supply chain attack – Threat Note

From The Hacker News – Nine-Year-Old npm Packages Hijacked to Exfiltrate API Keys via Obfuscated Scripts

Cybersecurity researchers have discovered several cryptocurrency packages on the npm registry that have been hijacked to siphon sensitive information such as environment variables from compromised systems. "Some of these packages have lived on npmjs.com for over 9 years, and provide legitimate functionality to blockchain developers," Sonatype researcher Ax Sharma said. "However, [...] the latest

shaikh Saqib March 28, 2025

Articles

From Graham Cluley – Supply-chain CAPTCHA attack hits over 100 car dealerships

A security researcher has discovered that the websites of over 100 car dealerships have been compromised in a supply-chain attack that attempted to infect the PCs of internet visitors. Read…

Samir K March 20, 2025

News

From The Hacker News – New ‘Rules File Backdoor’ Attack Lets Hackers Inject Malicious Code via AI Code Editors

Cybersecurity researchers have disclosed details of a new supply chain attack vector dubbed Rules File Backdoor that affects artificial intelligence (AI)-powered code editors like GitHub Copilot and Cursor, causing them to inject malicious code. "This technique enables hackers to silently compromise AI-generated code by injecting hidden malicious instructions into seemingly innocent

shaikh Saqib March 18, 2025

News

From Dark Reading – ClickFix Attack Compromises 100+ Car Dealership Sites

The ClickFix attack tactic seems to be gaining traction among threat actors. Read More

shaikh Saqib March 18, 2025

News

From Cyber Security News – 23,000 GitHub Repositories Targeted In Supply Chain Attack

In a massive security breach discovered this week, approximately 23,000 GitHub repositories have been compromised in what security experts are calling one of the largest supply chain attacks to date.…

shaikh Saqib March 18, 2025

News

From Security Week – 100 Car Dealerships Hit by Supply Chain Attack

[[{"value":"The websites of over 100 auto dealerships were found serving malicious ClickFix code in a supply chain compromise. The post 100 Car Dealerships Hit by Supply Chain Attack appeared first…

shaikh Saqib March 17, 2025

News

From The Hacker News – GitHub Action Compromise Puts CI/CD Secrets at Risk in Over 23,000 Repositories

Cybersecurity researchers are calling attention to an incident in which the popular GitHub Action tj-actions/changed-files was compromised to leak secrets from repositories using the continuous integration and continuous delivery (CI/CD) workflow. The incident involved the tj-actions/changed-files GitHub Action, which is used in over 23,000 repositories. It's used to track and retrieve all

shaikh Saqib March 17, 2025

News

From Security Week – Popular GitHub Action Targeted in Supply Chain Attack

[[{"value":"The tj-actions/changed-files GitHub Action, which is used in 23,000 repositories, has been targeted in a supply chain attack. The post Popular GitHub Action Targeted in Supply Chain Attack appeared first…

shaikh Saqib March 17, 2025

News

From The Hacker News – Vo1d Botnet’s Peak Surpasses 1.59M Infected Android TVs, Spanning 226 Countries

Brazil, South Africa, Indonesia, Argentina, and Thailand have become the targets of a campaign that has infected Android TV devices with a botnet malware dubbed Vo1d. The improved variant of Vo1d has been found to encompass 800,000 daily active IP addresses, with the botnet scaling a peak of 1,590,299 on January 19, 2025, spanning 226 countries. As of February 25, 2025, India has experienced a

shaikh Saqib March 3, 2025

News

From The Hacker News – Bybit Hack Traced to Safe{Wallet} Supply Chain Attack Exploited by North Korean Hackers

The U.S. Federal Bureau of Investigation (FBI) formally linked the record-breaking $1.5 billion Bybit hack to North Korean threat actors, as the company's CEO Ben Zhou declared a "war against Lazarus." The agency said the Democratic People's Republic of Korea (North Korea) was responsible for the theft of the virtual assets from the cryptocurrency exchange, attributing it to a specific cluster

shaikh Saqib February 27, 2025

News

From Security Week – $1.5 Billion Bybit Heist Linked to North Korean Hackers

[[{"value":"Companies and experts have found evidence linking the $1.5 billion Bybit cryptocurrency heist to North Korean Lazarus hackers. The post $1.5 Billion Bybit Heist Linked to North Korean Hackers appeared…

shaikh Saqib February 24, 2025

News

From Dark Reading – Microsoft: New Variant of macOS Threat XCSSET Spotted in the Wild

Microsoft is warning the modular and potentially wormable Apple-focused infostealer boasts new capabilities for obfuscation, persistence, and infection, and could lead to a supply chain attack. Read More

shaikh Saqib February 19, 2025

News

From The Hacker News – Lazarus Group Deploys Marstech1 JavaScript Implant in Targeted Developer Attacks

The North Korean threat actor known as the Lazarus Group has been linked to a previously undocumented JavaScript implant named Marstech1 as part of limited targeted attacks against developers. The active operation has been dubbed Marstech Mayhem by SecurityScorecard, with the malware delivered by means of an open-source repository hosted on GitHub that's associated with a profile named "

shaikh Saqib February 14, 2025

News

From Dark Reading – XE Group Shifts From Card Skimming to Supply Chain Attacks

The likely Vietnam-based threat actor has been using two zero-days in VeraCore's warehouse management software in some of its latest cyberattacks. Read More

shaikh Saqib February 11, 2025

Vulnerabilities

From Cybersecurity Help – Malicious ML models exploit Pickle serialization flaw to evade detection on Hugging Face

The attack involves a technique involving “broken” pickle files to evade detection systems. Read More

shaikh Saqib February 10, 2025