Discover how supply chain attacks target crypto projects through third-party tools, and learn key strategies to protect code, infrastructure and users.

A threat actor published backdoored versions of 17 NPM packages from GlueStack in a fresh supply chain attack.

A new cybersecurity campaign has exposed 67 trojanized GitHub repositories, targeting gamers and developers with malicious ...

Water Curse has been described as a financially motivated threat actor that's driven by credential theft, session hijacking, ...

India's oil supply chain remains stable as a result of diversification in the last few years, oil minister Hardeep Puri said on Sunday. .\"..

These packages are very popular, with approximately 1,020,000 weekly downloads, making this a massive supply chain attack that could ... the compromise by creating GitHub issues on each of the ...

Sysdig exposed how a trusted GitHub feature can silently hand control to attackers pull_request_target isn’t just risky, it’s ...

Cybersecurity outfit Sekoia is warning Chrome users of a supply chain attack targeting browser extension developers that has potentially impacted hundreds of thousands of individuals already.… ...

And, needless to say, one practice that needs it the most is supply chain management. We know how supply chains are and have always been. Any disturbance in the fabric of space-time seems to have ...

The security firm Socket warns of a campaign with malicious scripts in npm packages. The analysts have discovered 60 of these packages that contain an infostealer, which in turn spies on a machine ...

Sophos was brought in to investigate the attack and believe the threat actors exploited a chain of older SimpleHelp vulnerabilities tracked as CVE-2024-57727, CVE-2024-57728, and CVE-2024-57726 to ...