#supplychainattacks — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #supplychainattacks, aggregated by home.social.
-
https://www.europesays.com/ie/470816/ Google expands Android Binary Transparency to counter supply chain attacks #Android #DigitalSignature #Éire #encryption #Google #GooglePlay #IE #Ireland #MobileDevices #Smartphones #SupplyChainAttacks #Technology
-
#Supplychainattacks targeting security and developer tools continue, with #SAP, #Intercom, and #lightning #npmpackages compromised. The attacks, attributed to TeamPCP, involve credential-stealing malware that self-propagates, encrypts stolen data, and exfiltrates it to a new GitHub repository. https://www.theregister.com/2026/04/30/supply_chain_attacks_sap_npm_packages/?eicker.news #tech #media #news
-
#Supplychainattacks targeting security and developer tools continue, with #SAP, #Intercom, and #lightning #npmpackages compromised. The attacks, attributed to TeamPCP, involve credential-stealing malware that self-propagates, encrypts stolen data, and exfiltrates it to a new GitHub repository. https://www.theregister.com/2026/04/30/supply_chain_attacks_sap_npm_packages/?eicker.news #tech #media #news
-
#Supplychainattacks targeting security and developer tools continue, with #SAP, #Intercom, and #lightning #npmpackages compromised. The attacks, attributed to TeamPCP, involve credential-stealing malware that self-propagates, encrypts stolen data, and exfiltrates it to a new GitHub repository. https://www.theregister.com/2026/04/30/supply_chain_attacks_sap_npm_packages/?eicker.news #tech #media #news
-
#Supplychainattacks targeting security and developer tools continue, with #SAP, #Intercom, and #lightning #npmpackages compromised. The attacks, attributed to TeamPCP, involve credential-stealing malware that self-propagates, encrypts stolen data, and exfiltrates it to a new GitHub repository. https://www.theregister.com/2026/04/30/supply_chain_attacks_sap_npm_packages/?eicker.news #tech #media #news
-
#Supplychainattacks targeting security and developer tools continue, with #SAP, #Intercom, and #lightning #npmpackages compromised. The attacks, attributed to TeamPCP, involve credential-stealing malware that self-propagates, encrypts stolen data, and exfiltrates it to a new GitHub repository. https://www.theregister.com/2026/04/30/supply_chain_attacks_sap_npm_packages/?eicker.news #tech #media #news
-
🐱💻 Oh, Astral's here to save us all from the horrors of open source security, one blog post at a time. Because, clearly, a company that "builds tools" for "millions" will tame the wild world of supply chain attacks with just a sprinkle of their secret sauce. 🥄✨
https://astral.sh/blog/open-source-security-at-astral #OpenSourceSecurity #AstralSupplyChain #CybersecurityBlog #SupplyChainAttacks #TechInnovation #HackerNews #ngated -
European Commission Cloud Breach: Stolen Data Posted Online
The European Commission cloud breach did not begin with a dramatic system hack or a visible outage. It…
#Europe #EU #EuropeanCommission #AWSsecret #CERT-EU #cloudenvironments #darkwebleak #DataTheft #EUEntities #EuropeanCommissioncloudbreach #EuropeanDataProtectionSupervisor #Supplychainattacks #TrivyTool
https://www.europesays.com/europe/7182/ -
True that:
“Every Dependency You Add Is A Supply Chain Attack Waiting To Happen”, Ben Hoyt (https://benhoyt.com/writings/dependencies/).
Via Lobsters: https://lobste.rs/s/j6uemk/every_dependency_you_add_is_supply_chain
On HN: https://news.ycombinator.com/item?id=47613210
#Security #Dependencies #Programming #SupplyChainAttacks #ComputerSecurity
-
Es gibt beim Einsatz einer weitreichenden #HomeAutomation schwere nicht zu vernachlässigende #Sicherheitsrisiken, nicht
nur durch Einsatz von #agenticAI.
Der Ersteller dieses Threads hat völlig recht.Aber auch durch die vielen Integrationen und Plugins (z.T. auch externe über diverse Repos) ergibt sich ein erhebliches Verwundbarkeitspotential.
-
Ransomware Attacks Have Soared 30% in Recent Months https://thecyberexpress.com/ransomware-attacks-soar-30-percent/ #TheGentlemenransomwaregroup #Akiraransomwaregroup #Cl0pransomwaregroup #TheCyberExpressNews #Supplychainattacks #ransomwareattack #Qilinransomware #TheCyberExpress #FirewallDaily #CyberThreats #cyberattacks #Ransomware #CyberNews #Sinobi #cyble
-
Ransomware Attacks Have Soared 30% in Recent Months https://thecyberexpress.com/ransomware-attacks-soar-30-percent/ #TheGentlemenransomwaregroup #Akiraransomwaregroup #Cl0pransomwaregroup #TheCyberExpressNews #Supplychainattacks #ransomwareattack #Qilinransomware #TheCyberExpress #FirewallDaily #CyberThreats #cyberattacks #Ransomware #CyberNews #Sinobi #cyble
-
Ransomware Attacks Have Soared 30% in Recent Months https://thecyberexpress.com/ransomware-attacks-soar-30-percent/ #TheGentlemenransomwaregroup #Akiraransomwaregroup #Cl0pransomwaregroup #TheCyberExpressNews #Supplychainattacks #ransomwareattack #Qilinransomware #TheCyberExpress #FirewallDaily #CyberThreats #cyberattacks #Ransomware #CyberNews #Sinobi #cyble
-
Ransomware Attacks Have Soared 30% in Recent Months https://thecyberexpress.com/ransomware-attacks-soar-30-percent/ #TheGentlemenransomwaregroup #Akiraransomwaregroup #Cl0pransomwaregroup #TheCyberExpressNews #Supplychainattacks #ransomwareattack #Qilinransomware #TheCyberExpress #FirewallDaily #CyberThreats #cyberattacks #Ransomware #CyberNews #Sinobi #cyble
-
Open-source attacks move through normal development workflows https://www.helpnetsecurity.com/2026/02/03/open-source-attacks-supply-chain-development-workflows/ #vulnerabilitymanagement #supplychainattacks #ReversingLabs #supplychain #opensource #Don'tmiss #attacks #report #News
-
Open-source attacks move through normal development workflows https://www.helpnetsecurity.com/2026/02/03/open-source-attacks-supply-chain-development-workflows/ #vulnerabilitymanagement #supplychainattacks #ReversingLabs #supplychain #opensource #Don'tmiss #attacks #report #News
-
Open-source attacks move through normal development workflows https://www.helpnetsecurity.com/2026/02/03/open-source-attacks-supply-chain-development-workflows/ #vulnerabilitymanagement #supplychainattacks #ReversingLabs #supplychain #opensource #Don'tmiss #attacks #report #News
-
Open-source attacks move through normal development workflows https://www.helpnetsecurity.com/2026/02/03/open-source-attacks-supply-chain-development-workflows/ #vulnerabilitymanagement #supplychainattacks #ReversingLabs #supplychain #opensource #Don'tmiss #attacks #report #News
-
UK announces grand plan to secure online public services https://www.helpnetsecurity.com/2026/01/07/uk-public-services-cyber-security/ #OrangeCyberdefense #supplychainattacks #publicsector #government #Proofpoint #Don'tmiss #Hotstuff #News #UK
-
UK announces grand plan to secure online public services https://www.helpnetsecurity.com/2026/01/07/uk-public-services-cyber-security/ #OrangeCyberdefense #supplychainattacks #publicsector #government #Proofpoint #Don'tmiss #Hotstuff #News #UK
-
UK announces grand plan to secure online public services https://www.helpnetsecurity.com/2026/01/07/uk-public-services-cyber-security/ #OrangeCyberdefense #supplychainattacks #publicsector #government #Proofpoint #Don'tmiss #Hotstuff #News #UK
-
UK announces grand plan to secure online public services https://www.helpnetsecurity.com/2026/01/07/uk-public-services-cyber-security/ #OrangeCyberdefense #supplychainattacks #publicsector #government #Proofpoint #Don'tmiss #Hotstuff #News #UK
-
So Senna just told me about the most recent attack on #NPM.
I swear I wrote the above post independent of that! The problem ist just so pervasive that you keep running into it.
#supplychainattacks -
Pluralistic: Daily links from Cory Doctorow – No trackers, no ads. Black type, white background. Privacy policy: we don't collect or retain any data at all ever period. [Unofficial] @[email protected] ·Pluralistic: O(N^2) nationalism (26 Nov 2025)
https://web.brid.gy/r/https://pluralistic.net/2025/11/26/difficult-multipolarism/
-
Pluralistic: Daily links from Cory Doctorow – No trackers, no ads. Black type, white background. Privacy policy: we don't collect or retain any data at all ever period. [Unofficial] @[email protected] ·Pluralistic: O(N^2) nationalism (26 Nov 2025)
https://web.brid.gy/r/https://pluralistic.net/2025/11/26/difficult-multipolarism/
-
Pluralistic: Daily links from Cory Doctorow – No trackers, no ads. Black type, white background. Privacy policy: we don't collect or retain any data at all ever period. [Unofficial] @[email protected] ·Pluralistic: O(N^2) nationalism (26 Nov 2025)
https://web.brid.gy/r/https://pluralistic.net/2025/11/26/difficult-multipolarism/
-
Pluralistic: Daily links from Cory Doctorow – No trackers, no ads. Black type, white background. Privacy policy: we don't collect or retain any data at all ever period. [Unofficial] @[email protected] ·Pluralistic: O(N^2) nationalism (26 Nov 2025)
https://fed.brid.gy/r/https://pluralistic.net/2025/11/26/difficult-multipolarism/
-
Pluralistic: Daily links from Cory Doctorow – No trackers, no ads. Black type, white background. Privacy policy: we don't collect or retain any data at all ever period. [Unofficial] @[email protected] ·Pluralistic: O(N^2) nationalism (26 Nov 2025)
https://web.brid.gy/r/https://pluralistic.net/2025/11/26/difficult-multipolarism/
-
Software Supply Chain Attacks Set Records in October https://thecyberexpress.com/software-supply-chain-attacks-set-records/ #criticalinfrastructure #softwaresupplychain #TheCyberExpressNews #Supplychainattacks #ThreatIntelligence #TheCyberExpress #Vulnerabilities #FirewallDaily #cybersecurity #CyberThreats #cyberattacks #Ransomware #CyberNews
-
Shadow AI is breaking corporate security from within https://www.helpnetsecurity.com/2025/09/18/ai-attack-surface-risks/ #Artificialintelligence #thirdpartycompromise #supplychainattacks #cybersecurity #compliance #report #News #IO
-
Shadow AI is breaking corporate security from within https://www.helpnetsecurity.com/2025/09/18/ai-attack-surface-risks/ #Artificialintelligence #thirdpartycompromise #supplychainattacks #cybersecurity #compliance #report #News #IO
-
Shadow AI is breaking corporate security from within https://www.helpnetsecurity.com/2025/09/18/ai-attack-surface-risks/ #Artificialintelligence #thirdpartycompromise #supplychainattacks #cybersecurity #compliance #report #News #IO
-
Self-replicating worm hits 180+ npm packages in (largely) automated supply chain attack https://www.helpnetsecurity.com/2025/09/16/self-replicating-worm-hits-180-npm-packages-in-largely-automated-supply-chain-attack/ #supplychainattacks #AikidoSecurity #ReversingLabs #StepSecurity #JavaScript #opensource #Don'tmiss #Hotstuff #Nodejs #worms #News #Wiz
-
Self-replicating worm hits 180+ npm packages in (largely) automated supply chain attack https://www.helpnetsecurity.com/2025/09/16/self-replicating-worm-hits-180-npm-packages-in-largely-automated-supply-chain-attack/ #supplychainattacks #AikidoSecurity #ReversingLabs #StepSecurity #JavaScript #opensource #Don'tmiss #Hotstuff #Nodejs #worms #News #Wiz
-
Self-replicating worm hits 180+ npm packages in (largely) automated supply chain attack https://www.helpnetsecurity.com/2025/09/16/self-replicating-worm-hits-180-npm-packages-in-largely-automated-supply-chain-attack/ #supplychainattacks #AikidoSecurity #ReversingLabs #StepSecurity #JavaScript #opensource #Don'tmiss #Hotstuff #Nodejs #worms #News #Wiz
-
Self-replicating worm hits 180+ npm packages in (largely) automated supply chain attack https://www.helpnetsecurity.com/2025/09/16/self-replicating-worm-hits-180-npm-packages-in-largely-automated-supply-chain-attack/ #supplychainattacks #AikidoSecurity #ReversingLabs #StepSecurity #JavaScript #opensource #Don'tmiss #Hotstuff #Nodejs #worms #News #Wiz
-
Software packages with more than 2 billion weekly downloads hit in supply-chain attack - Hackers planted malicious code in open source software packa... - https://arstechnica.com/security/2025/09/software-packages-with-more-than-2-billion-weekly-downloads-hit-in-supply-chain-attack/ #supplychainattacks #supplychain #opensource #security #biz #npm
-
Palo Alto Networks, Zscaler Among Salesloft Breach Victims https://thecyberexpress.com/salesloft-breach/ #softwaresupplychain #TheCyberExpressNews #Supplychainattacks #TheCyberExpress #FirewallDaily #cybersecurity #cyberattacks #Cyberattack #databreach #Salesforce #CyberNews #Salesloft
-
Supply-chain attacks are a favourite in the toolbox of cyber warfare. The SolarWinds attack remains in the history books of cybersecurity for the clever use of patching as an attack vector to disrupt C2 infrastructure.
Read how it unfolded in our deep dive article! 👇
https://negativepid.blog/the-solarwinds-supply-chain-attack/
#cyberwarfare #supplychainattacks #patching #cozybear #orion #C2
-
Supply-chain attacks are a favourite in the toolbox of cyber warfare. The SolarWinds attack remains in the history books of cybersecurity for the clever use of patching as an attack vector to disrupt C2 infrastructure.
Read how it unfolded in our deep dive article! 👇
https://negativepid.blog/the-solarwinds-supply-chain-attack/
#cyberwarfare #supplychainattacks #patching #cozybear #orion #C2
-
Breaches are up, budgets are too, so why isn’t healthcare safer? https://www.helpnetsecurity.com/2025/08/11/resilience-top-healthcare-cybersecurity-risks/ #supplychaincompromise #supplychainattacks #cyberresilience #cybersecurity #securityROI #healthcare #resilience #cyberrisk #report #News
-
Breaches are up, budgets are too, so why isn’t healthcare safer? https://www.helpnetsecurity.com/2025/08/11/resilience-top-healthcare-cybersecurity-risks/ #supplychaincompromise #supplychainattacks #cyberresilience #cybersecurity #securityROI #healthcare #resilience #cyberrisk #report #News
-
Breaches are up, budgets are too, so why isn’t healthcare safer? https://www.helpnetsecurity.com/2025/08/11/resilience-top-healthcare-cybersecurity-risks/ #supplychaincompromise #supplychainattacks #cyberresilience #cybersecurity #securityROI #healthcare #resilience #cyberrisk #report #News
-
Breaches are up, budgets are too, so why isn’t healthcare safer? https://www.helpnetsecurity.com/2025/08/11/resilience-top-healthcare-cybersecurity-risks/ #supplychaincompromise #supplychainattacks #cyberresilience #cybersecurity #securityROI #healthcare #resilience #cyberrisk #report #News
-
Supply-chain attacks on open source software are getting out of hand - It has been a busy week for supply-chain attacks targeting o... - https://arstechnica.com/security/2025/07/open-source-repositories-are-seeing-a-rash-of-supply-chain-attacks/ #supplychainattacks #repositories #opensource #security #biz&it
-
Are Web Components & Cybersecurity A Better Combo?
I'm not trying to dunk on popular #UI #frameworks – I'm sure they're totally fine for #cybersecurity stuff, probably get loads of reviews and #audits.
But from my angle: Web Components are *native* to the #browser. Doesn't that just inherently reduce the risk of **#SupplyChainAttacks** (you know, like a rogue `npm install` on a bad network) for your #AppSecurity?
Or am I overthinking it, and the #framework choice is less important than the #browser, #OS, or #device running it? What are your thoughts, #DevCommunity?
---
Quick context: I've got a #ReactJS #messagingApp (repo here: https://github.com/positive-intentions/chat) and a separate #UIFramework (repo here: https://github.com/positive-intentions/dim) built with #Lit (which uses Web Components). I'm genuinely wondering if there's a compelling #cybersecurity reason to refactor the chat app to use my #WebComponent UI framework. Might be a whole new level of #SecurityByDesign for #FrontEndDev.
FYI, same question's on Reddit here: https://www.reddit.com/r/ExperiencedDevs/comments/1lmk1rg/are_web_components_better_for_cybersecurity/, got some good #insights, but want to make sure nothing's getting overlooked! Let's discuss #InfoSec #WebDev #JavaScript #OpenSource #TechQuestion.
-
Are Web Components & Cybersecurity A Better Combo?
I'm not trying to dunk on popular #UI #frameworks – I'm sure they're totally fine for #cybersecurity stuff, probably get loads of reviews and #audits.
But from my angle: Web Components are *native* to the #browser. Doesn't that just inherently reduce the risk of **#SupplyChainAttacks** (you know, like a rogue `npm install` on a bad network) for your #AppSecurity?
Or am I overthinking it, and the #framework choice is less important than the #browser, #OS, or #device running it? What are your thoughts, #DevCommunity?
---
Quick context: I've got a #ReactJS #messagingApp (repo here: https://github.com/positive-intentions/chat) and a separate #UIFramework (repo here: https://github.com/positive-intentions/dim) built with #Lit (which uses Web Components). I'm genuinely wondering if there's a compelling #cybersecurity reason to refactor the chat app to use my #WebComponent UI framework. Might be a whole new level of #SecurityByDesign for #FrontEndDev.
FYI, same question's on Reddit here: https://www.reddit.com/r/ExperiencedDevs/comments/1lmk1rg/are_web_components_better_for_cybersecurity/, got some good #insights, but want to make sure nothing's getting overlooked! Let's discuss #InfoSec #WebDev #JavaScript #OpenSource #TechQuestion.
-
Are Web Components & Cybersecurity A Better Combo?
I'm not trying to dunk on popular #UI #frameworks – I'm sure they're totally fine for #cybersecurity stuff, probably get loads of reviews and #audits.
But from my angle: Web Components are *native* to the #browser. Doesn't that just inherently reduce the risk of **#SupplyChainAttacks** (you know, like a rogue `npm install` on a bad network) for your #AppSecurity?
Or am I overthinking it, and the #framework choice is less important than the #browser, #OS, or #device running it? What are your thoughts, #DevCommunity?
---
Quick context: I've got a #ReactJS #messagingApp (repo here: https://github.com/positive-intentions/chat) and a separate #UIFramework (repo here: https://github.com/positive-intentions/dim) built with #Lit (which uses Web Components). I'm genuinely wondering if there's a compelling #cybersecurity reason to refactor the chat app to use my #WebComponent UI framework. Might be a whole new level of #SecurityByDesign for #FrontEndDev.
FYI, same question's on Reddit here: https://www.reddit.com/r/ExperiencedDevs/comments/1lmk1rg/are_web_components_better_for_cybersecurity/, got some good #insights, but want to make sure nothing's getting overlooked! Let's discuss #InfoSec #WebDev #JavaScript #OpenSource #TechQuestion.
-
Are Web Components & Cybersecurity A Better Combo?
I'm not trying to dunk on popular #UI #frameworks – I'm sure they're totally fine for #cybersecurity stuff, probably get loads of reviews and #audits.
But from my angle: Web Components are *native* to the #browser. Doesn't that just inherently reduce the risk of **#SupplyChainAttacks** (you know, like a rogue `npm install` on a bad network) for your #AppSecurity?
Or am I overthinking it, and the #framework choice is less important than the #browser, #OS, or #device running it? What are your thoughts, #DevCommunity?
---
Quick context: I've got a #ReactJS #messagingApp (repo here: https://github.com/positive-intentions/chat) and a separate #UIFramework (repo here: https://github.com/positive-intentions/dim) built with #Lit (which uses Web Components). I'm genuinely wondering if there's a compelling #cybersecurity reason to refactor the chat app to use my #WebComponent UI framework. Might be a whole new level of #SecurityByDesign for #FrontEndDev.
FYI, same question's on Reddit here: https://www.reddit.com/r/ExperiencedDevs/comments/1lmk1rg/are_web_components_better_for_cybersecurity/, got some good #insights, but want to make sure nothing's getting overlooked! Let's discuss #InfoSec #WebDev #JavaScript #OpenSource #TechQuestion.
-
Are Web Components & Cybersecurity A Better Combo?
I'm not trying to dunk on popular #UI #frameworks – I'm sure they're totally fine for #cybersecurity stuff, probably get loads of reviews and #audits.
But from my angle: Web Components are *native* to the #browser. Doesn't that just inherently reduce the risk of **#SupplyChainAttacks** (you know, like a rogue `npm install` on a bad network) for your #AppSecurity?
Or am I overthinking it, and the #framework choice is less important than the #browser, #OS, or #device running it? What are your thoughts, #DevCommunity?
---
Quick context: I've got a #ReactJS #messagingApp (repo here: https://github.com/positive-intentions/chat) and a separate #UIFramework (repo here: https://github.com/positive-intentions/dim) built with #Lit (which uses Web Components). I'm genuinely wondering if there's a compelling #cybersecurity reason to refactor the chat app to use my #WebComponent UI framework. Might be a whole new level of #SecurityByDesign for #FrontEndDev.
FYI, same question's on Reddit here: https://www.reddit.com/r/ExperiencedDevs/comments/1lmk1rg/are_web_components_better_for_cybersecurity/, got some good #insights, but want to make sure nothing's getting overlooked! Let's discuss #InfoSec #WebDev #JavaScript #OpenSource #TechQuestion.