Four-Faith Industrial Routers Targeted in Botnet Hijacking Campaign
Four-Faith industrial cellular routers are being actively targeted in a growing botnet campaign exploiting a critical authentication bypass flaw tracked as C...
Manufacturing
20 articles
Shai-Hulud worm copycats emerge after source code leak
Shai-Hulud worm copycats are already attacking NPM developers after its source code leaked, enabling fast supply chain exploitation. The first copycats of th...
Compromised GitHub Action Steals Workflow Credentials
A widely used GitHub Action, actions-cool/issues-helper, has been compromised in a supply chain attack that exposes sensitive CI/CD secrets to an attacker-co...
Critical Vulnerability Exposes Industrial Robot Fleets to Hacking
The vulnerability, CVE-2026-8153, affects Universal Robots PolyScope 5 and it can be exploited for OS command injection. The post Critical Vulnerability Expo...
Mini Shai-Hulud Attack Hits @antv npm Packages
A large-scale npm supply chain attack has compromised multiple widely used packages within the @antv ecosystem, to investigate what appears to be an active a...
GitHub Actions Supply Chain Attack Redirects Tags to Steal CI/CD Credentials
In yet another software supply chain attack, threat actors have compromised the popular GitHub Actions workflow, actions-cool/issues-helper, to run malicious...
Mini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer Account
Cybersecurity researchers have discovered a fresh software supply chain attack campaign that has compromised various npm packages associated with the @antv e...
TeamPCP Supply Chain Campaign: Activity Through 2026-05-17, (Mon, May 18th)
Since the last update, the TeamPCP supply chain campaign produced its loudest stretch since the March Trivy disclosure: an officially confirmed Checkmarx Jen...
IT threat evolution in Q1 2026. Mobile statistics
This report contains mobile threat statistics for Q1 2026, along with noteworthy discoveries and quarterly trends: new versions of SparkCat and Triada.
IT threat evolution in Q1 2026. Non-mobile statistics
The report presents key trends and statistics on malware that targeted personal computers running Windows and macOS, as well as Internet of Things (IoT) devi...
Developer Workstations Are Now Part of the Software Supply Chain
Supply chain attackers are not only trying to slip malicious code into trusted software. They are trying to steal the access that makes trusted software poss...
OpenAI rotates certificates after TanStack supply chain attack hits employee devices
OpenAI has confirmed that two employee devices were compromised in the recent TanStack npm supply chain attack, prompting the company to rotate code-signing ...
Grafana Labs Confirms Security Incident Involving GitHub Codebase Access
Grafana Labs has confirmed a security incident involving unauthorized access to its internal GitHub environment, after a threat actor obtained a compromised ...
When ransomware hits, confidence doesn’t restore endpoints
Ransomware, supply chain vulnerabilities, insider threats, compliance failures, and software disruptions remain major concerns for security leaders, accordin...
OpenAI hit by supply chain attack linked to malicious TanStack packages
OpenAI said the TanStack supply chain attack compromised two employee devices and exposed credentials from code repositories. OpenAI confirmed that the recen...
Expired domain leads to supply chain attack on node-ipc npm package
A popular npm package called node-ipc has been compromised, with hackers publishing malicious versions that bundle credential stealing malware. The root caus...
Popular node-ipc npm package compromised to steal credentials
Hackers have injected credential-stealing malware into newly published versions of node-ipc, a popular inter-process communication package, in a new supply c...
Critical vulnerability in Burst Statistics plugin allows admin takeover
The flaw, identified as CVE-2026-8181, was introduced in version 3.4.
Living Off the Pipeline: Defending Against CI/CD Subversion
Learn how adversaries weaponize CI/CD pipelines and how continuous behavioral monitoring helps protect against software supply chain attacks.
Shai-Hulud Worm Steals Dev Secrets Across npm, GitHub, AWS & Kubernetes
Shai-Hulud is a major cybersecurity threat targeting the open-source software supply chain. Security researchers are raising alarms over “Shai-Hulud,” a self...