supply chain security – MCYSEKA-Maritime Cyber Security Knowledge Archive

Guardarian Users Targeted With Malicious Strapi NPM Packages

Hackers published 36 NPM packages posing as Strapi plugins to execute shells, escape containers, and harvest credentials.
The post Guardarian Users Targeted With Malicious Strapi NPM Packages appeared first on SecurityWeek.

April 6, 2026

0 comment

North Korean Hackers Target High-Profile Node.js Maintainers

The threat actor behind the Axios supply chain attack has been aiming at other maintainers in its social engineering campaign.
The post North Korean Hackers Target High-Profile Node.js Maintainers appeared first on SecurityWeek.

April 6, 2026

0 comment

Mercor Hit by LiteLLM Supply Chain Attack

The AI recruiting firm is investigating the incident as Lapsus$ claimed the theft of 4TB of Mercor data.
The post Mercor Hit by LiteLLM Supply Chain Attack appeared first on SecurityWeek.

April 2, 2026

0 comment

Axios NPM Package Breached in North Korean Supply Chain Attack

A long-lived NPM access token was used to bypass the GitHub Actions OIDC-based CI/CD publishing workflow and push backdoored package versions.
The post Axios NPM Package Breached in North Korean Supply Chain Attack appeared first on SecurityWeek.

April 1, 2026

0 comment

Telnyx Targeted in Growing TeamPCP Supply Chain Attack

Two malicious versions of the popular SDK were uploaded to the PyPI registry, targeting Windows, macOS, and Linux.
The post Telnyx Targeted in Growing TeamPCP Supply Chain Attack appeared first on SecurityWeek.

March 30, 2026

0 comment

Aqua’s Trivy Vulnerability Scanner Hit by Supply Chain Attack

Hackers published a malicious scanner release and replaced tags to point to information-stealer malware.
The post Aqua’s Trivy Vulnerability Scanner Hit by Supply Chain Attack appeared first on SecurityWeek.

March 23, 2026

0 comment

Virtual Summit Today: Supply Chain & Third-Party Risk Summit

Cyber risk doesn’t stop at your perimeter. Today’s most dangerous threats could be hiding in your software supply chain.
The post Virtual Summit Today: Supply Chain & Third-Party Risk Summit appeared first on SecurityWeek.

March 18, 2026

0 comment

Autonomous AI Agents Provide New Class of Supply Chain Attack

While this campaign targets crypto wallets and steals money, the methodology has far wider potential that could be used by other attackers.
The post Autonomous AI Agents Provide New Class of Supply Chain Attack appeared first on SecurityWeek.

February 23, 2026

0 comment

Open VSX Publisher Account Hijacked in Fresh GlassWorm Attack

A hacker published malicious versions of four established VS Code extensions to distribute a GlassWorm malware loader.
The post Open VSX Publisher Account Hijacked in Fresh GlassWorm Attack appeared first on SecurityWeek.

February 2, 2026

0 comment

Notepad++ Supply Chain Hack Conducted by China via Hosting Provider

The likely state-sponsored threat actor had access to the hosting provider for months and targeted only certain Notepad++ customers.
The post Notepad++ Supply Chain Hack Conducted by China via Hosting Provider appeared first on SecurityWeek.

February 2, 2026

0 comment

1 2 3 … 10

M	T	W	T	F	S	S
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30

M	T	W	T	F	S	S
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30