Tag

Supply Chain Attack

All articles tagged with #supply chain attack

security1 month ago•1 min saved

CISA Expands KEV with Four Actively Exploited Flaws

CISA added four vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog due to active exploitation: CVE-2025-68645 (PHP remote file inclusion in Synacor Zimbra Collaboration Suite; CVSS 8.8; fixed in v10.1.13), CVE-2025-34026 (authentication bypass in Versa Concerto SD-WAN; CVSS 9.2; fixed in 12.2.1 GA), CVE-2025-31125 (improper access control in Vite; CVSS 5.3; fixed across multiple versions), and CVE-2025-54313 (embedded malicious code in eslint-config-prettier as part of a supply-chain attack with Scavenger Loader; CVSS 7.5; linked to July 2025 phishing campaigns). Exploitation of CVE-2025-68645 has been observed since January 14, 2026; details on the others’ exploitation are not provided. FCEB agencies must patch by February 12, 2026 under BOD 22-01.

via The Hacker News|

#actively-exploited #cisa #eslint-config-prettier

cybersecurity3 months ago•3 min saved

Security Risks in VS Code Extensions: Ransomware, Cryptomining, and Supply Chain Threats

Cybersecurity researchers discovered a vibe-coded malicious VS Code extension with built-in ransomware capabilities, which exfiltrates and encrypts files, and uses GitHub as a command-and-control server. Additionally, 17 npm packages disguised as SDKs were found to stealthily deploy Vidar Stealer, highlighting ongoing supply chain threats in open-source ecosystems. Microsoft has removed the malicious extension from the marketplace, emphasizing the importance of vigilance in software development.

via The Hacker News|

#ai-generated-malware #cybersecurity #malicious-vs-code-extension

cybersecurity4 months ago•4 min saved

Nation-State Airstalk Malware Uses Multi-Threaded C2 to Steal Windows Logins

A suspected nation-state threat actor has deployed a new malware called Airstalk, exploiting the AirWatch API for covert C2 communication, with variants capable of capturing browser data and executing various malicious tasks, potentially targeting enterprise sectors like BPO in a sophisticated supply chain attack.

via The Hacker News|

#airstalk #cybersecurity #enterprise-browsers

data-breach6 months ago•2 min saved

Multiple Cyberattacks Expose Vulnerabilities in Major Tech Firms

Salesloft has temporarily taken Drift offline after a widespread supply chain attack led to the theft of OAuth tokens, impacting over 700 organizations including major companies like Cloudflare and Google Workspace. The breach exploited compromised OAuth tokens associated with Drift's integration with Salesforce, prompting Salesforce to disable all related integrations as a precaution. The incident is linked to the threat cluster UNC6395, and the affected companies are working with cybersecurity firms to enhance security and prevent further attacks.

via The Hacker News|

#cybersecurity #data-breach #drift

cybersecurity6 months ago•3 min saved

Cloudflare and Major Security Firms Hit by Supply Chain Data Breaches

Cloudflare was compromised in a supply chain attack involving Salesloft and Drift, where attackers accessed a Salesforce instance containing customer support data and API tokens. The breach exposed customer contact info and support tickets, with threat actors potentially planning future targeted attacks. This incident is part of a broader wave of Salesforce data breaches linked to the ShinyHunters group and other threat actors targeting cloud and CRM platforms.

via BleepingComputer|

#cloudflare #cybersecurity #data-breach

cybersecurity9 months ago•5 min saved

Malicious npm and VS Code Packages Exploiting Developers and Stealing Data

Researchers have uncovered over 70 malicious npm and VS Code packages used for data theft, cryptomining, and destructive payloads, with threat actors deploying sophisticated techniques including masquerading as legitimate tools, evading sandbox detection, and using multi-stage infection chains to compromise developers' systems and steal sensitive information.

via The Hacker News|

#cryptocurrency #cybersecurity #data-theft

cybersecurity1 year ago•2 min saved

"Unveiling the XZ Backdoor: Thwarting Cyber-Attacks and Detecting Implants in Linux Binaries"

Binarly has released an online scanner to detect Linux executables affected by the XZ Utils supply chain attack, CVE-2024-3094. The backdoor, discovered by a Microsoft engineer, was introduced in XZ version 5.6.0 and remained in 5.6.1, impacting a few Linux distributions. Binarly's scanner uses static analysis to identify tampering of transitions in GNU Indirect Function and can detect similar backdoors in other projects. The scanner is available online for unlimited free checks, with a free API for bulk scans also available.

via BleepingComputer|

#backdoor #binarly #cybersecurity

firmware-security-vulnerability1 year ago•3 min saved

"Detecting and Defending Against the XZ Backdoor in Linux Systems"

Malicious code was discovered in the widely used XZ Utils library for Linux systems, enabling remote code execution and bypassing secure shell authentication. The backdoor was introduced by a project maintainer named Jia Tan, who gained credibility over two years and eventually added the malicious code to the XZ Utils release. The sophisticated supply chain attack highlights the potential risks associated with open-source software and the need for organizations to adopt tools and processes to identify tampering and malicious features in their development pipeline.

via The Hacker News|

#firmware-security-vulnerability #linux #open-source-software

cybersecurity1 year ago•7 min saved

"Uncovering the Linux xz Utils Backdoor: A Supply Chain Hack Alert"

A backdoor was discovered in xz Utils, a widely used data compression utility in Linux and Unix-like systems, allowing unauthorized access with root privileges through SSH. The backdoor was nearly merged into major Linux distributions, and its creator, Jia Tan, has a mysterious online presence. The attack involved years of planning and manipulation of open-source projects, and the malicious code was designed to be stealthy and targeted specific system configurations. Multiple researchers have analyzed the backdoor's components, and the incident serves as a cautionary tale for the security of open-source software supply chains.

via Ars Technica|

#backdoor #cybersecurity #linux

technologysecurity1 year ago•2 min saved

"Warning: XZ Utils Backdoor Threatens Linux Security"

RedHat issued an urgent security alert after discovering a backdoor in XZ Utils versions 5.6.0 and 5.6.1, impacting major Linux distributions. The malicious code, with a maximum severity CVSS score, allows unauthorized remote access and interferes with the sshd daemon process. The compromised packages are present in Fedora 41 and Fedora Rawhide, prompting recommendations for users to downgrade to a safe version. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has advised users to downgrade XZ Utils to an uncompromised version.

via The Hacker News|

#cybersecurity #linux #redhat

cybersecurity1 year ago•4 min saved

Critical Backdoor Discovered in XZ Utilities Compromises Linux Security

Malicious code was discovered in the widely used xz Utils compression tool, affecting versions 5.6.0 and 5.6.1, which made its way into beta releases of major Linux distributions, including Red Hat and Debian. The backdoor was designed to break SSH authentication, potentially allowing unauthorized access to systems. While the malicious versions were caught before being added to production releases, users are advised to check with their distributors to determine if their systems are affected.

via Ars Technica|

#backdoor #cybersecurity #linux

cybersecurity2 years ago•2 min saved

Malicious PyPI Packages Infect Thousands of Windows and Linux Systems

Researchers have discovered 116 malicious packages on the Python Package Index (PyPI) repository that are designed to infect Windows and Linux systems with a custom backdoor. The packages have been downloaded over 10,000 times since May 2023. The attackers use various techniques to bundle the malicious code into Python packages, with the goal of compromising the targeted host with malware capable of remote command execution, data exfiltration, and taking screenshots. This is the latest in a series of compromised Python packages used for supply chain attacks, highlighting the need for developers to thoroughly vet the code they download.

via The Hacker News|

#backdoor #cybersecurity #malware

cybersecurity2 years ago•2 min saved

"Linux Users Unknowingly Exposed to Malware via Free Download Manager Site"

Free Download Manager, a popular software, was involved in a supply chain attack that redirected Linux users to a malicious Debian package repository, resulting in the installation of information-stealing malware. The malware established a reverse shell to a command-and-control server and installed a Bash stealer that collected user data and account credentials. The campaign went undetected for over three years, and despite being informed, the software vendor has not responded. The attack was facilitated through the official download page, which occasionally redirected users to the malicious domain. The malware-infected package was disseminated through social media and online forums, with users unaware of the compromise. The malicious package dropped a Bash information-stealing script and a backdoor, allowing the attackers to collect sensitive information. The malware remained undetected due to the rarity of Linux malware and limited redirection to the unofficial URL.

via BleepingComputer|

#cybersecurity #free-download-manager #information-stealing

cybersecurity2 years ago•2 min saved

"North Korean Hackers Target US Tech Company for Crypto Theft"

A North Korean government-backed hacking group, known as "Labyrinth Chollima," breached an American IT management company called JumpCloud and used it as a launching pad to target cryptocurrency companies. The hackers gained access to JumpCloud's systems in late June and then targeted a small number of its clients, which were confirmed to be cryptocurrency companies. This incident highlights North Korea's increasing sophistication in cyber espionage and their shift towards supply chain attacks. Cybersecurity firms CrowdStrike and Mandiant have attributed the attack to North Korea's Reconnaissance General Bureau (RGB), its primary foreign intelligence agency. The stolen cryptocurrency by North Korean-linked groups is estimated to be worth $1.7 billion.

via Reuters|

#cryptocurrency #cybersecurity #hacking

supply-chain-software-security2 years ago•2 min saved

"Node.js Users Vulnerable to Manifest Confusion Attack: Malware Threat Looms"

The npm registry for Node.js is vulnerable to a manifest confusion attack, allowing threat actors to hide malware in project dependencies or execute arbitrary scripts during installation. The issue arises from the decoupling of the manifest and package metadata, leading to unexpected behavior and misuse. This loophole can be exploited to publish modules with hidden dependencies and run install scripts, potentially leading to supply chain attacks. Users are advised to scan packages for anomalies and exploits, as relying solely on metadata is insufficient. GitHub is aware of the problem but has yet to resolve it. Insecure dependencies were also found in a study of GitHub repositories, highlighting the ongoing threat to software supply chains.

via The Hacker News|

#malware #manifest-confusion-attack #nodejs