home.social

#supplychainattacks — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #supplychainattacks, aggregated by home.social.

  1. #Supplychainattacks targeting security and developer tools continue, with #SAP, #Intercom, and #lightning #npmpackages compromised. The attacks, attributed to TeamPCP, involve credential-stealing malware that self-propagates, encrypts stolen data, and exfiltrates it to a new GitHub repository. theregister.com/2026/04/30/sup #tech #media #news

  2. #Supplychainattacks targeting security and developer tools continue, with #SAP, #Intercom, and #lightning #npmpackages compromised. The attacks, attributed to TeamPCP, involve credential-stealing malware that self-propagates, encrypts stolen data, and exfiltrates it to a new GitHub repository. theregister.com/2026/04/30/sup #tech #media #news

  3. #Supplychainattacks targeting security and developer tools continue, with #SAP, #Intercom, and #lightning #npmpackages compromised. The attacks, attributed to TeamPCP, involve credential-stealing malware that self-propagates, encrypts stolen data, and exfiltrates it to a new GitHub repository. theregister.com/2026/04/30/sup #tech #media #news

  4. #Supplychainattacks targeting security and developer tools continue, with #SAP, #Intercom, and #lightning #npmpackages compromised. The attacks, attributed to TeamPCP, involve credential-stealing malware that self-propagates, encrypts stolen data, and exfiltrates it to a new GitHub repository. theregister.com/2026/04/30/sup #tech #media #news

  5. #Supplychainattacks targeting security and developer tools continue, with #SAP, #Intercom, and #lightning #npmpackages compromised. The attacks, attributed to TeamPCP, involve credential-stealing malware that self-propagates, encrypts stolen data, and exfiltrates it to a new GitHub repository. theregister.com/2026/04/30/sup #tech #media #news

  6. 🐱‍💻 Oh, Astral's here to save us all from the horrors of open source security, one blog post at a time. Because, clearly, a company that "builds tools" for "millions" will tame the wild world of supply chain attacks with just a sprinkle of their secret sauce. 🥄✨
    astral.sh/blog/open-source-sec #OpenSourceSecurity #AstralSupplyChain #CybersecurityBlog #SupplyChainAttacks #TechInnovation #HackerNews #ngated

  7. Es gibt beim Einsatz einer weitreichenden #HomeAutomation schwere nicht zu vernachlässigende #Sicherheitsrisiken, nicht
    nur durch Einsatz von #agenticAI.

    Der Ersteller dieses Threads hat völlig recht.

    Aber auch durch die vielen Integrationen und Plugins (z.T. auch externe über diverse Repos) ergibt sich ein erhebliches Verwundbarkeitspotential.

    community.simon42.com/t/warnun

    #InfoSec #SupplyChainAttacks

  8. So Senna just told me about the most recent attack on #NPM.

    I swear I wrote the above post independent of that! The problem ist just so pervasive that you keep running into it.

    #supplychainattacks

  9. TV set-top boxes infected with malware are being sold online at Amazon and other resellers, and the Electronic Frontier Foundation wants the Federal Trade Commission to put a stop to it. #EFF #FTC #AndroidTV #settopboxes #malware #clickfraud #cybersecurity #supplychainattacks #consumerprotection
    jpmellojr.blogspot.com/2023/11

  10. Are Web Components & Cybersecurity A Better Combo?

    I'm not trying to dunk on popular #UI #frameworks – I'm sure they're totally fine for #cybersecurity stuff, probably get loads of reviews and #audits.

    But from my angle: Web Components are *native* to the #browser. Doesn't that just inherently reduce the risk of **#SupplyChainAttacks** (you know, like a rogue `npm install` on a bad network) for your #AppSecurity?

    Or am I overthinking it, and the #framework choice is less important than the #browser, #OS, or #device running it? What are your thoughts, #DevCommunity?

    ---

    Quick context: I've got a #ReactJS #messagingApp (repo here: github.com/positive-intentions) and a separate #UIFramework (repo here: github.com/positive-intentions) built with #Lit (which uses Web Components). I'm genuinely wondering if there's a compelling #cybersecurity reason to refactor the chat app to use my #WebComponent UI framework. Might be a whole new level of #SecurityByDesign for #FrontEndDev.

    FYI, same question's on Reddit here: reddit.com/r/ExperiencedDevs/c, got some good #insights, but want to make sure nothing's getting overlooked! Let's discuss #InfoSec #WebDev #JavaScript #OpenSource #TechQuestion.

  11. What is a supply chain attack in crypto and how to prevent it? - Supply chain attacks in crypto exploit trusted depe... - cointelegraph.com/explained/wh #supplychainattacks

  12. Undocumented backdoor found in Bluetooth chip used by a billion devices

    > The undocumented commands allow spoofing of trusted devices, unauthorized data access, pivoting to other devices on the network, and potentially establishing long-term persistence.

    bleepingcomputer.com/news/secu

    #infosec #supplychainsecurity #supplychainattacks