Supply-Chain

Cybersecurity experts have uncovered a highly sophisticated social engineering campaign that is deploying MixShell, a stealthy in-memory malware, against key manufacturing companies vital to the global supply chain. This malicious operation, tracked by Check Point Research under the name ZipLine, takes an unusual approach to infiltration. A Shift from Traditional Phishing Instead of relying on […]

Malicious Python and npm Packages Uncovered in Supply Chain Attacks Cybersecurity researchers have uncovered a malicious package on the Python Package Index (PyPI) that introduced harmful behavior through a hidden dependency, enabling persistence and remote code execution. The package, named termncolor, achieved its malicious activity via a dependency called colorinal, as detailed by Zscaler ThreatLabz.