The inside of my new freezer is slightly smaller and I can't fit so many tubs of ice cream in.
Recent searches
Search options
#supplychainattack
1 post1 participant0 posts today
Linux wiper malware hidden in malicious Go modules on GitHub
「 The attack appears designed specifically for Linux-based servers and developer environments, as the destructive payload - a Bash script named https://done.sh, runs a ‘dd’ command for the file-wiping activity.
Furthermore, the payload verifies that it runs in a Linux environment (runtime.GOOS == "linux") before trying to execute 」
This Week in Security: Encrypted Messaging, NSO’s Judgement, and AI CVE DDoS - Cryptographic messaging has been in the news a lot recently. Like the formal audit... - https://hackaday.com/2025/05/09/this-week-in-security-encrypted-messaging-nsos-judgement-and-ai-cve-ddos/ #thisweekinsecurity #supplychainattack #hackadaycolumns #securityhacks #news #cves #ai
Hackaday · This Week In Security: Encrypted Messaging, NSO’s Judgement, And AI CVE DDoSCryptographic messaging has been in the news a lot recently. Like the formal audit of WhatsApp (the actual PDF). And the results are good. There are some minor potential problems that the audit hig…
Hundreds of e-commerce sites hacked in supply-chain attack - Hundreds of e-commerce sites, at least one owned by a large multinational ... - https://arstechnica.com/security/2025/05/hundreds-of-e-commerce-sites-hacked-in-supply-chain-attack/ #supplychainattack #backdoors #security #magento #malware #biz&it
Ars Technica · Hundreds of e-commerce sites hacked in supply-chain attack
Sansec uncovered a supply chain attack via 21 backdoored Magento extensions – Source: securityaffairs.com https://ciso2ciso.com/sansec-uncovered-a-supply-chain-attack-via-21-backdoored-magento-extensions-source-securityaffairs-com/ #rssfeedpostgeneratorecho #informationsecuritynews #ITInformationSecurity #SecurityAffairscom #CyberSecurityNews #PierluigiPaganini #supplychainattack #SecurityAffairs #SecurityAffairs #SecurityNews #hackingnews #CyberCrime #Cybercrime #hacking #Magento #Malware #APT
CISO2CISO.COM & CYBER SECURITY GROUP · Sansec uncovered a supply chain attack via 21 backdoored Magento extensions – Source: securityaffairs.comSource: securityaffairs.com - Author: Pierluigi Paganini Supply chain attack via 21 backdoored Magento extensions hit 500–1,000 e-sto
This Week in Security: AirBorne, EvilNotify, and Revoked RDP - This week, Oligo has announced the AirBorne series of vulnerabilities in the Apple... - https://hackaday.com/2025/05/02/this-week-in-security-airborne-evilnotify-and-revoked-rdp/ #thisweekinsecurity #supplychainattack #hackadaycolumns #securityhacks #airborne #news #cves #rdp
Hackaday · This Week In Security: AirBorne, EvilNotify, And Revoked RDPThis week, Oligo has announced the AirBorne series of vulnerabilities in the Apple Airdrop protocol and SDK. This is a particularly serious set of issues, and notably affects MacOS desktops and lap…
This Week in Security: XRP Poisoned, MCP Bypassed, and More https://hackaday.com/2025/04/25/this-week-in-security-xrp-poisoned-mcp-bypassed-and-more/ #ThisWeekinSecurity #supplychainattack #HackadayColumns #SecurityHacks #News #CVEs #mcp
Hackaday · This Week In Security: XRP Poisoned, MCP Bypassed, And MoreResearchers at Aikido run the Aikido Intel system, an LLM security monitor that ingests the feeds from public package repositories, and looks for anything unusual. In this case, the unusual activit…
Operation SyncHole: Lazarus APT goes back to the well – Source: securelist.com https://ciso2ciso.com/operation-synchole-lazarus-apt-goes-back-to-the-well-source-securelist-com/ #Vulnerabilitiesandexploits #rssfeedpostgeneratorecho #zerodayvulnerabilities #APT(Targetedattacks) #MalwareDescriptions #MalwareTechnologies #Wateringholeattacks #CyberSecurityNews #Supplychainattack #Targetedattacks #infrastructure #securelistcom #MITREATT&CK #APTreports #Lazarus #Malware #APT
CISO2CISO.COM & CYBER SECURITY GROUP · Operation SyncHole: Lazarus APT goes back to the well – Source: securelist.comSource: securelist.com - Author: Sojun Ryu, Vasily Berdnikov We have been tracking the latest attack campaign by the Lazarus group since last N
The popular xrpl.js Ripple cryptocurrency library was compromised in a supply chain attack – Source: securityaffairs.com https://ciso2ciso.com/the-popular-xrpl-js-ripple-cryptocurrency-library-was-compromised-in-a-supply-chain-attack-source-securityaffairs-com/ #rssfeedpostgeneratorecho #informationsecuritynews #ITInformationSecurity #SecurityAffairscom #CyberSecurityNews #PierluigiPaganini #supplychainattack #SecurityAffairs #SecurityAffairs #BreakingNews #SecurityNews #hackingnews #supplychain
CISO2CISO.COM & CYBER SECURITY GROUP · The popular xrpl.js Ripple cryptocurrency library was compromised in a supply chain attack – Source: securityaffairs.comSource: securityaffairs.com - Author: Pierluigi Paganini The xrpl.js Ripple cryptocurrency library was compromised in a supply chain at
decio TIL Slopsquatting 
Article très intéressant sur cette nouvelle technique de #typosquatting qui exploite les hallucinations récursives des LLM utilisés en programmation
Les LLM hallucinent des librairies/paquets imaginaires 
des acteurs malveillants les enregistrent et les arment 
Le tout sur fond de hype autour du "vibe coding" 
"The Rise of Slopsquatting: How AI Hallucinations Are Fueling a New Class of Supply Chain Attacks"
https://socket.dev/blog/slopsquatting-how-ai-hallucinations-are-fueling-a-new-class-of-supply-chain-attacks
Via la toujours excellente Risky Bulletin Newsletter du jour
https://risky.biz/risky-bulletin-ai-slopsquatting-its-coming/
SocketThe Rise of Slopsquatting: How AI Hallucinations Are Fueling...Slopsquatting is a new supply chain threat where AI-assisted code generators recommend hallucinated packages that attackers register and weaponize.
This Week in Security: The Github Supply Chain Attack, Ransomware Decryption, and Paragon - Last Friday Github saw a supply chain attack hidden in a popular Github Action. To... - https://hackaday.com/2025/03/21/this-week-in-security-the-github-supply-chain-attack-ransomware-decryption-and-paragon/ #thisweekinsecurity #supplychainattack #hackadaycolumns #securityhacks #githubactions #paragon #news
Hackaday · This Week In Security: The Github Supply Chain Attack, Ransomware Decryption, And ParagonLast Friday Github saw a supply chain attack hidden in a popular Github Action. To understand this, we have to quickly cover Continuous Integration (CI) and Github Actions. CI essentially means aut…
This Week in Security: The Github Supply Chain Attack, Ransomware Decryption, and Paragon https://hackaday.com/2025/03/21/this-week-in-security-the-github-supply-chain-attack-ransomware-decryption-and-paragon/ #ThisWeekinSecurity #supplychainattack #HackadayColumns #SecurityHacks #GithubActions #Paragon #News
Hackaday · This Week In Security: The Github Supply Chain Attack, Ransomware Decryption, And ParagonLast Friday Github saw a supply chain attack hidden in a popular Github Action. To understand this, we have to quickly cover Continuous Integration (CI) and Github Actions. CI essentially means aut…
Rules File Backdoor: AI Code Editors exploited for silent supply chain attacks – Source: securityaffairs.com https://ciso2ciso.com/rules-file-backdoor-ai-code-editors-exploited-for-silent-supply-chain-attacks-source-securityaffairs-com/ #rssfeedpostgeneratorecho #informationsecuritynews #ITInformationSecurity #SecurityAffairscom #CyberSecurityNews #PierluigiPaganini #RulesFileBackdoor #supplychainattack #SecurityAffairs #BreakingNews #SecurityNews #Copilot #hacking #AI
CISO2CISO.COM & CYBER SECURITY GROUP · Rules File Backdoor: AI Code Editors exploited for silent supply chain attacks – Source: securityaffairs.comSource: securityaffairs.com - Author: Pierluigi Paganini The Rules File Backdoor attack targets AI code editors like GitHub Copilot and
The 'Rules File Backdoor': A New Era of AI-Driven Supply Chain Attacks
Pillar Security researchers have unveiled a critical vulnerability in AI coding assistants like GitHub Copilot and Cursor, allowing hackers to inject malicious code through seemingly innocuous configu...
https://news.lavx.hu/article/the-rules-file-backdoor-a-new-era-of-ai-driven-supply-chain-attacks
Large enterprises scramble after supply-chain attack spills their secrets - Open-source software used by more than 23,000 organizations, some of them ... - https://arstechnica.com/information-technology/2025/03/supply-chain-attack-exposing-credentials-affects-23k-users-of-tj-actions/ #opensourcesoftware #supplychainattack #tj-actions #security #biz&it
Ars Technica · Large enterprises scramble after supply-chain attack spills their secrets
️
Microsoft warns that Chinese cyber-espionage threat group 'Silk Typhoon' has shifted its tactics, now targeting remote management tools and cloud services in supply chain attacks that give them access to downstream customers. #supplychainattack #CyberAlerts https://www.bleepingcomputer.com/news/security/silk-typhoon-hackers-now-target-it-supply-chains-to-breach-networks/
BleepingComputer · Silk Typhoon hackers now target IT supply chains to breach networks
Continued thread
Don't miss the sequel: https://adnanthekhan.com/2024/12/21/cacheract-the-monster-in-your-build-cache/
Adnan Khan · Cacheract: The Monster in your Build CacheIn this post, I demonstrate Cacheract, which is an open source proof-of-concept for “Cache Native Malware’ that exploits GitHub Actions cache misconfigurations.
Malicious npm packages stole Ethereum developer keys; 1000+ downloads affected. #EthereumSecurity #NpmSecurity #SupplyChainAttack
More details: https://ciso2ciso.com/malicious-npm-packages-target-ethereum-developers-source-securityaffairs-com - https://www.flagthis.com/news/8465
Malicious npm Packages Stealing Developers’ Sensitive Data https://gbhackers.com/npm-package-data-theft/ #BlockchainSecurity #CyberSecurityNews #SupplyChainAttack #Vulnerability #cybersecurity #CyberAttack
GBHackers Security | #1 Globally Trusted Cyber Security News Platform · Malicious npm Packages Stealing Developers' Sensitive DataAttackers published 20 malicious npm packages impersonating legitimate Nomic Foundation and Hardhat plugins, where these packages,