Supply Chain Attacks

5 articles in this category

AI NewsCybersecuritySupply Chain Attacks

GlassWorm Returns with 24 Malicious Extensions Impersonating Popular Developer Tools

24 malicious VS Code extensions mimic Flutter and React tools, using Rust implants and Solana-based C2 to target developers.

Dec 2, 2025

AI NewsCybersecuritySupply Chain Attacks

npm Worm Shai-Hulud Strikes Again, Compromising 27,000 GitHub Repos

The Shai-Hulud npm worm resurfaces, stealing 3,760 valid secrets from 27,000 GitHub repositories in a supply chain attack.

Dec 1, 2025

AI NewsCybersecuritySupply Chain Attacks

Shai-Hulud v2 Spreads From npm to Maven, as Campaign Exposes Thousands of Secrets

Shai-Hulud v2 breached npm and Maven, exposing 11,858 secrets across 28,000+ repositories.

Nov 26, 2025

AI NewsCybersecuritySupply Chain Attacks

Second Sha1-Hulud Wave Affects 25,000+ Repositories via npm Preinstall Credential Theft

25,000+ GitHub repos compromised by Sha1-Hulud via npm preinstall scripts stealing cloud credentials.

Nov 24, 2025

AI NewsCybersecuritySupply Chain Attacks

Malicious NuGet Packages with Delayed Logic Bombs Threaten Industrial and Database Systems

A supply chain attack involving nine malicious NuGet packages, downloaded 9,488 times, hides payloads targeting databases and PLCs, set to activate in 2027 and 2028.

Nov 7, 2025