Browsing Tag
Supply Chain
27 posts
How 2 Missing Characters Nearly Compromised AWS
A supply chain vulnerability in AWS CodeBuild recently put the entire AWS Console at risk. Learn how Wiz Research found the flaw and how Amazon responded to prevent a global security crisis.
AIPAC Discloses Data Breach, Says Hundreds Affected
AIPAC reports data breach after external system access, hundreds affected, investigation ongoing with added security steps.
Fake NPM Package With 206K Downloads Targeted GitHub for Credentials (UPDATED)
Veracode Threat Research exposed a targeted typosquatting attack on npm, where the malicious package @acitons/artifact stole GitHub tokens. Learn how this supply chain failure threatened the GitHub organisation's code.
Why Organizations Can’t Ignore Vendor Risk Assessment in Today’s Cyber-Threat Landscape
In an era where digital ecosystems extend far beyond a company’s internal network, enterprise cybersecurity is no longer…
Severe React Native Flaw Exposes Developer Systems to Remote Attacks
JFrog researchers found a critical RCE vulnerability (CVE-2025-11953) in the popular React Native CLI. Developers using versions 4.8.0-20.0.0-alpha.2 must update to patch the flaw.
GhostAction Attack Steals 3,325 Secrets from GitHub Projects
GhostAction supply chain attack hit 817 GitHub repositories, stealing 3,325 secrets including npm, PyPI, and DockerHub tokens.
Palo Alto Networks, Zscaler and PagerDuty Hit in Salesforce Linked Data Breaches
Hackers exploited the Salesloft Drift app to steal OAuth tokens and access Salesforce data, exposing customer details at…
8 Malicious NPM Packages Stole Chrome User Data on Windows
JFrog researchers found eight malicious NPM packages using 70 layers of obfuscation to steal data from Chrome browser…
Thousands of Developer Credentials Stolen in macOS “s1ngularity” Attack
A supply chain attack called “s1ngularity” on Nx versions 20.9.0-21.8.0 stole thousands of developer credentials. The attack targeted…
Hidden Backdoors in npm Packages Let Attackers Wipe Entire Systems
Malicious npm packages found with hidden endpoints that wipe systems on command. Devs warned to check dependencies for express-api-sync, system-health-sync-api.