supply chain attacks
Coverage of supply chain attacks in the Nexus archive.
- GitHub to Disable npm Install Scripts by Default to Stop Supply Chain Attacks
GitHub is introducing breaking changes in npm version 12 to disable install scripts by default, aiming to prevent supply chain attacks. The update targets malicious code execution via npm lifecycle hooks during the 'npm install' command.
- CrowdStrike and Google take down botnet used by hackers to target software developers in supply chain attacks
CrowdStrike and Google collaborated to dismantle the Glassworm botnet, which was used by hackers to infect open source software projects with malware. This botnet targeted software developers and companies through supply chain attacks.
- npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks
GitHub has introduced staged publishing on npm, requiring maintainers to approve package releases via two-factor authentication (2FA) to enhance software supply chain security. This feature aims to prevent unauthorized or malicious package distributions by mandating human verification before public installation.
- The never-ending supply chain attacks worm into SAP npm packages, other dev tools
A new wave of supply chain attacks has targeted SAP and Intercom npm packages, as well as the lightning PyPI package, spreading credential-stealing malware named Mini Shai-Hulud. The attacks highlight ongoing vulnerabilities in developer tools and package repositories.
- TeamPCP Hits SAP Packages With 'Mini Shai-Hulud' Attack
Several npm packages for SAP's cloud application development ecosystem have been compromised by TeamPCP's 'Mini Shai-Hulud' supply chain attack, expanding the group's cyberattack activities.
- Vect 2.0 Ransomware Acts as Wiper, Thanks to Design Error
Vect 2.0 Ransomware, used in TeamPCP supply chain attacks, functions as a data-wiping tool due to a design error, rendering decryption attempts ineffective. Experts warn against paying ransomware demands in such cases.
- ⚡ Weekly Recap: Fast16 Malware, XChat Launch, Federal Backdoor, AI Employee Tracking & More
The article highlights a resurgence of cyber threats, including the Fast16 malware, supply chain attacks, and the misuse of new tools like AI employee tracking. It criticizes recurring issues such as stolen credentials, bad extensions, and malware hiding in trusted locations, suggesting these problems should have been resolved years ago.
- Phishing, deepfakes, supply chain attacks to fuel 2026's biggest crypto hacks: CertiK
CertiK has warned that phishing, deepfakes, and supply chain attacks will drive major crypto hacks in 2026, urging users to prioritize basic security practices as recent hacks have surged.
- Phishing, deepfakes, supply chain attacks to fuel 2026's biggest crypto hacks: CertiK
CertiK warned that phishing, deepfakes, and supply chain attacks will drive major crypto hacks in 2026, urging users to prioritize basic security practices as recent incidents spiked in April.
- Sophisticated fake Ledger Nano S Plus units found in the wild. Supply chain attacks are real.
Researchers discovered high-tech counterfeit Ledger Nano S Plus devices capable of stealing funds from over 20 blockchains. The article criticizes Ledger's closed-source model for increasing vulnerability to supply chain attacks and highlights the risks of purchasing hardware outside official channels.
- ThreatsDay Bulletin: Defender 0-Day, SonicWall Brute-Force, 17-Year-Old Excel RCE and 15 More Stories
The ThreatsDay Bulletin highlights multiple cybersecurity threats, including a Microsoft Defender 0-Day vulnerability, a SonicWall brute-force attack, and a 17-year-old Excel remote code execution (RCE) flaw. The article emphasizes the persistence of ancient vulnerabilities, supply chain risks, and creative hacking tactics.
- Two different attackers poisoned popular open source tools - and showed us the future of supply chain compromise
Two supply chain attacks in March compromised popular open source tools with malware, enabling attackers to steal secrets from tens of thousands of organizations. The incidents highlight vulnerabilities in software supply chains and the urgent need for SBOMs to improve transparency.
- Supply chain nightmare: How Rust will be attacked and what we can do to mitigate
The article discusses vulnerabilities in Rust's supply chain that could be exploited by attackers, highlighting potential risks and mitigation strategies. It emphasizes the importance of addressing security weaknesses in software ecosystems.