Discover how supply chain attacks target crypto projects through third-party tools, and learn key strategies to protect code, infrastructure and users.

A threat actor published backdoored versions of 17 NPM packages from GlueStack in a fresh supply chain attack.

Water Curse has been described as a financially motivated threat actor that's driven by credential theft, session hijacking, ...

A new cybersecurity campaign has exposed 67 trojanized GitHub repositories, targeting gamers and developers with malicious ...

India's oil supply chain remains stable as a result of diversification in the last few years, oil minister Hardeep Puri said on Sunday. .\"..

A significant supply chain attack hit NPM after 15 popular Gluestack packages with over 950,000 weekly downloads were compromised to include malicious code that acts as a remote access trojan (RAT).

Sysdig exposed how a trusted GitHub feature can silently hand control to attackers pull_request_target isn’t just risky, it’s ...

Cybersecurity outfit Sekoia is warning Chrome users of a supply chain attack targeting browser extension developers that has potentially impacted hundreds of thousands of individuals already ...

GenAI harnesses the latent potential of traditional AI. Let’s look at how it does so and whether its applicability in supply chain management is hyped or real.

The security firm Socket warns of a campaign with malicious scripts in npm packages. The analysts have discovered 60 of these packages that contain an infostealer, which in turn spies on a machine ...

Sophos was brought in to investigate the attack and believe the threat actors exploited a chain of older SimpleHelp vulnerabilities tracked as CVE-2024-57727, CVE-2024-57728, and CVE-2024-57726 to ...