Vimeo has confirmed that user data was exposed after a cybercrime group breached its analytics provider Anodot. The ShinyHunters gang is demanding ransom, highlighting the dangers of supply-chain attacks affecting major platforms.
Checkmarx confirmed a major breach after LAPSUS$ hackers leaked internal GitHub repository data on the dark web, exposing the hidden dangers of supply chain attacks. Here’s what happened and why it matters.
As ransomware gangs increasingly target cybersecurity vendors, the risks to customers and the entire digital ecosystem multiply. This feature investigates the new frontline of cybercrime and what it means for trust in the security industry.
Checkmarx is investigating after hackers leaked its GitHub repository data—including source code and credentials—on the dark web following a major supply chain attack. The breach exposes the dangers of compromised developer tools and the ripple effect across the software ecosystem.
A major open-source data tool with over a million monthly downloads was weaponized overnight, leaking sensitive credentials and crypto wallets via a sophisticated supply chain attack. Here’s how it happened and what you need to know.
A new malware campaign has compromised trusted Namastex Labs packages on npm and PyPI, stealing sensitive secrets and spreading through worm-like propagation. The attack, linked to TeamPCP, highlights the growing threat of supply chain attacks in open source.
#Supply Chain Attack | #Malware Campaign | #Open-Source Security
A malicious version of Bitwarden CLI was distributed via npm, enabling attackers to steal credentials from developers and CI/CD pipelines. The breach highlights growing risks in software supply chains and the need for rapid incident response.
#Bitwarden | #Supply Chain Attack | #Credential Exfiltration
A trusted GitHub automation and a popular open-source password manager became the perfect storm for TeamPCP’s Shai-Hulud malware campaign, stealing credentials and poisoning AI coding tools from inside the developer supply chain.
A dramatic supply chain attack hit Bitwarden CLI’s npm package, using GitHub Actions to inject credential-stealing malware and exfiltrate secrets to Dune-themed public repositories. Here’s how it happened and what it means for open source security.
Attackers exploited Bitwarden’s CI/CD pipeline with a rogue GitHub Action, injecting malware into the @bitwarden/cli npm package. The breach harvests credentials and exfiltrates them through Dune-themed public repositories, highlighting new risks in software supply chains.