All news with #supply chain compromise tag

🚨 Jamf Threat Labs and other researchers observed DPRK-linked actors using malicious Visual Studio Code project repositories to deliver a multi-stage backdoor enabling remote code execution. The campaign abuses VS Code task configuration files (runOn: folderOpen) to fetch obfuscated JavaScript from Vercel and deploy implants named BeaverTail and InvisibleFerret. Targets are lured to clone and open repository-based job assessments, and on macOS the chain uses nohup/curl to run Node.js payloads that persist beyond the IDE.

⚠️ Trend Micro detailed a campaign using a new information stealer, Evelyn Stealer, that abuses the Visual Studio Code extension ecosystem to harvest developer secrets. Malicious extensions drop a downloader DLL (Lightshot.dll) which launches a staged executable (runtime.exe) and injects the stealer into a legitimate process (grpconv.exe) to run in memory. The malware collects credentials, cookies, crypto wallets, screenshots, Wi‑Fi data and system metadata, then exfiltrates compressed archives to an attacker-controlled FTP server.

⚡ This week’s roundup highlights active exploitation of a critical Fortinet FortiSIEM vulnerability (CVE-2025-64155) that can lead to full appliance compromise, alongside new malware and supply-chain concerns. Researchers also disclosed a clipboard‑hijacking campaign distributed by RedLineCyber and a Reprompt attack that targeted Microsoft Copilot via P2P prompt injection. Other notable items include a cloud-native Linux framework called VoidLink, disruption of the RedVDS criminal service, and an AWS CodeBuild misconfiguration that raised supply‑chain risks. Defenders should prioritize patching high-severity CVEs, harden CI/CD configurations, and treat AI/chatbot integrations and exposed devices as part of the attack surface.

⚠️ Researchers at Palo Alto Networks' Unit 42 disclosed critical weaknesses in the NeMo, Uni2TS and FlexTok Python libraries used with Hugging Face models, where malicious code can be hidden in model metadata and executed automatically when a manipulated file is loaded. The root cause is the use of Hydra's instantiate(), which accepts arbitrary callables and arguments and can therefore permit remote code execution if metadata is untrusted. Vendors including NVIDIA, Salesforce and the maintainers of FlexTok have issued fixes and CVE assignments; users should upgrade affected libraries and audit models before loading.

🔒 Sophos researchers warn that the TamperedChef malvertising campaign is delivering trojanised PDF manuals and fake downloads to organisations worldwide. Attackers use malicious adverts and promoted search results to trick users searching for technical manuals into installing an infostealer that harvests browser-stored credentials and contacts a C2 server. A second-stage payload, ManualFinderApp.exe, is a trojanised application that acts as both an infostealer and a persistent backdoor. The campaign employs delayed activation, staged payload delivery and code-signing abuse to evade detection; organisations should avoid clicking advert links and obtain software only from official vendor sites.

🔒 Researchers at Wiz found a subtle misconfiguration in AWS CodeBuild build-trigger handling that could let unauthenticated actors infiltrate build environments and leak credentials. A two-character mistake in an unanchored regex filter allowed threat actor ID bypasses, putting public repositories such as the AWS JavaScript SDK at risk. AWS patched the issue within 48 hours, hardening CodeBuild and auditing public build logs. Wiz recommends anchored regexes, fine-grained PATs, and stricter build gates to reduce exposure.

⚠️ A critical CodeBuild misconfiguration, dubbed CodeBreach by Wiz, could have allowed attackers to take over several AWS-managed GitHub repositories, including aws-sdk-js-v3, by bypassing webhook actor ID filters. The flaw—missing ^ and $ anchors in regex filters—enabled unauthorized build triggers and potential leakage of privileged GitHub tokens. AWS fixed the issue in September 2025, rotated credentials, implemented mitigations, and reported no evidence of exploitation.

⚠️ A critical CodeBuild misconfiguration discovered by Wiz Research allowed untrusted pull requests to run privileged builds, enabling potential injection of malicious code into core AWS repositories—including the AWS SDK for JavaScript that underpins the AWS Console. The flaw was an unanchored regex in an ACTOR_ID webhook filter that let attacker-controlled GitHub IDs bypass restrictions and access credentials stored in build memory. AWS patched the issue within 48 hours, revoked exposed credentials, added protections to block memory-based credential theft and introduced a Pull Request Comment Approval build gate. Wiz advises blocking untrusted PRs, using fine‑grained tokens and anchoring webhook regexes.

🔐 The npm ecosystem has shifted from simple typosquatting to coordinated, credential-driven supply‑chain intrusions that target maintainers, CI pipelines, and trusted automation. Attackers now compromise legitimate packages via stolen tokens and publish trojanized updates that quietly propagate to millions of downstream projects. Detection increasingly requires runtime and anomaly analysis rather than static scanning, while mitigations focus on treating CI runners as production assets, aggressively rotating and scoping publish tokens, disabling unnecessary lifecycle scripts, and pinning dependencies to immutable versions.

🔒 In the CEO Outlook 2026 survey, Trend Micro CEO Eva Chen describes how rapid AI adoption and expanding cloud footprints are transforming the cyberthreat landscape and elevating business risk. She flags rising ransomware, supply-chain exposures and AI-enabled attacks, and urges firms to prioritize automation, XDR and cloud security. Chen also stresses the role of channel partners and talent development in building resilience against increasingly sophisticated threats.

🔒 Multiple current and former Target employees told BleepingComputer that a sample of source code and documentation published by a threat actor matches real internal systems. A screenshot of company-wide Slack shows an "accelerated" security change effective January 9, 2026, restricting access to git.target.com to Target-managed networks or VPN. The 14MB sample contains internal names like "BigRED" and "TAP" and references to Vela, Hadoop datasets, and JFrog Artifactory. The threat actor claims a full archive of ~860GB; the root cause remains under investigation.

🔐 Attackers in 2025 are not inventing wholly new techniques but refining long‑standing ones—supply‑chain compromise, credential theft, and malware in official stores—at vastly greater scale. AI has lowered the barrier to entry, enabling small teams or individuals to publish trusted packages, automate phishing, and pivot them to malicious behavior. Gaps in permission models and slow supply‑chain mitigation let these campaigns cascade through dependencies. Defenders should prioritize fundamentals: fix permissions, harden verification, and make phishing‑resistant authentication the default.

🔒 The Amsterdam Court of Appeal sentenced a 44‑year‑old Dutch national to seven years in prison for breaching IT systems at the ports of Rotterdam, Barendrecht and Antwerp to facilitate drug trafficking. The court found he gained access after employees introduced USB sticks containing malware, enabling installation of a remote access tool, data exfiltration and interception. An appeal arguing unlawful interception of Sky ECC communications was rejected, as the defence failed to substantiate procedural violations. He was acquitted on one large cocaine import charge but upheld on hacking, facilitating the importation of 210 kg of cocaine, and attempted extortion.

🔒 Target is investigating claims that an unknown threat actor published samples of internal source code on public Gitea repositories and is advertising a larger dataset for sale. The posted sample included a SALE.MD index listing roughly 57,000 lines and an estimated archive size of ~860 GB. After BleepingComputer alerted Target, the sample repos were removed and the retailer's developer Git server at git.target.com became inaccessible externally. Commit metadata and repository structure suggest the material may have originated from private internal infrastructure.

🔒 Researchers found eight malicious npm packages impersonating n8n community nodes that were designed to steal developers' OAuth credentials. The packages mimicked legitimate integrations (for example, Google Ads), saved encrypted OAuth tokens to n8n's credential store, then used the instance master key at runtime to decrypt and exfiltrate tokens to attacker-controlled servers. Analysts urge disabling community nodes and auditing packages before installation.

🐛 Shai‑Hulud marks a shift from passive supply‑chain tricks to an actively propagating worm that targets developer identities and CI/CD trust. Variants harvest NPM tokens, GitHub secrets and leverage stolen credentials to publish infected packages automatically, often including a dead‑man switch to erase traces. CISOs must treat pipelines and AI-assisted tooling as primary attack surfaces.

🔐 Endor Labs discovered malicious npm packages this week that impersonated community nodes for the n8n workflow automation platform, harvesting OAuth tokens and API keys when installed. The deceptive packages presented legitimate-looking configuration screens while executing code to decrypt credentials from n8n’s credential store and exfiltrate them to attacker-controlled C2 servers. Because n8n treats installed nodes as trusted code with full access to the workflow environment, these packages bypass typical supply-chain monitoring and can perform arbitrary network requests and host interactions. Endor recommends preferring built-in integrations, auditing package source and metadata, monitoring outbound traffic from automation hosts, and using isolated, least-privilege service accounts.

🔒 Chinese-speaking threat actors used a compromised SonicWall VPN appliance to deliver a VMware ESXi exploit toolkit that appears to have been developed more than a year before the vulnerabilities were publicly disclosed. Huntress analysts found PDB build paths and simplified Chinese artifacts suggesting components were compiled in late 2023 and early 2024. The toolkit chains multiple ESXi flaws to escape guest VMs into the hypervisor, load an unsigned kernel driver, and deploy a persistent backdoor. Organizations are urged to apply the latest ESXi security updates and use the supplied detection rules to detect compromise.

🔍 Zscaler ThreatLabz researchers uncovered three malicious npm packages that delivered a previously undocumented remote access trojan dubbed NodeCordRAT. Uploaded under the username "wenmoonx" and disguised as bitcoin libraries, the packages used a postinstall script to install the final payload. NodeCordRAT uses npm for distribution and Discord as its C2, supporting remote shell execution, screenshots, and file exfiltration including browser credentials and wallet seed phrases.

🚗 Jaguar Land Rover is still reeling from a late‑August cyber-attack that disrupted production from September through mid-November, Tata Motors reported. Retail sales in Q3 2025 fell 25.1% year‑on‑year to 79,600 vehicles, while wholesale shipments plunged 43% to 59,200 units. Tata said the incident "significantly disrupted operations," forcing factory stoppages and ongoing distribution delays, compounded by US tariffs and model phase-outs.