Supply Chain Attack
Cyberattacks that target less secure elements in a supply chain to gain access to a primary target.
-
Trivy Supply Chain Attack Spreads Infostealer, Worm, and Kubernetes Wiper via Docker Hub
A supply chain attack targeting Aqua Security’s Trivy vulnerability scanner led to the distribution of malicious artifacts via Docker Hub, deploying TeamPCP infostealer, a worm, and a Kubernetes wiper.
-
Chrome extensions turned malicious after ownership transfer, pushing code injection and fake updates
Two Chrome extensions, QuickLens and ShotBird, turned malicious after ownership changes, enabling attackers to inject arbitrary code, strip security headers, display fake Chrome update prompts, and steal sensitive data from downstream users.
-
AppsFlyer Web SDK hijacked to deliver crypto-stealing JavaScript in supply-chain attack
The AppsFlyer Web SDK was temporarily hijacked to deliver malicious JavaScript that replaced cryptocurrency wallet addresses with attacker-controlled ones, in what AppsFlyer says was a domain registrar incident affecting the Web SDK on a segment of customer websites.
-
GlassWorm Returns with 24 Malicious Extensions Impersonating Popular Developer Tools
The GlassWorm supply chain campaign has resurfaced, infiltrating the Microsoft Visual Studio Marketplace and Open VSX with 24 malicious extensions. These extensions impersonate popular developer tools and frameworks, stealing credentials and cryptocurrency, and turning developer machines into attacker-controlled nodes. This re-emergence highlights the adaptive nature of the adversary and the persistent challenge in securing developer…
-
Ransomware Attack Cripples Asahi Group Holdings’ Deliveries, Financials
A ransomware attack has severely impacted Asahi Group Holdings, disrupting beer deliveries and financial reporting for a month, highlighting critical vulnerabilities in supply chain integrity and data security for large corporations.
-
Nation-State Actor Implicated in Year-Long Ribbon Communications Breach
An American telecommunications company, Ribbon Communications, experienced a year-long security breach attributed to a nation-state actor, highlighting significant supply chain risks within the telecom sector.