Supply-chain attack
-
cryptoTrapDoor Attack Targets Solana, Sui, and Aptos Wallet Data via Fake Packages
Security firm Socket uncovers supply-chain attack with 34+ malicious packages targeting crypto and AI developers.
-
techGitHub Breached: 3,800 Internal Repos Stolen via Poisoned VS Code Extension
TeamPCP compromised GitHub via a malicious VS Code extension, stealing source code for Actions, Copilot, and CodeQL, now sold for $50,000.
-
techGitHub Probes Data Breach After Employee Device Hijacked via Malicious VS Code Extension
GitHub investigates unauthorized access to internal repositories after an employee device was compromised. Hacker group TeamPCP claims to have stolen 4,000 private repos.
-
techCyber Attack Targets Daemon Tools: Backdoor Threatens 100 Organizations Globally
Hackers backdoored the popular Daemon Tools disk app in a monthlong supply-chain attack, infecting 100 entities across multiple continents.
-
techOpen Source Package Compromised, Steals User Credentials
A popular open-source package with over one million monthly downloads has been found to steal user credentials. Developers urge immediate action.
-
cryptoChinese Hacker Group Wuhan Anshun Stole $7M via Crypto Wallet Supply-Chain Attacks
A China-based collective posing as Wuhan Anshun Technology infiltrated crypto wallets using malicious browser extensions and compromised Electron apps-stealing $7M across Ethereum, BNB Chain, and Arbitrum.
-
techInvisible Code Threatens GitHub and Software Repositories
Hackers exploit hidden Unicode characters to conceal malicious payloads in software supply chains, bypassing AI and human review.