Skip to content
The Nexus
DossierENTITY

supply-chain attack

Coverage of supply-chain attack in the Nexus archive.

Earliest in view: Apr 27 · 23:33 UTCMost recent: Jun 26 · 18:04 UTC
Co-mentioned in this coverage
Recent coverage
  • SECURITYJun 26 · 18:04 UTCBLEEPING COMPUTER
    Polymarket customers lose $3 million in supply-chain attack

    Polymarket customers lost an estimated $3 million due to a supply-chain attack where hackers injected a malicious script into the platform's frontend via a third-party vendor breach. The company has committed to fully reimbursing affected customers.

  • SECURITYJun 4 · 15:25 UTCBLEEPING COMPUTER
    New IronWorm malware hits 36 packages in npm supply-chain attack

    A new supply-chain attack has infected 36 packages on the Node Package Manager (npm) index with infostealer malware called IronWorm.

  • SECURITYJun 1 · 21:38 UTCBLEEPING COMPUTER
    Red Hat npm packages compromised to steal developer credentials

    More than 30 npm packages under Red Hat's '@redhat-cloud-services' namespace were compromised in a supply-chain attack that distributed a new variant of the Shai-Hulud credential-stealing malware, dubbed 'Miasma'.

  • SECURITYJun 1 · 19:49 UTCARS TECHNICA
    Dozens of Red Hat packages backdoored through its official NPM channel

    Red Hat's official NPM accounts were compromised to distribute malicious packages stealing credentials. Over 30 packages were affected in a supply-chain attack identified by security firm Aikido.

  • SECURITYMay 28 · 13:00 UTCCYBERSCOOP
    Zapier fixes bug chain that researchers say risked widespread account takeover

    Security researchers at Token Security discovered a chain of five vulnerabilities in Zapier that could have allowed attackers to gain access to millions of user accounts and connected systems without malware or insider access. The flaws, which exploited weaknesses in code execution and credential storage, could have enabled malicious actors to impersonate users and manipulate integrations with third-party services. The vulnerabilities were responsibly disclosed through Zapier's bug-bounty program and have since been patched.

  • SECURITYApr 29 · 22:43 UTCBLEEPING COMPUTER
    Official SAP npm packages compromised to steal credentials

    Multiple official SAP npm packages were compromised in a TeamPCP supply-chain attack, aiming to steal developer credentials and authentication tokens. The breach highlights vulnerabilities in software supply chains and developer security practices.

  • SECURITYApr 29 · 11:00 UTCARS TECHNICA
    Why a recent supply-chain attack singled out security firms Checkmarx and Bitwarden

    Security firm Checkmarx has been targeted in multiple supply-chain attacks over 40 days, including a breach of the Trivy vulnerability scanner and a ransomware attack. Attackers compromised GitHub accounts to deliver malware to users, stealing credentials like repository tokens and SSH keys.

  • SECURITYApr 27 · 23:33 UTCTHE REGISTER
    Ongoing supply-chain attack 'explicitly targeting' security, dev tools

    Checkmarx, a software security testing company, has been targeted in a supply-chain attack by the Lapsus$ group, which claimed to have leaked their source code and sensitive data from a GitHub repository. The breach highlights ongoing attacks explicitly targeting security and development tools.

supply-chain attack · Dossier · The Nexus