The CrowdStrike npm Supply Chain Attack
The JavaScript ecosystem was rocked in September 2025 by a sweeping npm supply chain attack that compromised over 180 popular packages, including some released under the CrowdStrike namespace. This incident,…
Supply Chain Attack in NPM Steals Credentials
The MUT-1244 threat actor has been identified as the group behind the sophisticated supply-chain attack targeting the @0xengine/xmlrpc package. This group has been active for over a year, using multiple…
Supply Chain Attack on Solana npm Library
A significant supply chain attack targeted the widely-used @solana/web3.js npm library, aiming to steal private keys and subsequently funds, putting both developers and cryptocurrency users at risk. The malicious versions,…
Checkmarx Uncovers Supply Chain Attacks in Financial Sector
Checkmarx has uncovered a new and sophisticated cyber threat targeting the banking sector. The research team uncovered two distinct open-source software supply chain attacks targeting financial institutions. These attacks, which involved…
Gigabyte Motherboards Backdoor’ed
Researchers have identified a hidden mechanism in the firmware of motherboards manufactured by Taiwanese company Gigabyte that is primarily designed to update motherboard firmware, which could reportedly be exploited by…
PyTorch Malvertised
PyTorch is one of the most popular and widely-used machine learning toolkits out there. Initially released as an open-source project by Meta, and was handed over to the Linux Foundation…
Cloud Supply Chain Protection from Palo Alto
Courtesy : Palo Alto Palo Alto has introduced the industry’s first runtime context-aware software composition analysis (SCA) system that helps developers identify open-source software components that are safe to use…
Malicious NPM Package Use in Supply chain attacks
Researchers have discovered a supply chain attack that uses packages hosted on the Node Package Manager, the manager for the Node.js JavaScript platform. The attack involves more than two dozen…