DAEMON Tools installers compromised in new supply chain attack
The attack involved tampering with three core DAEMON Tools components: DTHelper.exe, DiscSoftBusServiceLite.
Manufacturing
20 articles
Attackers compromised Daemon Tools software to deliver backdoors
Kaspersky researchers uncovered another supply chain compromise involving a popular Windows tool: Daemon Tools, an app for mounting disk image files as virtu...
New malware turns Linux systems into P2P attack networks
Attackers have found a new way to turn Linux systems into stealthy supply chain distribution hubs that are resistant to takedowns. Researchers from Trend Mic...
8×8 updates CX platform with AI, analytics, and frontline management capabilities
8×8 has released a set of platform updates to the 8×8 Platform for CX that target the operational gaps most commonly stalling organizations, including AI dep...
Google's Android Apps Get Public Verification to Stop Supply Chain Attacks
Google has announced expanded Binary Transparency for Android as a way to safeguard the ecosystem from supply chain attacks. "This new public ledger ensures ...
Malicious PyTorch Lightning update hits AI supply chain security
A malicious PyTorch Lightning update (v2.6.
DAEMON Tools Supply Chain Attack Compromises Official Installers with Malware
A newly identified supply chain attack targeting DAEMON Tools software has compromised its installers to serve a malicious payload, according to findings fro...
Johnson Controls CEM AC2000
View CSAF Summary Successful exploitation of this vulnerability could allow a standard user to escalate privileges on the host machine. The following version...
Know who to watch before the incident finds you
Elastic Security v9.
AI-generated hunting leads: The hunt starts before you ask the question
Introducing AI-generated hunting leads, proactive, environment-aware threat hypotheses powered by Elastic Entity analytics and integrated AI reasoning.
Your UEBA is lying to you: Why entity record quality decides everything
Most entity analytics systems are confidently wrong. They track users who do not exist, generate risk scores built on noise, and call it behavioral analytics.
Why data centers now belong on the critical infrastructure list
As AI drives deeper dependence across business, supply chains, and national security, the buildings that run the cloud are becoming critical infrastructure —...
From plain English to production rule: AI-native Elasticsearch ES|QL detection in Elastic Security
Elastic Security now lets analysts describe a threat behavior in plain language and receive a complete, validated Elasticsearch ES|QL detection rule in retur...
Elastic Conversational Entity Analytics: threat hunting in a single conversation
Conversational Entity Analytics delivers Entity Analytics features as rich inline attachments and Canvas previews into Agent Builder, so you don’t have to le...
The npm Threat Landscape: Attack Surface and Mitigations (Updated May 1)
Unit 42 analyzes npm supply chain evolution post-Shai Hulud. Discover wormable malware, CI/CD persistence, multi-stage attacks and more.
Poisoned Ruby Gems and Go Modules Exploit CI Pipelines for Credential Theft
A new software supply chain attack campaign has been observed using sleeper packages as a conduit to subsequently push malicious payloads that enabled creden...
DFIR: From alert to root cause using Osquery without leaving Elastic Security
Learn how to perform distributed, real-time Digital Forensics and Incident Response (DFIR) using Osquery and Elastic to investigate threats at scale without ...
PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials
In yet another software supply chain attack, threat actors have managed to compromise the popular Python package Lightning to push two malicious versions to ...
Email threat landscape: Q1 2026 trends and insights
In early 2026, email threats increased with a rise in credential phishing, QR code phishing, and CAPTCHA-gated campaigns, highlighted by Microsoft’s disrupti...
SAP-Related npm Packages Compromised in Credential-Stealing Supply Chain Attack
Cybersecurity researchers are sounding the alarm about a new supply chain attack campaign targeting SAP-related npm Packages with credential-stealing malware.