35 stories tagged with #supply-chain-attack, in publish-time order across the WeSearch catalog. Tag pages update as new stories ingest.
⌘ RSS feed for this tag → or search "Supply Chain Attack"
OpenAI Codex Supply Chain Attack Exposes Growing Risks in AI Development Environments - Security Boulevard
Comprehensive up-to-date news coverage, aggregated from sources all over the world by Google News.…
A practical checklist for evaluating npm packages (supply chain attacks, slopsquatting, etc.)
Prevent supply chain attacks
Prevent supply chain attacks
CrowdStrike and Google take down botnet used by hackers to target software developers in supply chain attacks
Cybercriminals used the Glassworm botnet to infect open source software projects with malware, and in turn hack the developers and companies that use that software.…
How My Docker Setup Saved Me From a Supply Chain Attack (And Why Yours Should Too)
Versión en español aquí. It's finally Friday! You leave work and go home to work on your...…
Supply Chain Attacks Cluster: 230K Advisories, Five Patterns
Pulled the full OSV mirror for npm and PyPI — 230,000+ advisories. The malicious-tagged subset clusters into five recurring patterns. None of them are clever. All of them keep work…
More than 5,500 GitHub repositories were infected with malware in a supply chain attack, dubbed Megalodon, on May 18 that relies on automated commits (Ionut Arghire/SecurityWeek)
Ionut Arghire / SecurityWeek : More than 5,500 GitHub repositories were infected with malware in a supply chain attack, dubbed Megalodon, on May 18 that relies on automated commits…
The Three-Body Problem: AI Code, Supply Chain Attacks, and the Talent Exodus
In physics, the three-body problem describes a system where three objects interact gravitationally in...…
TrapDoor Malware Targets Crypto Developer Tools in Supply Chain Attack
TrapDoor supply chain attack hits PyPI, NPM, and crates.io
TrapDoor crypto stealer hits 36 malicious packages across npm, PyPI, and Crates.io, targeting crypto, DeFi, AI, and security developers.…
Laravel-Lang supply chain attack — if you ran composer update on May 22, rotate your credentials now
Active supply chain attack across NPM, PyPI, and Crates. io
Another supply chain attack, and Crates.io needs to consider this issue
GitHub supply chain attack hits developer tools (NX Console, VSCode, TeamPCP)
Laravel Lang packages hijacked to deploy credential-stealing malware
A supply chain attack targeting the Laravel Lang localization packages has exposed developers to a sophisticated credential-stealing malware campaign after attackers abused GitHub …
Supply Chain Attacks + Stale Credentials: Why This Combination Is So Dangerous in 2026
Recent incidents at GitHub and Grafana Labs highlight a painful truth in modern infrastructure: even...…
infostealers just spawned a 5,000+ repo github supply chain attack
infostealers just spawned a 5,000+ repo github supply chain attack
Supply chain attacks and OSS sustainability go hand in hand
Ongoing Supply Chain Attack on Composer Packages
Supply Chain Attack Targets Laravel-Lang Packages with Credential Stealer
Attackers injected a credential stealer into 200+ versions of popular Laravel-Lang packages, delivering a credential stealer targeting cloud keys, SSH keys, browsers, crypto wallet…
Laravel-Lang Supply Chain Attack
Summary All tags in this repository have been rewritten to point to malicious commits. Anyone running composer require laravel-lang/http-statuses or composer update against any ver…
Socket: TeamPCP, the gang claiming GitHub's repositories breach, also executed 20 "waves" of supply chain attacks recently, compromising 500+ pieces of software (Wired)
Wired : Socket: TeamPCP, the gang claiming GitHub's repositories breach, also executed 20 “waves” of supply chain attacks recently, compromising 500+ pieces of software — GitHub is…
Hackers have compromised dozens of popular open source packages in an ongoing supply chain attack
The attacks are part of a wider campaign known as Mini Shai-Hulud, which has already compromised several open source projects and, in turn, developers and companies that use them.…
NX compromised: supply chain attack via IDE extension, again
Nx Console VS Code Extension Compromised…
TanStack weighs invitation-only pull requests after supply chain attack
Shai-Hulud worm exploited GitHub Actions misconfiguration to poison shared cache, now project weighing nuclear option on unsolicited contributions…
npm Supply Chain Attacks: Why They Keep Happening and How to Defend
Why npm keeps getting hit with malicious packages, what makes Node's registry uniquely exposed, and a practical defense stack (Socket, Snyk, lockfile audits, --ignore-scripts) for …
OpenAI Urges macOS Users to Update After TanStack Supply Chain Attack Hits Signing Keys - Security Boulevard
Comprehensive up-to-date news coverage, aggregated from sources all over the world by Google News.…
OpenAI Confirms Security Breach Via TanStack npm Supply Chain Attack - CyberSecurityNews
Comprehensive up-to-date news coverage, aggregated from sources all over the world by Google News.…
OpenAI hit by supply chain attack linked to malicious TanStack packages - Security Affairs
Comprehensive up-to-date news coverage, aggregated from sources all over the world by Google News.…
Ask HN: How are you stopping supply chain attacks via compromised dev keys?
CheckMarx admits it was hit by major cyberattack that saw data leaked onto Dark Web
CheckMarx confirms March 2026 attack did result in data theft.…
Clasp: A four-stage supply-chain attack pattern via emergency patches
An attack pattern that turns emergency patch discipline into a rapid distribution system for malware. Organizations with the best patching cycles are compromised first.…
TeamPCP Supply Chain Campaign: Update 008
TeamPCP Supply Chain Campaign: Update 008 - 26-Day Pause Ends with Three Concurrent Compromises (Checkmarx KICS, Bitwarden CLI Cascade, xinference PyPI), CanisterSprawl npm Worm Id…