Tag: supply chain attack

Arcana Info Brings Banking Leaders Together At IBM Technology Summit 2026 To Discuss AI Adoption, Governance And Innovation

Wired
Arcana Info highlights a key panel at IBM Technology Summit 2026 featuring executives from Meezan Bank, Mashreq Bank, 1LINK, and Faysal Bank discussing AI adoption, governance, security, and compliance in Pakistan’s financial sector.

PTCL Business Solutions And TCS Private Limited Mark Successful Device As A Service Project Implementation In Karachi

Channel & Partners
PTCL Business Solutions and TCS Private Limited celebrated the successful implementation of the Device as a Service (DaaS) project at TCS Head Office Karachi, reinforcing their commitment to digital transformation and connectivity solutions for Pakistan's logistics sector.

Malicious NPM Package Targets Claude AI User Directory To Steal Files Via GitHub

Risk & Resilience
Researchers uncover a malicious npm package targeting Claude AI user directories to steal files and upload them to attacker controlled GitHub repositories.

Mini Shai Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI And Multiple Open Source Packages In Supply Chain Attack

Risk & Resilience
A Mini Shai Hulud worm linked to TeamPCP has compromised npm and PyPI packages across TanStack, Mistral AI, Guardrails AI and others, deploying credential stealers, CI/CD exploits, and cross ecosystem propagation techniques.

Researchers Uncover 73 Fake VS Code Extensions Distributing GlassWorm V2 Malware

Risk & Resilience
Security researchers identified 73 fake Microsoft VS Code extensions on Open VSX tied to GlassWorm v2 malware campaign targeting developers through supply chain attacks and sleeper packages.

Malicious Docker Images And VS Code Extensions Compromise Checkmarx Supply Chain

Risk & Resilience
Security researchers report malicious Docker images and VS Code extensions tied to Checkmarx supply chain compromise, exposing developer credentials, cloud tokens, and CI/CD secrets through multi-stage malware and npm propagation.

Smart Slider 3 Pro Update Compromised Through Nextend Servers Delivers Backdoored Version

Risk & Resilience
A compromised Smart Slider 3 Pro update distributed via Nextend servers delivered a backdoored version affecting WordPress and Joomla sites, enabling remote access and persistence.

Trivy Supply Chain Attack Spurs Self Propagating CanisterWorm Across Npm Ecosystem

Risk & Resilience
A supply chain attack linked to Trivy has led to the spread of CanisterWorm malware across dozens of npm packages, exploiting tokens and decentralized infrastructure.

GlassWorm Supply Chain Campaign Targets Developers Through Malicious Open VSX Extensions

Risk & Resilience
Security researchers report an expanded GlassWorm campaign using malicious Open VSX extensions and hidden Unicode code to target developers and steal sensitive data.

Malicious Go Crypto Module Steals Passwords And Deploys Rekoobe Backdoor On Linux Systems

Risk & Resilience
Researchers uncover a malicious Go module impersonating golang.org/x/crypto that steals terminal passwords, installs SSH persistence, and deploys the Rekoobe Linux backdoor.

Cline CLI 2.3.0 Supply Chain Attack Led To Unauthorized OpenClaw Installation On Developer Systems

Risk & Resilience
A compromised npm publish token was used to release Cline CLI version 2.3.0, triggering unauthorized installation of OpenClaw on developer systems during an eight hour supply chain attack window.

First Malicious Microsoft Outlook Add In Found Stealing Over 4,000 Credentials In Supply Chain Attack

Risk & Resilience
Cybersecurity researchers uncover the first known malicious Microsoft Outlook add in used to steal more than 4,000 Microsoft credentials through an abandoned domain takeover supply chain attack.

Compromised dYdX npm And PyPI Packages Spread Wallet Stealers And Remote Access Malware

Risk & Resilience
Cybersecurity researchers uncover a supply chain attack where compromised dYdX npm and PyPI packages distributed wallet-stealing malware and remote access trojans, exposing developers and crypto users to major risks.

AWS CodeBuild Misconfiguration Exposed GitHub Repositories To Potential Supply Chain Attacks

Risk & Resilience
A misconfiguration in AWS CodeBuild allowed potential takeover of GitHub repositories including aws-sdk-js-v3, exposing cloud environments to supply chain risks. AWS has since remediated the issue.
12Page 1 of 2

Recent articles

spot_img