Articles tagged: supply-chain
22 articles found
GlassWorm Campaign Evolves with Zig Dropper
The GlassWorm campaign has introduced a new Zig dropper to infect developer IDEs, while Russian submarine activity near undersea cables and a Windows zero-day vulnerability pose significant threats. Learn about these emerging threats and how to protect against them.
Supply Chain Under Siege
Recent supply chain attacks have compromised CPUID's API, exposed Eurail customer data, and stolen millions from Bitcoin Depot. Learn about these high-severity breaches and how to protect yourself.
Zero-Day Vulnerabilities Under Active Exploitation
Multiple zero-day vulnerabilities are being actively exploited, including a critical flaw in Ivanti Endpoint Manager Mobile and 13-year-old bugs in Apache ActiveMQ Classic and Flowise. These vulnerabilities pose significant risks to federal enterprises and other organizations.
Industrialized Social Engineering on the Rise
Sophisticated social engineering attacks are becoming increasingly industrialized, posing significant threats to maintainers and users of popular packages. Recent high-profile hacks demonstrate the patience and sophistication of certain threat actors.
Supply Chain Under Siege
A high-severity privilege escalation vulnerability in OpenClaw and the unveiling of Chainguard's Factory 2.0 platform highlight the importance of securing the software supply chain, as seen in The Claude source code leak. Learn about the key threats and takeaways to protect your organization.
EU Commission Hack Exposes Data
The European Commission's cloud infrastructure was hacked by TeamPCP, exposing data from at least 29 other EU entities. This incident highlights the significant risk of supply chain attacks and the need for robust access controls.
Supply Chain Attacks Expose Code
Recent supply chain attacks have led to the exposure of sensitive source code, emphasizing the need for secure software development and distribution practices. Anthropic's Claude Code and Axios npm package were compromised, with Google attributing the latter to a North Korean threat actor. Learn how to protect your organization from similar threats.
High-Severity Bugs Hit PX4 Autopilot, Vim, GNU Emacs
Multiple high-severity vulnerabilities have been disclosed in products like PX4 Autopilot, Vim, and GNU Emacs, affecting various systems including transportation and defense. These flaws could allow arbitrary code execution or other malicious activities. Affected vendors have released patches or recommendations to mitigate these vulnerabilities.
Critical Flaws Exposed in Anritsu, Cisco, and Telegram
Multiple high-severity vulnerabilities have been discovered in Anritsu Remote Spectrum Monitor, Cisco source code, and a critical no-click flaw in Telegram. These threats pose significant risks to communications, defense, and emergency services. Understanding these vulnerabilities is crucial for proactive defense.
Supply Chain Attacks Hit Axios and OpenAI
Recent supply chain attacks on Axios and a critical vulnerability in OpenAI Codex pose significant threats to software security. Learn about the malicious dependency in Axios and how it could compromise systems, as well as the potential for GitHub token compromise via OpenAI Codex.
Telnyx Targeted in TeamPCP Supply Chain Attack
Telnyx faces a high-severity supply chain attack as malicious SDK versions are uploaded to PyPI, affecting Windows, macOS, and Linux. This incident highlights the importance of securing software supply chains.
Bearlyfy's Custom Ransomware Hits Russian Firms
The Bearlyfy group has launched targeted ransomware attacks on over 70 Russian companies using custom GenieLocker ransomware, demonstrating increased sophistication in ransomware campaigns. These attacks aim to inflict maximum damage on Russian businesses, highlighting the need for enhanced cybersecurity measures.
Telnyx PyPI Package Hacked
The Telnyx package on Python Package Index was compromised with malware, highlighting supply chain attack risks. Learn how to protect your systems and verify package integrity.
Security Breaches Hit EU Commission & Telnyx
The European Commission is investigating a breach after a threat actor gained access to their Amazon cloud environment, while TeamPCP has compromised the telnyx Python package. These incidents highlight the ongoing risk of security breaches and data theft.
Supply Chain Attacks Surge
A wave of supply chain attacks is targeting developer tools and packages, putting thousands of projects at risk. Learn about the latest threats and how to protect your projects.
Critical n8n and KadNap Exploits, Ransomware Surge
Active exploitation of n8n and KadNap malware poses critical threats, while ransomware attacks target healthcare organizations and critical infrastructure. Stay informed on the latest cybersecurity threats and take action to protect your systems.
Cybercrime Surges with $46M Crypto Heist and Phishing-as-a-Service Takedown
A recent surge in cybercrime includes a $46 million cryptocurrency heist and the takedown of a phishing-as-a-service operation. Learn about the latest threats and how to protect yourself.
AI-Driven Threats Intensify Nation-State Attacks
Nation-state actors are leveraging AI-powered tools to launch sophisticated cyberattacks, targeting governments and organizations worldwide. Recent campaigns by Transparent Tribe and Iranian APT hackers demonstrate the growing threat of AI-driven attacks. Stay informed on the latest threats and learn how to protect your organization.
Pentagon Flags Anthropic as Supply Chain Risk
The Pentagon has designated Anthropic as a supply chain risk due to concerns over its AI model's use in military applications, highlighting growing concerns about AI-related threats to national security. This decision raises questions about the need for robust mitigations and the potential risks of AI in military contexts. Readers should understand the implications of this designation and how it may impact the development and deployment of AI technologies.
Cisco SD-WAN Zero-Day Exploited, Devs Targeted, and Major Breaches
A critical Cisco SD-WAN zero-day is under active exploitation, while developers face targeted attacks, and major data breaches hit millions of users. Learn about the threats and how to protect yourself.
Cisco SD-WAN Zero-Day Exploited, Plus Ransomware and SolarWinds Patches
A critical zero-day vulnerability in Cisco SD-WAN is being actively exploited, while the Lazarus Group launches a Medusa ransomware campaign and SolarWinds patches critical Serv-U flaws. Learn about these threats and how to protect your organization.
SolarWinds & FortiGate Under Attack
Critical vulnerabilities in SolarWinds and FortiGate pose significant risks, while recent ransomware attacks and newly disclosed threats demand immediate attention from security teams. Learn about the key threats and how to protect your organization.