supply-chain attack
Coverage of supply-chain attack in the Nexus archive.
- Polymarket customers lose $3 million in supply-chain attack
Polymarket customers lost an estimated $3 million due to a supply-chain attack where hackers injected a malicious script into the platform's frontend via a third-party vendor breach. The company has committed to fully reimbursing affected customers.
- New IronWorm malware hits 36 packages in npm supply-chain attack
A new supply-chain attack has infected 36 packages on the Node Package Manager (npm) index with infostealer malware called IronWorm.
- Red Hat npm packages compromised to steal developer credentials
More than 30 npm packages under Red Hat's '@redhat-cloud-services' namespace were compromised in a supply-chain attack that distributed a new variant of the Shai-Hulud credential-stealing malware, dubbed 'Miasma'.
- Dozens of Red Hat packages backdoored through its official NPM channel
Red Hat's official NPM accounts were compromised to distribute malicious packages stealing credentials. Over 30 packages were affected in a supply-chain attack identified by security firm Aikido.
- Zapier fixes bug chain that researchers say risked widespread account takeover
Security researchers at Token Security discovered a chain of five vulnerabilities in Zapier that could have allowed attackers to gain access to millions of user accounts and connected systems without malware or insider access. The flaws, which exploited weaknesses in code execution and credential storage, could have enabled malicious actors to impersonate users and manipulate integrations with third-party services. The vulnerabilities were responsibly disclosed through Zapier's bug-bounty program and have since been patched.
- Official SAP npm packages compromised to steal credentials
Multiple official SAP npm packages were compromised in a TeamPCP supply-chain attack, aiming to steal developer credentials and authentication tokens. The breach highlights vulnerabilities in software supply chains and developer security practices.
- Why a recent supply-chain attack singled out security firms Checkmarx and Bitwarden
Security firm Checkmarx has been targeted in multiple supply-chain attacks over 40 days, including a breach of the Trivy vulnerability scanner and a ransomware attack. Attackers compromised GitHub accounts to deliver malware to users, stealing credentials like repository tokens and SSH keys.
- Ongoing supply-chain attack 'explicitly targeting' security, dev tools
Checkmarx, a software security testing company, has been targeted in a supply-chain attack by the Lapsus$ group, which claimed to have leaked their source code and sensitive data from a GitHub repository. The breach highlights ongoing attacks explicitly targeting security and development tools.