How we caught the Axios supply chain attack
Joe Desimone shares the story of how he caught the Axios supply chain attack with a proof of concept tool built in an afternoon.
MITRE ATT&CK Mapping
Articles mapped to MITRE ATT&CK techniques. Select a technique to view matching articles.
T1195 — Supply Chain Compromise (Initial Access)
Clear filter91 articles found
Inside the Axios supply chain compromise - one RAT to rule them all
Elastic Security Labs analyzes a supply chain compromise of the axios npm package delivering a unified cross-platform RAT
Elastic releases detections for the Axios supply chain compromise
Hunting and detection rules for the Elastic-discovered Axios supply chain compromise.
How SentinelOne’s AI EDR Autonomously Discovered and Stopped Anthropic’s Claude from Executing a Zero Day Supply Chain Attack, Globally
Read our blog post to learn how SentinelOne’s AI EDR autonomously stopped a global LiteLLM supply chain attack before execution.
North Korea-Nexus Threat Actor Compromises Widely Used Axios NPM Package in Supply Chain Attack
Written by: Austin Larsen, Dima Lenz, Adrian Hernandez, Tyler McLellan, Christopher Gardner, Ashley Zaya, Michael Rudden, Mon Liclican, Muhammad Umair Introd...
TeamPCP Explores Ways to Exploit Stolen Supply Chain Secrets
TeamPCP is exploring ways to monetize the secrets harvested during supply chain attacks, with identified ties to the Lapsus$ and Vect ransomware gangs
TeamPCP Targets Telnyx Package in Latest PyPI Software Supply Chain Attack
Socket and Endor Labs discovered a new TeamPCP campaign leading to the delivery of credential-stealing malware
Trivy Supply Chain Attack Expands With New Compromised Docker Images
New Trivy Docker images 0.69.
Huge “Shadow Layer” of Organizations Hit by Supply Chain Attacks
Black Kite reveals 26,000 unnamed corporate victims linked to 136 third-party breaches
PurpleBravo’s Targeting of the IT Software Supply Chain
Discover how PurpleBravo, a North Korean threat group, exploits fake job offers to target software supply chains, using RATs and infostealers like BeaverTail.
Introducing OSS Rebuild: Open Source, Rebuilt to Last
Posted by Matthew Suozzo, Google Open Source Security Team (GOSST) Today we're excited to announce OSS Rebuild, a new project to strengthen trust in open sou...