All news with #supply chain vulnerability tag

🔐 IBM and Red Hat announced Project Lightwell, a $5 billion initiative backed by 20,000 engineers to create an AI-powered enterprise clearinghouse for discovering and remediating open source vulnerabilities. Initially focused on Java/Maven and designed with 11 financial partners, the service will backport validated fixes into deployed dependency versions without requiring upgrades. The project emphasizes a secure intermediary model for embargoed disclosures, aims to return fixes upstream to communities, and will be offered as a commercial subscription.

🔍 Sonatype's analysis of 4,309 malicious open source packages shows attackers favor naming-variant tactics over simple misspellings. 91% used suffixes, prefixes, embedded terms and dependency-confusion patterns to appear as plausible plugins, configs or SDKs. These packages often perform host and secrets exfiltration, droppers and backdoors, converting routine installs into compromise. Security teams are urged to scrutinize framework-adjacent components and assess publisher and campaign behavior, as typo detection alone is insufficient.

🔒 ABB disclosed multiple vulnerabilities in affected versions of B&R Automation Studio stemming from an outdated third-party SQLite component. An update to Automation Studio 6.5 corrects these issues and the vendor urges customers to apply the update promptly. The advisory lists numerous memory safety and logic issues (heap overflows, integer overflows, use-after-free, NULL dereferences, improper input validation, and more) that could enable unauthorized access, data exposure, or remote code execution. Customers should follow the product manual to identify versions and install updates, and apply general security recommendations as mitigation.

🔐 Recent supply chain campaigns that struck npm, PyPI, and Docker Hub within a 48-hour window illustrate a shift: attackers now target developer environments and CI/CD contexts to harvest API keys, tokens, SSH keys, and cloud credentials. The piece explains how local repositories, .env files, package configs, and AI assistants concentrate sensitive context and delivery authority on individual machines. It urges security teams to treat the developer workstation as a local supply chain boundary and to align endpoint, identity, AppSec, and platform controls to detect, limit, and rapidly rotate exposed secrets.

🛡️ Kaspersky researchers found three malicious PyPI wheel packages — uuid32-utils, colorinal and termncolor — that covertly delivered a new malware family named ZiChatBot to Windows and Linux hosts. The packages drop platform-specific loaders (terminate.dll or terminate.so) that persist via a Registry autorun entry or a crontab and act as droppers for the main payload. ZiChatBot uses public Zulip REST APIs as its command-and-control channel, executes shellcode received from the service, and signals success by sending a heart emoji. The packages were uploaded in July 2025 and have been removed; organizations should audit dependencies, verify build environments, and monitor the published indicators.

🔍 The EOL blind spot in CVE feeds means scanners and SBOM tools routinely miss vulnerabilities in end-of-life open source versions because upstream advisories and CVE records typically list only actively supported ranges. HeroDevs and Sonatype data show maintainers lack the capacity to test legacy releases, producing widespread false negatives — HeroDevs estimates that for roughly 80% of CVEs on supported versions, EOL lines are also affected but unreported. The article uses CVE-2026-22732 in the Spring ecosystem to illustrate the problem and highlights a 12M+ version dataset that finds millions of EOL package versions and tens of thousands of EOL components with known CVEs. Use of HeroDevs EOL dataset or similar analysis is recommended to discover hidden exposure quickly.

⚠️ The article highlights a persistent blind spot: end-of-life (EOL) open-source versions frequently fall outside CVE affected ranges and thus don’t trigger SCA scanner alerts. Research from HeroDevs and Sonatype shows millions of EOL package versions and tens of thousands with known CVEs but no official fixes. Concrete Spring Security examples from 2026 illustrate how EOL users can remain exposed without warning. The piece urges improved visibility and proactive EOL scanning.

🔔 LayerZero-linked infrastructure poisoning likely enabled a North Korean-linked group (TraderTraitor/TraderTraiter) to steal $290M from KelpDAO by compromising RPC nodes and exploiting a quorum while a DDoS distracted a third node, prompting an Arbitrum Security Council freeze. At the same time, active RCE attacks, malicious npm packages delivering credential stealers and SSH backdoors, and indirect AI prompt injection payloads are accelerating breaches. The bulletin also flags covert browser access by desktop AI apps, a surge in commodified malware, SIM-farm services, and persistent exploitation of long-known weaknesses; the practical remedies remain patch early, verify dependencies, and restrict implicit trust.

📰 The ThreatsDay Bulletin highlights immediate, actionable risks including a pre-auth RCE chain in Progress ShareFile (CVE-2026-2699/CVE-2026-2701), unpatched ImageMagick zero-days enabling RCE, and novel CloudTrail evasion techniques that erase forensic visibility. It also details widespread mobile-rootkit campaigns, a sharp rise in open-source and supply-chain malware advisories, and phishing apps abusing distribution services to harvest credentials. Defenders should prioritize patching, sandboxing ingest pipelines, and hunting for signs of chained low-and-slow techniques and suspicious AWS API activity.

⚠️ Siemens reports that SIDIS Prime versions prior to V4.0.800 include multiple vulnerabilities in third‑party components such as OpenSSL, SQLite, and a range of Node.js libraries. The advisory enumerates numerous CVEs covering memory corruption, DoS, XSS, path traversal, prototype pollution, and other weaknesses. Siemens and CISA recommend updating to V4.0.800 or later, restricting network exposure, and following vendor operational guidance before deployment. Affected systems are used worldwide in critical manufacturing environments and should be assessed promptly.

🛩️ The article examines growing international concerns about dependence on U.S.-supplied aircraft software, focusing on the F-35 program and the political and operational risks that follow. It highlights a recent remark by the Dutch Defense Secretary that the jets could be jailbroken to run third-party software, a statement that underscores frustration with vendor-controlled maintenance. The piece frames this as part of a broader debate over vendor lock-in, sovereignty, and the security implications of controlling mission-critical systems. It warns that technical, legal, and safety trade-offs complicate any unilateral attempt to modify certified avionics.

🛡️ Security researchers from Noma Labs disclosed a critical vulnerability in the Context7 MCP Server used by Upstash to deliver library documentation to AI coding assistants. The flaw, named ContextCrush, allowed unfiltered "Custom Rules" to be served directly to AI agents, enabling malicious instructions to be executed within developers' environments. Context7 is widely used—boasting around 50,000 GitHub stars and over 8 million npm downloads—and integrates with assistants such as Cursor, Claude Code and Windsurf, increasing potential exposure. Upstash deployed rule sanitisation and additional safeguards after disclosure; there is no evidence of active exploitation.

🔐 Notepad++ has implemented a double-lock update verification in version 8.9.2 to close recently exploited supply-chain gaps. The updater now validates both the signed installer from GitHub and a digitally signed XML (XMLDSig) served from the official notepad-plus-plus.org domain, and removes risky components such as libcurl.dll. Additional hardening removes insecure cURL SSL options and restricts plugin management execution to programs signed with the same certificate as WinGUp; users should upgrade to 8.9.2 or disable the auto-updater during installation.

🤖 Socket warns that AI-driven agents are mass-submitting pull requests to open-source projects, a tactic it calls reputation farming. One agent, "Kai Gritun", opened more than 100 PRs across dozens of repositories and presented itself as a human contributor. While those contributions were non-malicious and passed review, Socket cautions that rapid trust-building could be weaponized for supply-chain attacks and overwhelm maintainers.

🔒 OpenClaw has integrated VirusTotal malware scanning into its ClawHub skills marketplace to automatically vet published skills. Packages are hashed and analyzed with Code Insight (powered by Gemini); benign skills are auto-approved, suspicious ones receive warnings, and confirmed malicious skills are blocked and re-scanned daily. The move responds to documented malicious extensions and unauthorized enterprise deployments, though OpenClaw stresses scanning is not a complete defense against prompt injection or logic abuse.

🛡️ Microsoft has developed a scanner to detect hidden backdoors in open-weight language models, focusing on triggers and malicious behaviors inserted during training or fine-tuning. The tool flags three observable signatures — attention hijacking, leakage of poisoned training fragments, and sensitivity to partial triggers — and runs using forward passes only without retraining or backpropagation. It is designed to work with most causal, GPT-style models and to serve as an added layer of supply-chain security for enterprises using third-party or open-source models.

🛡️ This case study details a high-severity serialization injection vulnerability (CVE-2025-68664, “LangGrinch”) in LangChain's langchain-core package that arises from improper handling of a reserved lc marker during dumps/dumpd operations. The flaw can enable unauthorized secret extraction, unintended class instantiation, or malicious side effects when attacker-controlled dictionaries are deserialized. Microsoft recommends immediate upgrades to patched versions and demonstrates how Defender for Cloud and Defender XDR can identify, remediate, and detect exposed workloads across code, build, and runtime stages. The post also offers practical hunting queries and remediation workflows to accelerate fixes.

⚠️ Moltbot, an open-source local AI assistant, has become popular for deep system integration but is being deployed insecurely in enterprise environments, risking exposure of API keys, OAuth tokens, conversation history, and credentials. Researcher Jamieson O'Reilly and others found hundreds of exposed admin interfaces caused by reverse proxy misconfigurations that auto-approve "local" connections, allowing unauthenticated access and command execution. A supply-chain proof-of-concept showed a malicious Skill could rapidly reach developers. Vendors recommend isolating instances in VMs and enforcing strict firewall and access controls.

🔒 Researchers from Koi Security disclosed a set of flaws, called PackageGate, that let attackers bypass post‑Shai‑Hulud protections by abusing Git-sourced dependencies. They found crafted configuration files (for example, a malicious .npmrc) can override the git binary path during install and enable code execution even when --ignore-scripts is set. Similar bypasses and lockfile integrity weaknesses affected pnpm, vlt and Bun; vendors patched those tools, but npm closed the report claiming the behavior "works as expected."

🔐 Most of this week's threats exploited trusted systems and routine workflows rather than new techniques, achieving access with low friction and high persistence. Incidents ranged from targeted spear‑phishing that delivered the FALSECUB backdoor to widespread malvertising campaigns distributing .NET RATs and the TamperedChef infostealer. Google Project Zero detailed a multi‑stage Pixel zero‑click chain, vendors disclosed DLL side‑loading and WSL abuse, and supply‑chain exposures and large reconnaissance sweeps were widely observed. Administrators should prioritize patching, plugin hygiene, and tightening automated support and supply‑chain controls.