OtterCookie RAT for Crypto Theft

Qilin Ransomware’s Resilience Exposed: Bulletproof Hosting Network Underpins Asahi Group Holdings Attack

F5 Networks Breached by Nation-State Actor, BIG-IP Source Code and Undisclosed Vulnerabilities Stolen

China’s Jewelbug APT Breaches Russian IT Provider for 5 Months, Using Yandex Cloud and Graph API C2

China-Backed Flax Typhoon APT Maintained Year-Long Access by Turning ArcGIS SOE into Web Shell Backdoor

Critical Supply Chain Flaw: Clevo UEFI Firmware Leaked Intel Boot Guard Private Keys (CVE-2025-11577)

iPhone Fold Hinge Costs Drop to $70-$80, Boosting Viability for Mass Production in 2026

Axis Communications Leaks Azure Credentials in Autodesk Plugin Via Hardcoded SAS Tokens

Beamglea Campaign: Hackers Abuse 175 npm Packages and unpkg CDN for Large-Scale Phishing

Apple’s Indian Supply Chain Expands: 350,000 Jobs Created and Full iPhone 17 Assembly Planned

Frostbyte10: The Critical Flaws Threatening Global Supply Chains

Apple Is Forcing Its Suppliers to Embrace Full Automation

CVE-2025-58158 Flaw in Harness Gitness Allows Arbitrary File Write

A New Race for Silicon: Apple Secures Half of TSMC’s 2nm Chip Production