Supply chain attack on Axios npm package: Scope, impact, and remediations
The Axios npm package has been compromised in a supply chain attack that uploaded new versions of the package containing malicious code. Any environment that...
MITRE ATT&CK Mapping
Articles mapped to MITRE ATT&CK techniques. Select a technique to view matching articles.
T1195 — Supply Chain Compromise (Initial Access)
Clear filter86 articles found
Cisco source code stolen in Trivy-linked dev environment breach
Cisco has suffered a cyberattack after threat actors used stolen credentials from the recent Trivy supply chain attack to breach its internal development env...
North Korea-Nexus Threat Actor Compromises Widely Used Axios NPM Package in Supply Chain Attack
Written by: Austin Larsen, Dima Lenz, Adrian Hernandez, Tyler McLellan, Christopher Gardner, Ashley Zaya, Michael Rudden Introduction Google Threat Intellige...
Hackers Poison Axios npm Package with 100 Million Weekly Downloads
Axios npm Package compromised in a supply chain attack, exposing developers to malware, data theft, and full system takeover risks worldwide.
Axios npm supply chain attack: Malicious updates add remote access trojan
The axios npm package, with about 100 million weekly downloads, was compromised via a maintainer’s account.
Axios NPM Packages Breached in Ongoing Supply Chain Attack
A severe supply chain attack has compromised the widely used Axios HTTP client on the npm registry. Attackers injected a malicious dependency into specific A...
TeamPCP Explores Ways to Exploit Stolen Supply Chain Secrets
TeamPCP is exploring ways to monetize the secrets harvested during supply chain attacks, with identified ties to the Lapsus$ and Vect ransomware gangs
Axios npm packages backdoored in supply chain attack
An unknown attacker has compromised the GitHub and npm accounts of the main developer of Axios, a widely used HTTP client library, and published npm packages...
Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account
The popular HTTP client known as Axios has suffered a supply chain attack after two newly published versions of the npm package introduced a malicious depend...
Telnyx Targeted in Growing TeamPCP Supply Chain Attack
Two malicious versions of the popular SDK were uploaded to the PyPI registry, targeting Windows, macOS, and Linux. The post Telnyx Targeted in Growing TeamPC...
LiteLLM supply chain attack exposes millions to credential theft
Researchers at Endor Labs, have discovered a supply chain attack on the popular Python package LiteLLM on PyPI, with malicious code injected into versions 1.82.
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 90
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape New Malware Targets Use...
TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files
TeamPCP, the threat actor behind the supply chain attack targeting Trivy, KICS, and litellm, has now compromised the telnyx Python package by pushing two mal...
TeamPCP Targets Telnyx Package in Latest PyPI Software Supply Chain Attack
Socket and Endor Labs discovered a new TeamPCP campaign leading to the delivery of credential-stealing malware
TeamPCP strikes again: Backdoored Telnyx PyPI package delivers malware
TeamPCP continues is supply chain compromise rampage, with telnyx on PyPI being the latest maliciously modified package. What happened?
The Good, the Bad and the Ugly in Cybersecurity – Week 13
Alleged RedLine operator faces 30 years, FAUX#ELEVATE compromises enterprises in 30 seconds, and TeamPCP launches cascading supply chain attacks.
CISA sounds alarm on Langflow RCE, Trivy supply chain compromise after rapid exploitation
The US Cybersecurity and Infrastructure Security Agency (CISA) has added two new vulnerabilities to its Known Exploited Vulnerabilities catalog: CVE-2026-330...
TeamPCP Hackers Focus on AI Developers, Planting Malicious Code to Disrupt Projects
The FBI Cyber Division has issued a critical alert following a massive supply chain attack orchestrated by the threat actor group TeamPCP. The hackers succes...
Red Hat Warns of Malware Embedded in Popular Linux Tool, Opening Doors for Unauthorized Access
Red Hat has issued an urgent security alert regarding a highly sophisticated supply chain attack targeting the popular xz compression utility. Cybersecurity ...
New Context Hub service potentially exploitable in AI supply chain attacks
AI coding agents could be injected with nefarious instructions, resulting in potential supply chain compromise, through a new proof-of-concept attack against...