Tied to a fresh Checkmarx supply chain attack claimed by TeamPCP, the incident references the Shai-Hulud worm.
The post Bitwarden NPM Package Hit in Supply Chain Attack appeared first on SecurityWeek.
Are SBOMs Failing? Supply Chain Attacks Rise as Security Teams Struggle With SBOM Data
Researcher says the missing piece is a governance-driven intelligence layer that turns SBOM and VEX data into explainable security decisions.
The post Are SBOMs Failing? Supply Chain Attacks Rise as Security Teams Struggle With SBOM Data appeared first on SecurityWeek.
OpenAI Impacted by North Korea-Linked Axios Supply Chain Hack
The AI giant is taking action after determining that a macOS code signing certificate may have been compromised.
The post OpenAI Impacted by North Korea-Linked Axios Supply Chain Hack appeared first on SecurityWeek.
CPUID Hacked to Serve Trojanized CPU-Z and HWMonitor Downloads
Download links were replaced by a Russian-speaking threat actor to distribute a recently emerged malware named STX RAT.
The post CPUID Hacked to Serve Trojanized CPU-Z and HWMonitor Downloads appeared first on SecurityWeek.
Guardarian Users Targeted With Malicious Strapi NPM Packages
Hackers published 36 NPM packages posing as Strapi plugins to execute shells, escape containers, and harvest credentials.
The post Guardarian Users Targeted With Malicious Strapi NPM Packages appeared first on SecurityWeek.
North Korean Hackers Target High-Profile Node.js Maintainers
The threat actor behind the Axios supply chain attack has been aiming at other maintainers in its social engineering campaign.
The post North Korean Hackers Target High-Profile Node.js Maintainers appeared first on SecurityWeek.
Mercor Hit by LiteLLM Supply Chain Attack
The AI recruiting firm is investigating the incident as Lapsus$ claimed the theft of 4TB of Mercor data.
The post Mercor Hit by LiteLLM Supply Chain Attack appeared first on SecurityWeek.
Axios NPM Package Breached in North Korean Supply Chain Attack
A long-lived NPM access token was used to bypass the GitHub Actions OIDC-based CI/CD publishing workflow and push backdoored package versions.
The post Axios NPM Package Breached in North Korean Supply Chain Attack appeared first on SecurityWeek.
Telnyx Targeted in Growing TeamPCP Supply Chain Attack
Two malicious versions of the popular SDK were uploaded to the PyPI registry, targeting Windows, macOS, and Linux.
The post Telnyx Targeted in Growing TeamPCP Supply Chain Attack appeared first on SecurityWeek.
Aqua’s Trivy Vulnerability Scanner Hit by Supply Chain Attack
Hackers published a malicious scanner release and replaced tags to point to information-stealer malware.
The post Aqua’s Trivy Vulnerability Scanner Hit by Supply Chain Attack appeared first on SecurityWeek.
