SAP-Related npm Packages Compromised in Credential-Stealing Supply Chain Attack
Cybersecurity researchers are sounding the alarm about a new supply chain attack campaign targeting SAP-related npm Packages with credential-stealing malware.
Articles mapped to MITRE ATT&CK techniques. Select a technique to view matching articles.
198 articles found
Cybersecurity researchers are sounding the alarm about a new supply chain attack campaign targeting SAP-related npm Packages with credential-stealing malware.
Wade Woolwine is Senior Director, Product Security at Rapid7. The headlines around Glasswing have focused on how quickly AI can surface vulnerabilities, whic...
Learn how SentinelOne has stopped three recent zero-day supply chain attacks with AI-driven defense built for machine-speed threats.
A supply chain attack by TeamPCP compromised trusted software tools to harvest credentials at scale, enabling payroll fraud, logistics theft, and ransomware ...
On April 9, 2026, cpuid.com was actively serving malware through its own official download button.
For the latest discoveries in cyber research for the week of 30th March, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES The Europ...
Read our blog post to learn how SentinelOne’s AI EDR autonomously stopped a global LiteLLM supply chain attack before execution.
Joe Desimone shares the story of how he caught the Axios supply chain attack with a proof of concept tool built in an afternoon.
Elastic Security Labs analyzes a supply chain compromise of the axios npm package delivering a unified cross-platform RAT
Hunting and detection rules for the Elastic-discovered Axios supply chain compromise.
Read our blog post to learn how SentinelOne’s AI EDR autonomously stopped a global LiteLLM supply chain attack before execution.
Written by: Austin Larsen, Dima Lenz, Adrian Hernandez, Tyler McLellan, Christopher Gardner, Ashley Zaya, Michael Rudden, Mon Liclican, Muhammad Umair Introd...
TeamPCP is exploring ways to monetize the secrets harvested during supply chain attacks, with identified ties to the Lapsus$ and Vect ransomware gangs
Socket and Endor Labs discovered a new TeamPCP campaign leading to the delivery of credential-stealing malware
New Trivy Docker images 0.69.
Black Kite reveals 26,000 unnamed corporate victims linked to 136 third-party breaches
Discover how PurpleBravo, a North Korean threat group, exploits fake job offers to target software supply chains, using RATs and infostealers like BeaverTail.
Posted by Matthew Suozzo, Google Open Source Security Team (GOSST) Today we're excited to announce OSS Rebuild, a new project to strengthen trust in open sou...