Attackers compromised Daemon Tools software to deliver backdoors
Kaspersky researchers uncovered another supply chain compromise involving a popular Windows tool: Daemon Tools, an app for mounting disk image files as virtu...
Supply Chain
12 articles
Google's Android Apps Get Public Verification to Stop Supply Chain Attacks
Google has announced expanded Binary Transparency for Android as a way to safeguard the ecosystem from supply chain attacks. "This new public ledger ensures ...
Malicious PyTorch Lightning update hits AI supply chain security
A malicious PyTorch Lightning update (v2.6.
Supply chain dependencies: Have you checked your blind spot?
Your biggest risk may be a vendor you trust. How can SMBs map their third-party blind spots and build operational resilience?
Securing the Supply Chain: How SentinelOne®’s AI EDR Stops the Axios Attack Autonomously
Read our blog post to learn how SentinelOne’s AI EDR autonomously stopped a global LiteLLM supply chain attack before execution.
How we caught the Axios supply chain attack
Joe Desimone shares the story of how he caught the Axios supply chain attack with a proof of concept tool built in an afternoon.
Inside the Axios supply chain compromise - one RAT to rule them all
Elastic Security Labs analyzes a supply chain compromise of the axios npm package delivering a unified cross-platform RAT
Elastic releases detections for the Axios supply chain compromise
Hunting and detection rules for the Elastic-discovered Axios supply chain compromise.
Huge “Shadow Layer” of Organizations Hit by Supply Chain Attacks
Black Kite reveals 26,000 unnamed corporate victims linked to 136 third-party breaches
2026 Unit 42 Global Incident Response Report — Attacks Now 4x Faster
Attackers are leveraging identity, AI, and supply chain exposure. Unit 42's Global 2026 IR Report reveals faster, broader, harder-to-contain threats.
PurpleBravo’s Targeting of the IT Software Supply Chain
Discover how PurpleBravo, a North Korean threat group, exploits fake job offers to target software supply chains, using RATs and infostealers like BeaverTail.
Introducing OSS Rebuild: Open Source, Rebuilt to Last
Posted by Matthew Suozzo, Google Open Source Security Team (GOSST) Today we're excited to announce OSS Rebuild, a new project to strengthen trust in open sou...