All news with #supply chain backdoor tag

🛡️ The Quick Page/Post Redirect WordPress plugin, installed on more than 70,000 sites, contained a hidden backdoor introduced through a malicious self-update mechanism in versions 5.2.1 and 5.2.2. Researcher Austin Ginder discovered the issue after multiple infections on his Anchor hosting fleet led to a security alert; WordPress.org has temporarily pulled the plugin pending review. A tampered 5.2.3 build, delivered from an external anadnet[.]com server, added a passive backdoor that only triggers for logged-out users and appears to have been used for cloaked SEO spam. Impacted sites should uninstall the plugin and replace it with a clean copy of version 5.2.4 from WordPress.org when it is available.

🔐 The article argues that modern ransomware operates like an industry, with affiliates, suppliers, marketplaces and subscription services coordinating long before a ransom note appears. It cites the March 2024 Change Healthcare incident and disputes between affiliates and operators to illustrate franchise dynamics. It details technical enablers such as BYOVD EDR killers and emerging AI-assisted tooling, and urges defenders to map actors, tools and supply‑chain exposure rather than treat incidents as isolated break‑ins.

🔒VirusTotal details how OpenClaw skills are being abused as a supply-chain delivery channel, demonstrating five attack patterns that convert convenience into access. The report maps concrete tradecraft — remote execution, semantic worm propagation, SSH-based persistence, silent exfiltration, and prompt-based cognitive rootkits — to representative malicious skills. It concludes with practical mitigations: sandboxing, least privilege, egress controls, dependency hygiene, and protection of persistent instruction files.

🔓 Researchers at KU Leuven built a $50 DDR4 interposer that subverts confidential computing protections such as Intel SGX and AMD SEV, demonstrated at Black Hat Europe. The runtime attack, called Battering RAM, manipulates memory address mapping to gain arbitrary plaintext read/write and extract SGX provisioning keys, circumventing recent boot-time mitigations. The team warns that compromised memory modules in the supply chain could enable persistent backdoors on vulnerable cloud VMs.

⚠️Researchers from CheckPoint disclosed a critical remote code execution vulnerability in OpenAI's Codex CLI that allowed project-local .env files to redirect the CODEX_HOME environment variable and load attacker-controlled MCP servers. By adding a malicious mcp_servers entry in a repo-local .codex/config.toml, an attacker with commit or PR access could cause Codex to execute commands silently whenever a developer runs the tool. OpenAI addressed the issue in Codex CLI v0.23.0 by blocking project-local redirection of CODEX_HOME, but the flaw demonstrates how automated LLM-powered developer tools can expand the attack surface and enable persistent supply-chain backdoors.