A new surge in supply chain attacks has exposed critical vulnerabilities in popular developer tools like Axios and Gigabyte Control Center, while giants like Cisco face source code theft. As attackers target the very foundations of software, the need for vigilant security has never been greater.
A targeted social engineering attack on Axios’s maintainer led to a supply chain compromise, revealing the hidden risks facing open-source projects and the urgent need to support their human defenders.
A high-profile supply chain attack on the Axios npm package has been traced to North Korean hackers, with advanced malware targeting developers worldwide. This breach highlights the escalating risks to global software supply chains.
North Korean hackers have breached the widely used Axios npm package, injecting advanced malware in a sweeping supply chain attack. This incident exposes the fragility of open-source ecosystems and underscores the rising threat posed by state-sponsored cyber actors.
A daring supply chain cyberattack attributed to Iranian group Handala has exposed the inner workings of Israel’s military command infrastructure, leaking classified facility images and technical documents from defense contractor PSK Wind Technologies.
Mercor, a leading AI recruitment firm, has confirmed it was swept up in a lightning-fast supply chain attack involving LiteLLM. In just 40 minutes, attackers allegedly stole 4TB of sensitive data, now being auctioned by cybercriminals. This feature unpacks how a single compromised software update triggered a major security crisis.
North Korean hackers infiltrated the npm supply chain by compromising Axios, a widely used JavaScript library, with stealthy malware targeting developers and production systems. Microsoft details urgent mitigation steps in response.
The Axios open-source library, a cornerstone of the JavaScript ecosystem, was recently targeted in a highly sophisticated supply chain attack traced to North Korean threat actors. The breach, which introduced a stealthy backdoor into millions of potential downloads, highlights the growing risks facing open-source software supply chains worldwide.
Mercor, a major AI recruiting firm, has confirmed it was impacted by the LiteLLM supply chain hack that compromised thousands of organizations. The incident exposes critical weaknesses in open-source software security.
A supply chain breach at Cisco, orchestrated via a tainted developer tool, has led to the theft of sensitive source code and cloud credentials. The attack, claimed by ShinyHunters and linked to TeamPCP, exposes vulnerabilities that threaten not only Cisco but its clients and the wider tech ecosystem.