home.social

#supplychain — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #supplychain, aggregated by home.social.

  1. Cybercriminals, Hacktivists Target 2026 World Cup Infrastructure

    The 2026 FIFA World Cup is set to draw massive crowds of up to six million fans across 104 matches in 16 host cities, making its complex infrastructure a prime target for cyber threats. With its far-reaching network of stadium operations, municipal services, and independent suppliers, the tournament's technical architecture is a…

    osintsights.com/cybercriminals

    #WorldCup #Infrastructure #SupplyChain #EmergingThreats #Hacktivism

  2. A New Threat Actor Targeting the Cryptocurrency Industry's Software Development Infrastructure

    JINX-0164, a financially motivated threat actor active since mid-2025, has been conducting sophisticated campaigns against cryptocurrency organizations. The actor employs LinkedIn-based social engineering, posing as recruiters or business partners to deliver custom macOS malware including AUDIOFIX (a Python-based infostealer and RAT) and MINIRAT (a lightweight Go backdoor). Their operations focus on compromising developer endpoints to steal cryptocurrency wallet credentials, cloud secrets, and GitHub tokens. The attackers then pivot to CI/CD infrastructure, injecting malicious code into repositories to enable lateral movement. In April 2026, they executed a supply chain attack by trojanizing the npm package @velora-dex/sdk. The group masks activity using VPN services and demonstrates advanced capabilities including credential harvesting from password managers, browser extensions, and development tools.

    Pulse ID: 6a181e409d755171f4ac356c
    Pulse Link: otx.alienvault.com/pulse/6a181
    Pulse Author: AlienVault
    Created: 2026-05-28 10:51:44

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #BackDoor #Browser #Cloud #CredentialHarvesting #CyberSecurity #Endpoint #GitHub #InfoSec #InfoStealer #LinkedIn #Mac #MacOS #Malware #NPM #OTX #OpenThreatExchange #Password #Python #RAT #SocialEngineering #SupplyChain #Trojan #VPN #Word #bot #cryptocurrency #AlienVault

  3. A New Threat Actor Targeting the Cryptocurrency Industry's Software Development Infrastructure

    JINX-0164, a financially motivated threat actor active since mid-2025, has been conducting sophisticated campaigns against cryptocurrency organizations. The actor employs LinkedIn-based social engineering, posing as recruiters or business partners to deliver custom macOS malware including AUDIOFIX (a Python-based infostealer and RAT) and MINIRAT (a lightweight Go backdoor). Their operations focus on compromising developer endpoints to steal cryptocurrency wallet credentials, cloud secrets, and GitHub tokens. The attackers then pivot to CI/CD infrastructure, injecting malicious code into repositories to enable lateral movement. In April 2026, they executed a supply chain attack by trojanizing the npm package @velora-dex/sdk. The group masks activity using VPN services and demonstrates advanced capabilities including credential harvesting from password managers, browser extensions, and development tools.

    Pulse ID: 6a181e409d755171f4ac356c
    Pulse Link: otx.alienvault.com/pulse/6a181
    Pulse Author: AlienVault
    Created: 2026-05-28 10:51:44

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #BackDoor #Browser #Cloud #CredentialHarvesting #CyberSecurity #Endpoint #GitHub #InfoSec #InfoStealer #LinkedIn #Mac #MacOS #Malware #NPM #OTX #OpenThreatExchange #Password #Python #RAT #SocialEngineering #SupplyChain #Trojan #VPN #Word #bot #cryptocurrency #AlienVault

  4. A New Threat Actor Targeting the Cryptocurrency Industry's Software Development Infrastructure

    JINX-0164, a financially motivated threat actor active since mid-2025, has been conducting sophisticated campaigns against cryptocurrency organizations. The actor employs LinkedIn-based social engineering, posing as recruiters or business partners to deliver custom macOS malware including AUDIOFIX (a Python-based infostealer and RAT) and MINIRAT (a lightweight Go backdoor). Their operations focus on compromising developer endpoints to steal cryptocurrency wallet credentials, cloud secrets, and GitHub tokens. The attackers then pivot to CI/CD infrastructure, injecting malicious code into repositories to enable lateral movement. In April 2026, they executed a supply chain attack by trojanizing the npm package @velora-dex/sdk. The group masks activity using VPN services and demonstrates advanced capabilities including credential harvesting from password managers, browser extensions, and development tools.

    Pulse ID: 6a181e409d755171f4ac356c
    Pulse Link: otx.alienvault.com/pulse/6a181
    Pulse Author: AlienVault
    Created: 2026-05-28 10:51:44

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #BackDoor #Browser #Cloud #CredentialHarvesting #CyberSecurity #Endpoint #GitHub #InfoSec #InfoStealer #LinkedIn #Mac #MacOS #Malware #NPM #OTX #OpenThreatExchange #Password #Python #RAT #SocialEngineering #SupplyChain #Trojan #VPN #Word #bot #cryptocurrency #AlienVault

  5. A New Threat Actor Targeting the Cryptocurrency Industry's Software Development Infrastructure

    JINX-0164, a financially motivated threat actor active since mid-2025, has been conducting sophisticated campaigns against cryptocurrency organizations. The actor employs LinkedIn-based social engineering, posing as recruiters or business partners to deliver custom macOS malware including AUDIOFIX (a Python-based infostealer and RAT) and MINIRAT (a lightweight Go backdoor). Their operations focus on compromising developer endpoints to steal cryptocurrency wallet credentials, cloud secrets, and GitHub tokens. The attackers then pivot to CI/CD infrastructure, injecting malicious code into repositories to enable lateral movement. In April 2026, they executed a supply chain attack by trojanizing the npm package @velora-dex/sdk. The group masks activity using VPN services and demonstrates advanced capabilities including credential harvesting from password managers, browser extensions, and development tools.

    Pulse ID: 6a181e409d755171f4ac356c
    Pulse Link: otx.alienvault.com/pulse/6a181
    Pulse Author: AlienVault
    Created: 2026-05-28 10:51:44

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #BackDoor #Browser #Cloud #CredentialHarvesting #CyberSecurity #Endpoint #GitHub #InfoSec #InfoStealer #LinkedIn #Mac #MacOS #Malware #NPM #OTX #OpenThreatExchange #Password #Python #RAT #SocialEngineering #SupplyChain #Trojan #VPN #Word #bot #cryptocurrency #AlienVault

  6. A New Threat Actor Targeting the Cryptocurrency Industry's Software Development Infrastructure

    JINX-0164, a financially motivated threat actor active since mid-2025, has been conducting sophisticated campaigns against cryptocurrency organizations. The actor employs LinkedIn-based social engineering, posing as recruiters or business partners to deliver custom macOS malware including AUDIOFIX (a Python-based infostealer and RAT) and MINIRAT (a lightweight Go backdoor). Their operations focus on compromising developer endpoints to steal cryptocurrency wallet credentials, cloud secrets, and GitHub tokens. The attackers then pivot to CI/CD infrastructure, injecting malicious code into repositories to enable lateral movement. In April 2026, they executed a supply chain attack by trojanizing the npm package @velora-dex/sdk. The group masks activity using VPN services and demonstrates advanced capabilities including credential harvesting from password managers, browser extensions, and development tools.

    Pulse ID: 6a181e409d755171f4ac356c
    Pulse Link: otx.alienvault.com/pulse/6a181
    Pulse Author: AlienVault
    Created: 2026-05-28 10:51:44

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #BackDoor #Browser #Cloud #CredentialHarvesting #CyberSecurity #Endpoint #GitHub #InfoSec #InfoStealer #LinkedIn #Mac #MacOS #Malware #NPM #OTX #OpenThreatExchange #Password #Python #RAT #SocialEngineering #SupplyChain #Trojan #VPN #Word #bot #cryptocurrency #AlienVault

  7. 3/3

    This is a supply chain story dressed as a CVE. The ecosystem was built too fast. Security assumed it would catch up. It hasn't.

    Digital sovereignty without perimeter defence is just security theatre. If you're running MCP servers and you skip the proxy because 'it adds complexity,' you've already lost.

    haunted.lighthouse.co.im/artic

    #BadHost #CVE202648710 #Starlette #FastAPI #MCP #SupplyChain #CyberSecurity #DigitalSovereignty #ShadowIT #Architecture

  8. ahoy there here's a #newbrew for you:

    Bumblebee - Read-only developer endpoint scanner for on-disk package, extension, and developer-tool metadata, built to check exposure to known software supply-chain compromises.

    github.com/perplexityai/bumble

    #homebrew macOS and linux users: `brew install bumblebee` for this magical tool with no outside dependencies.

    #infosec #endpoint #supplyChain #cybersecurity

  9. ahoy there here's a #newbrew for you:

    Bumblebee - Read-only developer endpoint scanner for on-disk package, extension, and developer-tool metadata, built to check exposure to known software supply-chain compromises.

    github.com/perplexityai/bumble

    #homebrew macOS and linux users: `brew install bumblebee` for this magical tool with no outside dependencies.

    #infosec #endpoint #supplyChain #cybersecurity

  10. ahoy there here's a #newbrew for you:

    Bumblebee - Read-only developer endpoint scanner for on-disk package, extension, and developer-tool metadata, built to check exposure to known software supply-chain compromises.

    github.com/perplexityai/bumble

    #homebrew macOS and linux users: `brew install bumblebee` for this magical tool with no outside dependencies.

    #infosec #endpoint #supplyChain #cybersecurity

  11. ahoy there here's a #newbrew for you:

    Bumblebee - Read-only developer endpoint scanner for on-disk package, extension, and developer-tool metadata, built to check exposure to known software supply-chain compromises.

    github.com/perplexityai/bumble

    #homebrew macOS and linux users: `brew install bumblebee` for this magical tool with no outside dependencies.

    #infosec #endpoint #supplyChain #cybersecurity

  12. ahoy there here's a #newbrew for you:

    Bumblebee - Read-only developer endpoint scanner for on-disk package, extension, and developer-tool metadata, built to check exposure to known software supply-chain compromises.

    github.com/perplexityai/bumble

    #homebrew macOS and linux users: `brew install bumblebee` for this magical tool with no outside dependencies.

    #infosec #endpoint #supplyChain #cybersecurity

  13. South Korea's National Security Office Director Wi Sung-lac travels to Kazakhstan to strengthen bilateral cooperation on energy and supply chains ahead of the Korea-Central Asia Summit scheduled for September, with discussions planned on President Tokayev's upcoming Seoul visit and regional security matters.
    #YonhapInfomax #WiSungLac #Kazakhstan #KoreaCentralAsiaSummit #EnergyCooperation #SupplyChain #Economics #FinancialMarkets #Banking #Securities #Bonds #StockMarket
    en.infomaxai.com/news/articleV

  14. South Korea's National Security Office Director Wi Sung-lac travels to Kazakhstan to strengthen bilateral cooperation on energy and supply chains ahead of the Korea-Central Asia Summit scheduled for September, with discussions planned on President Tokayev's upcoming Seoul visit and regional security matters.
    #YonhapInfomax #WiSungLac #Kazakhstan #KoreaCentralAsiaSummit #EnergyCooperation #SupplyChain #Economics #FinancialMarkets #Banking #Securities #Bonds #StockMarket
    en.infomaxai.com/news/articleV

  15. South Korea's National Security Office Director Wi Sung-lac travels to Kazakhstan to strengthen bilateral cooperation on energy and supply chains ahead of the Korea-Central Asia Summit scheduled for September, with discussions planned on President Tokayev's upcoming Seoul visit and regional security matters.
    #YonhapInfomax #WiSungLac #Kazakhstan #KoreaCentralAsiaSummit #EnergyCooperation #SupplyChain #Economics #FinancialMarkets #Banking #Securities #Bonds #StockMarket
    en.infomaxai.com/news/articleV

  16. South Korea's National Security Office Director Wi Sung-lac travels to Kazakhstan to strengthen bilateral cooperation on energy and supply chains ahead of the Korea-Central Asia Summit scheduled for September, with discussions planned on President Tokayev's upcoming Seoul visit and regional security matters.
    #YonhapInfomax #WiSungLac #Kazakhstan #KoreaCentralAsiaSummit #EnergyCooperation #SupplyChain #Economics #FinancialMarkets #Banking #Securities #Bonds #StockMarket
    en.infomaxai.com/news/articleV

  17. [#TRADESHOW] #CPHI & #PMEC #China 2026 from June 16 to 18, 2026, at the #Shanghai New #International #Expo #Center (#SNIEC). As #Asia’s leading #pharmaceutical #sourcing and #networking #platform, the #exhibition #event has more than 20 years of experience connecting #Chinese and international #pharma professionals. It serves as a key #meeting point for #innovation, #SupplyChain #collaboration, and #market expansion within the #global pharmaceutical #ecosystem. cnbusinessforum.com/event/cphi

  18. #Trump #War Is Staggering to an Incoherent #Defeat. Even the president’s supporters are alarmed. Not only is Trump incoherently staggering to defeat, he now risks signing on to an agreement that could be far worse than anything #Obama negotiated with Iran a decade ago. #war #middleeast #israel #UAE #diplomacy #congress #law #StraitOfHormuz #oil #supplychain #economics #trade The Atlantic Free Article theatlantic.com/ideas/2026/05/

  19. 🐝 #Perplexity just open-sourced Bumblebee — a read-only supply-chain scanner for #developer endpoints on #macOS & #Linux. Which of your machines have a compromised package installed right now? #security #opensource

    🧵👇#supplychain

    🔍 Bumblebee fills the gap between SBOMs (what shipped) and EDR (what ran). It answers the messy middle: which dev machines match on-disk lockfiles, package metadata, extension manifests & #MCP configs — right now?

  20. Dutch Authorities Disrupt Russian Cyber Operations, Seize 800 Servers

    In a major blow to Russian cybercrime, Dutch authorities seized over 800 servers and arrested two individuals in a daring raid that cracked down on illicit online operations. The suspects, a 57-year-old Amsterdam resident and a 39-year-old from The Hague, were charged with violating sanctions law by aiding EU-sanctioned entities.

    osintsights.com/dutch-authorit

    #Russia #CyberOperations #SupplyChain #Sanctions #LawEnforcement

  21. [#TRADESHOW] #CPHI & #PMEC #China 2026 from June 16 to 18, 2026, at the #Shanghai New #International #Expo #Center (#SNIEC). As #Asia’s leading #pharmaceutical #sourcing and #networking #platform, the #exhibition #event has more than 20 years of experience connecting #Chinese and international #pharma professionals. It serves as a key #meeting point for #innovation, #SupplyChain #collaboration, and #market expansion within the #global pharmaceutical #ecosystem. cnbusinessforum.com/event/cphi

  22. [#TRADESHOW] #CPHI & #PMEC #China 2026 from June 16 to 18, 2026, at the #Shanghai New #International #Expo #Center (#SNIEC). As #Asia’s leading #pharmaceutical #sourcing and #networking #platform, the #exhibition #event has more than 20 years of experience connecting #Chinese and international #pharma professionals. It serves as a key #meeting point for #innovation, #SupplyChain #collaboration, and #market expansion within the #global pharmaceutical #ecosystem. cnbusinessforum.com/event/cphi

  23. [#TRADESHOW] #CPHI & #PMEC #China 2026 from June 16 to 18, 2026, at the #Shanghai New #International #Expo #Center (#SNIEC). As #Asia’s leading #pharmaceutical #sourcing and #networking #platform, the #exhibition #event has more than 20 years of experience connecting #Chinese and international #pharma professionals. It serves as a key #meeting point for #innovation, #SupplyChain #collaboration, and #market expansion within the #global pharmaceutical #ecosystem. cnbusinessforum.com/event/cphi

  24. Great video about the complexities effecting Wabanaki communities due to The Trump Administrations policy directly effecting supply chain and farmers #Wabanaki #Supplychain #farmers #blueberries #Maine This is so personal for me being a third generation baker and Wabanaki youtu.be/w8GIaxQ54mk

    Why Maine's Blueberry Farmers ...

  25. Great video about the complexities effecting Wabanaki communities due to The Trump Administrations policy directly effecting supply chain and farmers #Wabanaki #Supplychain #farmers #blueberries #Maine This is so personal for me being a third generation baker and Wabanaki youtu.be/w8GIaxQ54mk

    Why Maine's Blueberry Farmers ...

  26. #Congress still must approve that #funding, but the #Trump admin is also reprogramming $800 million for a more rapid acquisition of computing capacity.

    Even larger sums will likely be needed in the future, according to experts.

    To work around the #chips shortage, #SusieWiles, the White House chief of staff, has authorized the #NSA to continue to use an advanced model made by #Anthropic, even though the #Pentagon has designated the company a #SupplyChain threat….

    #climate #NationalSecurity

  27. #Congress still must approve that #funding, but the #Trump admin is also reprogramming $800 million for a more rapid acquisition of computing capacity.

    Even larger sums will likely be needed in the future, according to experts.

    To work around the #chips shortage, #SusieWiles, the White House chief of staff, has authorized the #NSA to continue to use an advanced model made by #Anthropic, even though the #Pentagon has designated the company a #SupplyChain threat….

    #climate #NationalSecurity

  28. #Congress still must approve that #funding, but the #Trump admin is also reprogramming $800 million for a more rapid acquisition of computing capacity.

    Even larger sums will likely be needed in the future, according to experts.

    To work around the #chips shortage, #SusieWiles, the White House chief of staff, has authorized the #NSA to continue to use an advanced model made by #Anthropic, even though the #Pentagon has designated the company a #SupplyChain threat….

    #climate #NationalSecurity

  29. #Congress still must approve that #funding, but the #Trump admin is also reprogramming $800 million for a more rapid acquisition of computing capacity.

    Even larger sums will likely be needed in the future, according to experts.

    To work around the #chips shortage, #SusieWiles, the White House chief of staff, has authorized the #NSA to continue to use an advanced model made by #Anthropic, even though the #Pentagon has designated the company a #SupplyChain threat….

    #climate #NationalSecurity

  30. #Congress still must approve that #funding, but the #Trump admin is also reprogramming $800 million for a more rapid acquisition of computing capacity.

    Even larger sums will likely be needed in the future, according to experts.

    To work around the #chips shortage, #SusieWiles, the White House chief of staff, has authorized the #NSA to continue to use an advanced model made by #Anthropic, even though the #Pentagon has designated the company a #SupplyChain threat….

    #climate #NationalSecurity