Skip to content
The Nexus
DossierENTITY

supply chain attack

Coverage of supply chain attack in the Nexus archive.

Earliest in view: Apr 9 · 22:10 UTCMost recent: Jun 4 · 21:27 UTC
Co-mentioned in this coverage
Recent coverage
  • SECURITYJun 4 · 21:27 UTCBLEEPING COMPUTER
    Hola Browser for Windows compromised to deliver cryptominer

    The Windows version of the Hola Browser was compromised in a supply chain attack that delivered an undeclared executable identified as a cryptocurrency miner. Researchers confirmed the malicious activity through analysis of the compromised software.

  • SECURITYJun 1 · 09:31 UTCTHE HACKER NEWS
    OpenAI Codex Authentication Tokens Stolen in codexui-android npm Supply Chain Attack

    Cybersecurity researchers revealed a malicious supply chain attack targeting OpenAI Codex users via the codexui-android npm package, which is promoted as a remote web UI and has over 29,000 weekly downloads. The package remains available for download despite the security risks it poses.

  • SECURITYMay 25 · 06:25 UTCCOINTELEGRAPH
    ‘TrapDoor’ malware targets crypto dev tools in supply chain attack

    A campaign named 'TrapDoor' is using malicious packages to target cryptocurrency development tools in a supply chain attack, aiming to steal crypto assets by injecting hidden instructions that hijack popular AI coding assistants. Socket has reported this threat, highlighting the exploitation of AI tools to facilitate the theft.

  • SECURITYMay 23 · 20:48 UTCBLEEPING COMPUTER
    Laravel Lang packages hijacked to deploy credential-stealing malware

    A supply chain attack exploited Laravel Lang localization packages by hijacking GitHub version tags to distribute credential-stealing malware via Composer packages, exposing developers to a sophisticated malware campaign.

  • SECURITYApr 28 · 14:59 UTCDARK READING
    Fresh Wave of GlassWorm VS Code Extensions Slices Through Supply Chain

    Attackers are distributing malicious VS Code extensions via Open VSX, exploiting supply chain vulnerabilities to spread self-propagating malware. The campaign involves seeding seemingly benign extensions that act as vectors for malware propagation.

  • SECURITYApr 27 · 14:19 UTCTHE HACKER NEWS
    Checkmarx Confirms GitHub Repository Data Posted on Dark Web After March 23 Attack

    Checkmarx confirmed that data from its GitHub repository was posted on the dark web following a supply chain attack on March 23, 2026. The company attributes the breach to a cybercriminal group exploiting the initial attack to access sensitive repository data.

  • SECURITYApr 22 · 22:34 UTCTHE REGISTER
    Another npm supply chain worm is tearing through dev environments

    Another npm supply chain attack is spreading through compromised packages, stealing secrets and sensitive data from developers' environments. The attack shares similarities with previous infections linked to the TeamPCP group and references a 'TeamPCP/LiteLLM method' in its payload.

  • SECURITYApr 22 · 12:57 UTCBLEEPING COMPUTER
    New npm supply-chain attack self-spreads to steal auth tokens

    A new supply chain attack targeting the Node Package Manager (npm) ecosystem is stealing developer credentials and self-spreading by publishing malicious packages from compromised accounts. The attack exploits the npm package distribution system to propagate and exfiltrate authentication tokens.

  • SECURITYApr 10 · 13:29 UTCHACKER NEWS
    CPU-Z and HWMonitor compromised

    CPU-Z and HWMonitor, popular hardware monitoring tools, have been compromised in a supply chain attack. The breach highlights vulnerabilities in software distribution channels, prompting warnings across security forums and news platforms.

  • SECURITYApr 9 · 22:10 UTCHACKER NEWS
    How the Trivy supply chain attack harvested credentials from secrets managers

    The article discusses a supply chain attack leveraging Trivy that compromised secrets managers by harvesting credentials. It highlights the attack's method and implications for security practices.

supply chain attack · Dossier · The Nexus