Supply-Chain

Konni Hackers Deploy AI Generated PowerShell Backdoor Targeting Blockchain Developers

North Korea-linked threat actor Konni has been observed launching a new cyber campaign that uses an AI-generated PowerShell backdoor to target blockchain developers and engineering teams. The operation highlights an increasing use of artificial intelligence to accelerate malware development while maintaining stealth. According to Check Point Research, the phishing activity has targeted organizations and individuals […]

Konni Hackers Deploy AI Generated PowerShell Backdoor Targeting Blockchain Developers Read More »

Malicious PyPI Package Masquerades as SymPy and Deploys XMRig Miner on Linux Hosts

A newly identified malicious package hosted on the Python Package Index (PyPI) has been caught impersonating the widely used SymPy library to deploy harmful payloads on Linux machines. The campaign highlights the growing risk of supply chain attacks targeting developers through trusted open source repositories. Fake Development Package Targets Python Users The malicious package, named sympy-dev,

Malicious PyPI Package Masquerades as SymPy and Deploys XMRig Miner on Linux Hosts Read More »

AWS CodeBuild Misconfiguration Exposed GitHub Repositories to Potential Supply Chain Attacks

Cloud security researchers have revealed that a critical misconfiguration in AWS CodeBuild could have allowed attackers to fully compromise Amazon Web Services owned GitHub repositories, including the widely used AWS JavaScript SDK. The issue created a potential pathway for large scale supply chain attacks that could have impacted countless AWS customers. The vulnerability, named CodeBreach by cloud security firm Wiz,

AWS CodeBuild Misconfiguration Exposed GitHub Repositories to Potential Supply Chain Attacks Read More »

n8n Supply Chain Attack Exploits Community Nodes to Hijack OAuth Tokens

Security researchers have uncovered a supply chain attack targeting the n8n workflow automation ecosystem, where malicious actors abused community published npm packages to steal OAuth credentials from developers. According to findings published by Endor Labs last week, attackers uploaded eight deceptive npm packages that appeared to function as legitimate n8n integration nodes. These packages were

n8n Supply Chain Attack Exploits Community Nodes to Hijack OAuth Tokens Read More »

Researchers Discover NodeCordRAT Embedded in Bitcoin-Themed npm Packages

Cybersecurity researchers have uncovered a new malware campaign involving three malicious npm packages that were used to distribute a previously undocumented remote access trojan named NodeCordRAT. The discovery highlights ongoing risks within open source ecosystems, particularly for developers working with cryptocurrency related libraries. Malicious Packages Identified The following npm packages were identified as part of

Researchers Discover NodeCordRAT Embedded in Bitcoin-Themed npm Packages Read More »

Trust Wallet Chrome Extension Hack Drains $8.5M Through Shai-Hulud Supply Chain Attack

Trust Wallet has disclosed that a major security breach affecting its Google Chrome browser extension was the result of the second wave of the Shai-Hulud supply chain attack, identified in November 2025. The incident led to the theft of nearly $8.5 million in cryptocurrency assets, marking one of the most significant browser extension compromises in the crypto

Trust Wallet Chrome Extension Hack Drains $8.5M Through Shai-Hulud Supply Chain Attack Read More »

27 Malicious npm Packages Used as Phishing Infrastructure to Steal Login Credentials

Cybersecurity researchers have uncovered a sustained and carefully targeted spear‑phishing operation that abused the npm package ecosystem as a delivery platform for credential theft. According to findings published by Socket, the campaign involved the upload of 27 malicious npm packages using six different publisher aliases. Rather than infecting systems directly, the attackers repurposed npm package hosting and content

27 Malicious npm Packages Used as Phishing Infrastructure to Steal Login Credentials Read More »

Fake WhatsApp API Package on npm Steals Messages, Contacts, and Login Tokens

Cybersecurity researchers have uncovered a malicious software package hosted on the npm repository that masquerades as a fully functional WhatsApp API while secretly stealing sensitive user data and granting attackers persistent access to victims’ WhatsApp accounts. The package, called lotusbail, has been downloaded more than 56,000 times since it was published in May 2025 by

Fake WhatsApp API Package on npm Steals Messages, Contacts, and Login Tokens Read More »

CISA Flags Critical ASUS Live Update Flaw Following Evidence of Active Exploitation

The United States Cybersecurity and Infrastructure Security Agency has added a critical security flaw affecting ASUS Live Update to its Known Exploited Vulnerabilities (KEV) catalog, citing confirmed evidence of active exploitation. The alert highlights renewed concerns around a long standing supply chain issue tied to the ASUS software ecosystem. The vulnerability, tracked as CVE-2025-59374 with a

CISA Flags Critical ASUS Live Update Flaw Following Evidence of Active Exploitation Read More »

GhostPoster Malware Discovered in 17 Firefox Add ons with Over 50,000 Downloads

A newly identified malware campaign named GhostPoster has been uncovered abusing logo image files embedded within browser extensions to deliver malicious JavaScript code. The operation targeted users of Mozilla Firefox through at least 17 compromised add-ons that collectively recorded more than 50,000 downloads before being removed. The findings were disclosed by Koi Security, which identified

GhostPoster Malware Discovered in 17 Firefox Add ons with Over 50,000 Downloads Read More »