< ciso
brief />
Tag Banner

All news with #supply chain compromise tag

576 articles · page 2 of 29

Shai Hulud CI/CD to Redshift breach analysis

🔍 This FortiGuard Labs analysis examines the Shai Hulud supply chain worm that poisoned CI/CD dependencies to harvest Jenkins credentials and pivot into AWS. The report outlines a mid‑May 2026 incident where FortiCNAPP traced external use of a Jenkins instance role, IAM escalation to a cloudops-monitor identity, and subsequent Redshift data extraction. It highlights detection signals, MITRE mappings, and recommended containment actions.
read more →

One Million Passports Exposed in Data Leak

🔐 A database containing nearly one million passport records from multiple countries was leaked online. The incident highlights how high-value credentials like passports can be compromised when reused within lower-security systems; in this case, an ID verification service used by cannabis dispensaries was breached. The exposure demonstrates the cascading risk when sensitive identity documents are trusted by ancillary services with weaker protections.
read more →

High‑Install Chrome Extension Enables Remote Script Injection

🛡️ An analysis of a widely installed Google Chrome extension, Adblock for YouTube (10M+ installs), revealed it can execute arbitrary JavaScript across websites. Researchers found a dormant, server‑controlled injection capability that could create elements without an extension update or store review. Although no evidence of active abuse was reported, the combination of all‑site access, prior ad‑injection SDKs, and related removed extensions raises significant privacy and security concerns.
read more →

Ransomware Incidents Surge Across Europe in 2026

🔍 Black Kite's 2026 European Cyber Risk Report found a 55.1% year-over-year rise in ransomware incidents in the first four months of 2026, averaging 171 incidents per month. Five countries — Germany, the UK, France, Italy and Spain — accounted for 70% of attacks. The Qilin ransomware was the most prevalent, followed by Akira and regionally focused SafePay, with manufacturing the most targeted sector. Researchers highlighted supply chain compromises and third-party risk as key drivers of the increase.
read more →

OpenClaw AI supply chain risks and findings

🧭 OpenClaw is an AI agent executing third-party skills from ClawHub, and several malicious campaigns emerged after launch. Our Feb–May 2026 analysis identified five skills that bypassed screening and fell into three threat categories: macOS infostealers, an evasion technique using inflated file size, and novel agentic threats for financial gain. All five skills were reported and removed; OpenClaw and NVIDIA have since increased screening and analysis.
read more →

GitHub hardens Actions checkout to block pwn requests

🔒 GitHub has updated actions/checkout to v7 to automatically block and fail workflows that attempt to fetch unreviewed fork pull request code when run under pull_request_target or workflow_run events. The change enforces a secure-by-default behavior, with an explicit opt-out allow-unsafe-pr-checkout available for developers who need it. Backports to supported major versions are planned beginning July 16; pinned SHAs and specific versions must be updated manually.
read more →

North Korean Supply Chain Attack Hits Mastra Packages

🔐 Microsoft attributed a large-scale npm supply chain attack on the open-source Mastra TypeScript project to North Korea’s Sapphire Sleet group. The threat actor abused a compromised npm maintainer account to publish poisoned packages that disabled TLS verification and contacted attacker C2 servers to deploy cross-platform malware. The payload sought cryptocurrency wallet extensions and performed system reconnaissance, posing a significant risk to developers and downstream users. Microsoft advised auditing dependencies, checking for the malicious easy-day-js package and pinning known-good package versions.
read more →

Tabletop simulates modern retail ransomware mayhem

🔍 The Semperis-run "Enter the War Room" tabletop at Infosecurity Europe simulated a ransomware and reputational attack on fictional supermarket BlueCart. Red-team operators exploited supplier trust, stolen credentials, weak MFA, and poor network segmentation to access AI supply-chain systems and exfiltrate loyalty data. Attackers combined misinformation, deepfakes, fake orders, and payroll disruption to magnify harm, while defenders focused on out-of-band communications, honeypots, and refusing ransom demands to limit impact.
read more →

Nintendo confirms TinyPulse survey data stolen

🛡️ Nintendo of America confirmed that threat actors accessed survey data from the third-party TinyPulse service used for internal employee surveys, but its own systems were not compromised. The company said the information is limited to a small subset of employees and mostly dates back several years. Nintendo is working with the service provider while denying any access to customer or financial data.
read more →

Operation Escaneo exposes Latin American intrusions

🔍 New research from CloudSEK reveals Operation Escaneo, a coordinated campaign targeting government and financial entities across Latin America after attackers left a staging server exposed. The group exploited internet-facing appliances and known vulnerabilities in Fortinet and Ivanti devices, plus Apache Tomcat, Windows, and Log4Shell flaws. Attackers used custom reconnaissance (Kimera), webshells, reverse tunnels and a compromised Cisco router to exfiltrate large volumes of sensitive data.
read more →

Fake Reputation Campaign Pushes Crypto Clipper

🛡️ Check Point Research found a coordinated campaign using paid posts, fake accounts, and a WordPress phishing hub to promote malicious warez. The operators pushed a Rust-based clipboard hijacker hidden in Solana and sniper bot packages targeting Windows and macOS, replacing crypto wallet addresses to steal funds. They used GitHub, SourceForge, YouTube, VirusTotal manipulation, and press release services to fabricate trust and inflate metrics.
read more →

Protecting Legacy OT Systems From Modern Threats

🔒 Manufacturing facilities often rely on long-running operational technology (OT) that was built for stability, not security. As IT and OT converge, previously isolated systems face increased exposure to internet-borne attacks, ransomware, and supply-chain disruption. Effective defenses start with asset visibility, careful deployment choices, network protections for agentless devices, and long-term vendor support to mitigate risks without disrupting production.
read more →

Mastra npm packages compromised in supply-chain attack

🛡️ Multiple npm packages under the @mastra/* namespace were mass-published with a malicious dependency on June 16–17, 2026, enabling a supply-chain campaign named easy-day-js. The injected library, easy-day-js, executes an obfuscated postinstall payload that downloads a second-stage trojan from attacker infrastructure and disables TLS validation. Victims should treat any systems that installed the affected versions as potentially compromised, roll back to safe releases, rotate secrets, and audit hosts for signs of the stealer.
read more →

Malicious JetBrains plugins harvest AI API keys

🛡️ A coordinated campaign on the JetBrains Marketplace used at least 15 malicious IDE plugins to exfiltrate developers' AI provider API keys. Discovered by Aikido Security, the plugins—posing as AI assistants, code-review tools, and Git utilities—sent keys to a hardcoded server when users clicked "Apply" after entering credentials. Published from October 2025 through June 2026, these plugins were installed nearly 70,000 times and remain available on the Marketplace at the time of reporting.
read more →

Malicious Steam Workshop wallpapers used to deliver malware

🛡️ Researchers at Kaspersky report threat actors abusing Steam Workshop to distribute malware via the Wallpaper Engine app. Attackers upload malicious application-type wallpapers that execute payloads when installed, leading to account theft, backdoors, miners, and information stealers. Valve removed the identified items, but users are advised to only download from trusted creators and scan Workshop content with up-to-date antivirus.
read more →

Supply-chain Attack Compromises Popular WordPress Plugins

🛡️ Dutch researcher Sansec revealed a supply-chain attack that tampered with JavaScript for three plugins from Awesome Motive — OptinMonster, TrustPulse and PushEngage. The malicious payload created rogue administrator accounts and installed a stealth backdoor plugin after detecting a logged-in admin, sending credentials to a lookalike service. Sansec observed brief exposure windows for some tampered scripts and urged site owners to check for unfamiliar admins and traffic to tidio[.]cc.
read more →

Weekly Cyber Recap: Active Chrome 0‑Day Patch

⚠️ Google issued fixes for 74 Chrome flaws, including an actively exploited V8 out-of-bounds memory access (CVE-2026-11645). This week's recap highlights exploited enterprise bugs like Oracle PeopleSoft and Check Point VPN, large-scale supply-chain and package abuse in Arch's AUR, and the takedown of a major phishing-as-a-service operation. Practical guidance and trending CVEs round out the update.
read more →

152 Chrome wallpaper extensions found distributing PUPs

🔎 Cybersecurity researchers uncovered 152 Chrome wallpaper extensions that distribute a potentially unwanted program (PUP) family across 38 publisher accounts and three brand backends, collectively installed 105,000 times. Each listing claims not to collect data, but linked privacy policies admit logging IPs, ISPs, clicks, and referrers, shared with Google AdSense, DoubleClick, and third-party partners. Some extensions hard-code install and uninstall URLs to fake organic Google search referrals and include dormant code to enumerate and delete IndexedDB databases. Socket assesses the cluster as a financially motivated adware and traffic-fraud affiliate operation with possible ties to Turkey.
read more →

Compromised JavaScript in Popular WordPress Plugins

🛡️ An attacker served tampered JavaScript used by PushEngage, OptinMonster, and TrustPulse, executing only when a logged-in WordPress administrator loaded the files. The malicious code created an attacker-controlled admin account, installed a hidden plugin backdoor providing remote code execution, and exfiltrated credentials to a fake tidio[.]cc domain. Sansec disclosed the campaign on June 13; PushEngage confirmed exposures that lasted longer than the brief windows seen for the other plugins. Site owners should treat any site that loaded the affected scripts during the window as compromised and perform server-side scans and credential rotations immediately.
read more →

OceanLotus Targets Vietnamese Investors and Firms

🔍 ESET links the Vietnam-aligned APT group OceanLotus to two campaigns delivering the SPECTRALVIPER backdoor against a transport construction firm and stock investors via a FireAnt Metakit supply-chain compromise between mid-2024 and March 2026. The actor used DLL side-loading and update-server abuse to deploy loaders and steal host profiles, signaling a shift toward more selective domestic espionage.
read more →