A threat actor published backdoored versions of 17 NPM packages from GlueStack in a fresh supply chain attack.
The post React Native Aria Packages Backdoored in Supply Chain Attack appeared first on SecurityWeek.
Ongoing Campaign Uses 60 NPM Packages to Steal Data
Security firm Socket warns flags a campaign targeting NPM users with tens of malicious packages that can hijack system information.
The post Ongoing Campaign Uses 60 NPM Packages to Steal Data appeared first on SecurityWeek.
Chinese Hackers Hit Drone Sector in Supply Chain Attacks
The China-linked hacking group Earth Ammit has launched multi-wave attacks in Taiwan and South Korea to disrupt the drone sector.
The post Chinese Hackers Hit Drone Sector in Supply Chain Attacks appeared first on SecurityWeek.
China’s Secret Weapon? How EV Batteries Could be Weaponized to Disrupt America
As Xi Jinping advances his vision for China’s dominance by 2049, cybersecurity experts warn that connected technologies—like EV batteries—may quietly serve as tools of influence, espionage, and disruption.
The post China’s Secret Weapon? How EV Batteries Could be Weaponized to Disrupt America appeared first on SecurityWeek.
Chainguard Raises Hefty $356M Series D at $3.5 Billion Valuation
The cash infusion brings Chainguard’s total funding to about $612 million since launching in 2021 and prices the company at $3.5 billion.
The post Chainguard Raises Hefty $356M Series D at $3.5 Billion Valuation appeared first on SecurityWeek.
NetRise Raises $10 Million to Grow Software Supply Chain Security Platform
The funding round brings the total amount raised by the NetRise to roughly $25 million.
The post NetRise Raises $10 Million to Grow Software Supply Chain Security Platform appeared first on SecurityWeek.
Huntress Documents In-The-Wild Exploitation of Critical Gladinet Vulnerabilities
The flaw, tagged as CVE-2025-30406, was added to CISA’s Known Exploited Vulnerabilities (KEV) catalog in early April.
The post Huntress Documents In-The-Wild Exploitation of Critical Gladinet Vulnerabilities appeared first on SecurityWeek.
AI Hallucinations Create a New Software Supply Chain Threat
Researchers uncover new software supply chain threat from LLM-generated package hallucinations.
The post AI Hallucinations Create a New Software Supply Chain Threat appeared first on SecurityWeek.
Malicious NPM Packages Target Cryptocurrency, PayPal Users
Threat actors are publishing malicious NPM packages to steal PayPal credentials and hijack cryptocurrency transfers.
The post Malicious NPM Packages Target Cryptocurrency, PayPal Users appeared first on SecurityWeek.
Impact, Root Cause of GitHub Actions Supply Chain Hack Revealed
More details have come to light on the recent supply chain attack targeting GitHub Actions, including its root cause.
The post Impact, Root Cause of GitHub Actions Supply Chain Hack Revealed appeared first on SecurityWeek.
