Tag: supply-chain
All items tagged supply-chain.
- Klue / Icarus — one dormant integration credential cascades into multi-tenant Salesforce CRM theft
- Technology & SaaS supply chain — the week's busiest victim class
- The third-party breach as the week's dominant entry vector
- Research: the AI agent and toolchain control plane became a concrete attack-surface class this week
- Threat actor: DPRK Sapphire Sleet escalates npm supply-chain attacks with the Mastra compromise
- DORA Year 1 — the ESAs' first annual ICT-incident report: 3,383 major incidents, a third cross-border, only ~10% cyber
- SocGholish / TA569 — Operation Endgame seized 106 servers, but seven delivery clusters remain operational
- CRA reporting obligation lands 11 September — ENISA Single Reporting Platform access manual due, dry-runs before go-live
- Texas Parks & Wildlife: 3.08M licence holders exposed via an unnamed third-party vendor — with a public-vs-AG-filing SSN contradiction
- UPDATE: Mastra npm scope compromise attributed to North Korea, with the access vector our deep dive could not name
- Nintendo employee data stolen from third-party HR-survey SaaS (TinyPulse), not Nintendo's own systems
- Operation Endgame expands to SocGholish/TA569 — 106 C2 servers down, FakeUpdates loader stripped from 14,971 WordPress sites
- Icarus extortion group turns a dormant Klue credential into bulk Salesforce CRM theft across customers
- 15 malicious JetBrains Marketplace plugins exfiltrate AI provider API keys on "Apply"
- Unit 42 "Pickle in the Middle": cross-tenant code execution in Google Vertex AI via predictable staging buckets (CVE-2026-2473)
- Sekoia: ErrTraffic — a ClickFix Malware-as-a-Service framework resolving C2 through the Polygon blockchain
- WordPress supply-chain compromise via Awesome Motive's CDN backdoors ~1.2M sites
- DPRK UNK_DeadDrop weaponises VS Code / Cursor auto-run to hit developers, including EU targets
- Shai-Hulud / Miasma supply-chain worm lineage — open-sourced, ported to PyPI, and a 1,500-package AUR wave
- Education — ShinyHunters' PeopleSoft campaign lands disproportionately on universities
- CrowdStrike 2026 Technology Threat Landscape Report — "technology = most-targeted" reads as prophecy against this week's incidents `[SINGLE-SOURCE]`
- ENISA publishes the first EU-wide SBOM Adoption State of Play — consumption lags generation
- "Atomic Arch" supply-chain attack hijacks 400+ AUR packages to drop a credential stealer and eBPF rootkit
- Check Point chains SQL injection to RCE in LangGraph's checkpointer (CVE-2025-67644 + CVE-2026-28277)
- "Agentjacking": Tenet Security hijacks AI coding agents via forged Sentry error events
- [SINGLE-SOURCE] ESET: OceanLotus (APT32) compromises a stock-trading platform's update server — selective SPECTRALVIPER delivery, no integrity checks to defeat
- npm v12 will disable install scripts by default — audit CI/CD pipelines before July
- ANNUAL REPORT [SINGLE-SOURCE] — CrowdStrike 2026 Technology Threat Landscape Report: technology is now the most-targeted sector
- UPDATE: Shai-Hulud/Miasma supply-chain worm jumps to PyPI as "Hades" — 37 malicious wheels across 19 packages
- Oxford University CareerConnect (Group GTI) breach exposes students at multiple UK universities
- Microsoft Threat Intelligence: AI-brand impersonation drives Lumma Stealer and Vidar delivery via signed binaries
- UPDATE: TeamPCP open-sources its Mini Shai-Hulud framework, spawning a new "Phantom Gyp" derivative
- IronWorm + Miasma AI coding-agent injection: two supply-chain worms target cloud credentials and developer toolchains simultaneously
- Miasma / TeamPCP supply-chain worm: from npm credential theft to AI coding-agent config injection across the week
- Healthcare — HIPAA breach + healthcare supply-chain exposure
- Finance / payments — Stripe-abusing Magecart and OFAC Iran sanctions
- Technology / software supply chain — four concurrent worm/supply-chain threats in one week
- Booking.com WhatsApp phishing + upstream hotel SaaS breach: real reservation data weaponised, 100+ properties affected, Dutch DPA opens investigation
- VerdantBamboo / UNC5221 / WARP PANDA — 18-month undetected China-nexus intrusion through MSP pfSense [SINGLE-SOURCE]
- Hijacked polyfill[.]io domain reactivates, surfacing native browser credential prompts on sites that never removed legacy script tags
- Magecart family runs its skimmer out of Stripe — payload in customer metadata, stolen cards exfiltrated back through api.stripe.com
- IronWorm: Rust-built npm worm ships an eBPF kernel rootkit, Tor C2 and a cloud/AI-credential sweep
- UPDATE: Miasma supply-chain worm reaches 73 Microsoft GitHub repositories, adds Azure credential collectors
- VerdantBamboo (UNC5221 / WARP PANDA): an 18-month China-nexus intrusion that lived entirely on EDR-blind edge appliances and proxied into Microsoft 365 past Conditional Access `[SINGLE-SOURCE]`
- GMO Flatt Security: one GitHub issue could hijack any public repo running Anthropic's claude-code-action — and could have poisoned the action itself
- Shared booking-software breach exposes guests at 100+ Dutch, Belgian and Irish hotels; phishing wave already underway
- One-click GitHub OAuth-token theft via github.dev, full-disclosed with PoC; Microsoft patched 3 June
- CERT-PL discloses hardcoded-credential supply-chain flaw in KS-SOMED healthcare software (CVE-2026-42251)
- "Miasma" worm backdoors 32 Red Hat Cloud Services npm packages via OIDC trusted-publishing abuse
- Two concurrent npm dependency-confusion campaigns target internal corporate namespaces
- ANNUAL REPORT — ESET APT Activity Report Q4 2025–Q1 2026: Sandworm strikes NATO energy, Lazarus targets EU drone sector, UNC5221 pivots to Ivanti SPAWN toolset
- FortiClient EMS CVE-2026-35616 actively exploited to push EKZ Infostealer through trusted endpoint-management channel
- Wiz CIRT names JINX-0164 — LinkedIn-recruiter lures, AUDIOFIX macOS infostealer, MINIRAT npm pivot into CI/CD
- CrowdStrike, Google and Shadowserver simultaneously sever all four C2 channels of the GlassWorm developer-targeting botnet (not to be confused with the Nx Console / TanStack GitHub-publish chain in § 5) — Russia-attributed, active since early 2025
- "TrapDoor" cross-ecosystem supply-chain campaign validates stolen tokens before exfil and poisons AI-assistant config files
- UPDATE: TeamPCP / Mini Shai-Hulud — framework open-sourced, Microsoft PyPI SDK trojanised with a wiper stage, forged Sigstore badges
- CVE-2026-35616 — Fortinet FortiClient EMS pre-auth bypass, exploited to push EKZ Infostealer down the management channel
- Mini Shai-Hulud / TrapDoor — the supply-chain worm goes cross-ecosystem, open-source and destructive
- ESET APT Activity Report Q4 2025–Q1 2026 — three state programmes converging on EU energy, defence and edge appliances
- Mini Shai-Hulud / TeamPCP — @antv npm wave and confirmed Maven Central poisoning; Cargo still un-hit
- Six German university hospitals lose ~97,600+ patient records to a breach at billing processor Unimed
- UPDATE: npm ships 2FA-gated "staged publishing" GA in response to the 2026 supply-chain worm waves
- Megalodon mass-poisons 5,561 GitHub repos in a 6-hour window; SysDiag + Optimize-Build workflows exfiltrate cloud credentials and OIDC tokens
- ANNUAL REPORT — Check Point Research March-April 2026 AI Threat Landscape Digest: a single operator runs two AI platforms in parallel to breach nine Mexican government agencies [SINGLE-SOURCE]
- UPDATE: TeamPCP Mini Shai-Hulud — Unit 42 and StepSecurity confirm SLSA Build Level 3 attestation invalidated as integrity gate
- UPDATE: TeamPCP / Mini Shai-Hulud campaign — GitHub itself breached (~3,800 internal repos via poisoned VS Code extension), Microsoft `durabletask` PyPI worm propagates via AWS SSM and `kubectl exec`, Grafana confirms missed-token-rotation root cause
- Microsoft DCU disrupts Fox Tempest malware-signing-as-a-service feeding Rhysida, INC, Qilin and Akira ransomware operations
- actions-cool/issues-helper GitHub Action compromised — 53 tags moved to imposter commit reading Runner.Worker /proc/PID/mem; linked to Mini Shai-Hulud
- Nx Console VS Code extension (2.2 M installs) compromised via stolen publisher credentials — 11-minute window 2026-05-18 12:36–12:47 UTC
- vm2 Node.js sandbox — 12 critical CVEs (CVE-2026-43997 / 43999 / 44005 / 44006 / 44008 / 44009 et al.), sandbox escape to host RCE, upgrade to ≥ 3.11.4
- CISA contractor (Nightwing) exposed AWS GovCloud admin keys and internal credentials in public GitHub repo for ~6 months
- UPDATE: TeamPCP / Shai-Hulud — first copycat wave (Phantom Bot + SSH/cloud stealers), Checkmarx Jenkins plugin trojanised again, PCPJack rival worm hits exposed cloud services
- UPDATE: Grafana Labs CoinbaseCartel breach — victim confirms source-code-only theft, no customer data, ransom rejected
- THORChain GG20 Threshold Signature Scheme vault drain — ~$11M across nine chains; Switzerland-based protocol
- TeamPCP / Mini Shai-Hulud supply-chain worm — CI/CD credential theft running all week; GitHub itself among claimed victims
- TeamPCP / Mini Shai-Hulud / Megalodon — the open-sourced supply-chain worm became commodity infrastructure this week
- Healthcare (DACH) — the soft surface is the administrative intermediary, not the hospital
- Technology / developer toolchain — CI/CD supply chain remains the week's highest-volume attack surface
- Six German university hospitals — patient records exfiltrated via billing processor Unimed
- Grafana Labs / CoinbaseCartel — source-code-only theft confirmed; ransom rejected; detected by canary token
- Verizon 2026 DBIR — vulnerability exploitation is the #1 breach vector for the first time in 19 years; patching cadence regressed
- Check Point Research March–April 2026 AI Threat Landscape Digest — operator-run AI platforms breach government agencies [SINGLE-SOURCE]
- Fox Tempest — Microsoft DCU disrupts the malware-signing service feeding Rhysida, INC, Qilin and Akira
- npm ships 2FA-gated "staged publishing" GA — platform-governance response to the worm waves
- TeamPCP / Mini Shai-Hulud npm supply-chain worm — wave 4 + framework source leak
- AI tooling SaaS and developer toolchain
- WordPress retail / e-commerce
- node-ipc npm package — backdoored via expired-domain account takeover
- Sophos 2026 State of Identity Security — 71% of orgs breached via identity, 41% root-caused to non-human-identity mismanagement, Switzerland records highest incidence
- Verizon DBIR 2026 (19th annual edition)
- Datadog Security Labs — Shai-Hulud framework static analysis
- SentinelOne — Living Off the Pipeline: CI/CD subversion taxonomy
- TeamPCP / Mini Shai-Hulud (ShinyHunters / WorldLeaks adjacent) — wave 4 + framework leak + IDE persistence
- DORA first oversight cycle — 19 designated CTPPs under Joint Examination Team activity
- CERT-PL CVE-2026-44088 — SzafirHost JAR zip-polyglot bypass in Poland's qualified e-signature browser helper
- FunnelKit "Funnel Builder for WooCommerce" actively exploited as Magecart skimmer on 40,000+ WordPress stores — no CVE assigned
- `node-ipc` npm package backdoored via expired-domain account takeover — 90+ credential categories exfiltrated, three malicious versions, ~3-minute window to detection
- SentinelOne: "Living Off the Pipeline" — CI/CD subversion taxonomy with three real intrusion cases (TeamCity, GitLab service-account pivot, Contagious Interview) [SINGLE-SOURCE]
- CVE-2026-45793 — PHP Composer: GitHub Actions CI token disclosure in error messages [SINGLE-SOURCE]
- UPDATE: TeamPCP / Mini Shai-Hulud — OpenAI named as victim; code-signing certificate rotation enforced for all macOS apps
- UPDATE: Datadog Security Labs analyzes leaked TeamPCP "Shai-Hulud" offensive framework source code
- GemStuffer — RubyGems weaponised as a one-way exfiltration channel scraping UK local-authority ModernGov portals; new abuse pattern targets the asymmetric monitoring gap between package pull and push
- Foxconn confirms Nitrogen ransomware crippled North-American manufacturing sites; 8 TB / 11M files claimed
- UPDATE: Mini Shai-Hulud — TeamPCP worm hits TanStack, UiPath, Mistral AI, OpenSearch (160+ package versions)
- [SINGLE-SOURCE-OTHER] West Pharmaceutical Services files SEC Form 8-K Item 1.05 — data exfiltrated, systems encrypted, global operations partially restarted
- UPDATE: TeamPCP (UNC6780 / PCPJack ecosystem) backdoors the Checkmarx Jenkins AST plugin — third Checkmarx supply-chain compromise in three months, SANDCLOCK exfiltrates every CI secret reachable from the runner
- Hardening / detection summary
- Audit Jenkins pipelines for Checkmarx AST plugin auto-update window 2026-05-09 → 2026-05-10 and treat any match as full secrets compromise
- ShinyHunters / WorldLeaks — week-long cross-incident operator activity touching Inditex, Vimeo, ADT, and Instructure / Canvas
- Canvas / Instructure breach — five-day arc from first claim to seven Dutch universities executing emergency disconnects
- AI tooling SaaS (multi-tenant credential aggregation, US)
- DigiCert support portal compromise — Salesforce-based support-chat social engineering yielded 60 fraudulent EV code-signing certificates
- Trellix source code repository breach — vendor confirmed, scope undisclosed, supply-chain integrity question open
- DAEMON Tools Lite supply-chain compromise — China-nexus QUIC RAT delivered via signed installers; ~12 selective government / scientific / manufacturing targets
- JDownloader official site compromised — Windows and Linux installers swapped for ~48 hours
- ShinyHunters / WorldLeaks family (financial-data extortion, third-party-SaaS pivot)
- TeamPCP → PCPJack — cloud-worm successor evicting prior operator artefacts
- CERT-FR CERTFR-2026-ACT-016 — agentic AI three-risk-class advisory; defender obligations explicit
- Braintrust AI evaluation platform AWS account breach — multi-tenant LLM-provider keys and SaaS credentials at risk; mandatory key rotation across customer base
- JDownloader official site compromised — Windows and Linux installers swapped for a Python RAT for ~48 hours
- PCPJack — modular cloud-credential-theft worm displaces TeamPCP using five public CVEs and a multi-cloud key-harvesting pipeline
- Rotate organisation-level upstream LLM keys held by Braintrust customers
- Hunt for trojanised JDownloader installers and unsigned Python child processes
- DAEMON Tools Lite supply chain — QUIC RAT deployed via signed installer; EU governments among targeted victims
- CERT-FR CERTFR-2026-ACT-016: Agentic AI tools introduce prompt-injection and supply-chain attack surfaces