#supplychainattacks — Public Fediverse posts

https://www.europesays.com/ie/470816/ Google expands Android Binary Transparency to counter supply chain attacks #Android #DigitalSignature #Éire #encryption #Google #GooglePlay #IE #Ireland #MobileDevices #Smartphones #SupplyChainAttacks #Technology

#Supplychainattacks targeting security and developer tools continue, with #SAP, #Intercom, and #lightning #npmpackages compromised. The attacks, attributed to TeamPCP, involve credential-stealing malware that self-propagates, encrypts stolen data, and exfiltrates it to a new GitHub repository. https://www.theregister.com/2026/04/30/supply_chain_attacks_sap_npm_packages/?eicker.news #tech #media #news

#Supplychainattacks targeting security and developer tools continue, with #SAP, #Intercom, and #lightning #npmpackages compromised. The attacks, attributed to TeamPCP, involve credential-stealing malware that self-propagates, encrypts stolen data, and exfiltrates it to a new GitHub repository. https://www.theregister.com/2026/04/30/supply_chain_attacks_sap_npm_packages/?eicker.news #tech #media #news

#Supplychainattacks targeting security and developer tools continue, with #SAP, #Intercom, and #lightning #npmpackages compromised. The attacks, attributed to TeamPCP, involve credential-stealing malware that self-propagates, encrypts stolen data, and exfiltrates it to a new GitHub repository. https://www.theregister.com/2026/04/30/supply_chain_attacks_sap_npm_packages/?eicker.news #tech #media #news

#Supplychainattacks targeting security and developer tools continue, with #SAP, #Intercom, and #lightning #npmpackages compromised. The attacks, attributed to TeamPCP, involve credential-stealing malware that self-propagates, encrypts stolen data, and exfiltrates it to a new GitHub repository. https://www.theregister.com/2026/04/30/supply_chain_attacks_sap_npm_packages/?eicker.news #tech #media #news

#Supplychainattacks targeting security and developer tools continue, with #SAP, #Intercom, and #lightning #npmpackages compromised. The attacks, attributed to TeamPCP, involve credential-stealing malware that self-propagates, encrypts stolen data, and exfiltrates it to a new GitHub repository. https://www.theregister.com/2026/04/30/supply_chain_attacks_sap_npm_packages/?eicker.news #tech #media #news

🐱‍💻 Oh, Astral's here to save us all from the horrors of open source security, one blog post at a time. Because, clearly, a company that "builds tools" for "millions" will tame the wild world of supply chain attacks with just a sprinkle of their secret sauce. 🥄✨
https://astral.sh/blog/open-source-security-at-astral #OpenSourceSecurity #AstralSupplyChain #CybersecurityBlog #SupplyChainAttacks #TechInnovation #HackerNews #ngated

European Commission Cloud Breach: Stolen Data Posted Online

The European Commission cloud breach did not begin with a dramatic system hack or a visible outage. It…
#Europe #EU #EuropeanCommission #AWSsecret #CERT-EU #cloudenvironments #darkwebleak #DataTheft #EUEntities #EuropeanCommissioncloudbreach #EuropeanDataProtectionSupervisor #Supplychainattacks #TrivyTool
https://www.europesays.com/europe/7182/

True that:

“Every Dependency You Add Is A Supply Chain Attack Waiting To Happen”, Ben Hoyt (https://benhoyt.com/writings/dependencies/).

Via Lobsters: https://lobste.rs/s/j6uemk/every_dependency_you_add_is_supply_chain

On HN: https://news.ycombinator.com/item?id=47613210

#Security #Dependencies #Programming #SupplyChainAttacks #ComputerSecurity

Es gibt beim Einsatz einer weitreichenden #HomeAutomation schwere nicht zu vernachlässigende #Sicherheitsrisiken, nicht
nur durch Einsatz von #agenticAI.

Der Ersteller dieses Threads hat völlig recht.

Aber auch durch die vielen Integrationen und Plugins (z.T. auch externe über diverse Repos) ergibt sich ein erhebliches Verwundbarkeitspotential.

https://community.simon42.com/t/warnung-niemals-einer-ki-zugriff-auf-euren-ha-gewaehren-eine-ki-auf-euren-ha-lassen/80847

#InfoSec #SupplyChainAttacks

Ransomware Attacks Have Soared 30% in Recent Months https://thecyberexpress.com/ransomware-attacks-soar-30-percent/ #TheGentlemenransomwaregroup #Akiraransomwaregroup #Cl0pransomwaregroup #TheCyberExpressNews #Supplychainattacks #ransomwareattack #Qilinransomware #TheCyberExpress #FirewallDaily #CyberThreats #cyberattacks #Ransomware #CyberNews #Sinobi #cyble

Ransomware Attacks Have Soared 30% in Recent Months https://thecyberexpress.com/ransomware-attacks-soar-30-percent/ #TheGentlemenransomwaregroup #Akiraransomwaregroup #Cl0pransomwaregroup #TheCyberExpressNews #Supplychainattacks #ransomwareattack #Qilinransomware #TheCyberExpress #FirewallDaily #CyberThreats #cyberattacks #Ransomware #CyberNews #Sinobi #cyble

Ransomware Attacks Have Soared 30% in Recent Months https://thecyberexpress.com/ransomware-attacks-soar-30-percent/ #TheGentlemenransomwaregroup #Akiraransomwaregroup #Cl0pransomwaregroup #TheCyberExpressNews #Supplychainattacks #ransomwareattack #Qilinransomware #TheCyberExpress #FirewallDaily #CyberThreats #cyberattacks #Ransomware #CyberNews #Sinobi #cyble

Ransomware Attacks Have Soared 30% in Recent Months https://thecyberexpress.com/ransomware-attacks-soar-30-percent/ #TheGentlemenransomwaregroup #Akiraransomwaregroup #Cl0pransomwaregroup #TheCyberExpressNews #Supplychainattacks #ransomwareattack #Qilinransomware #TheCyberExpress #FirewallDaily #CyberThreats #cyberattacks #Ransomware #CyberNews #Sinobi #cyble

Open-source attacks move through normal development workflows https://www.helpnetsecurity.com/2026/02/03/open-source-attacks-supply-chain-development-workflows/ #vulnerabilitymanagement #supplychainattacks #ReversingLabs #supplychain #opensource #Don'tmiss #attacks #report #News

Open-source attacks move through normal development workflows https://www.helpnetsecurity.com/2026/02/03/open-source-attacks-supply-chain-development-workflows/ #vulnerabilitymanagement #supplychainattacks #ReversingLabs #supplychain #opensource #Don'tmiss #attacks #report #News

Open-source attacks move through normal development workflows https://www.helpnetsecurity.com/2026/02/03/open-source-attacks-supply-chain-development-workflows/ #vulnerabilitymanagement #supplychainattacks #ReversingLabs #supplychain #opensource #Don'tmiss #attacks #report #News

Open-source attacks move through normal development workflows https://www.helpnetsecurity.com/2026/02/03/open-source-attacks-supply-chain-development-workflows/ #vulnerabilitymanagement #supplychainattacks #ReversingLabs #supplychain #opensource #Don'tmiss #attacks #report #News

UK announces grand plan to secure online public services https://www.helpnetsecurity.com/2026/01/07/uk-public-services-cyber-security/ #OrangeCyberdefense #supplychainattacks #publicsector #government #Proofpoint #Don'tmiss #Hotstuff #News #UK

UK announces grand plan to secure online public services https://www.helpnetsecurity.com/2026/01/07/uk-public-services-cyber-security/ #OrangeCyberdefense #supplychainattacks #publicsector #government #Proofpoint #Don'tmiss #Hotstuff #News #UK

UK announces grand plan to secure online public services https://www.helpnetsecurity.com/2026/01/07/uk-public-services-cyber-security/ #OrangeCyberdefense #supplychainattacks #publicsector #government #Proofpoint #Don'tmiss #Hotstuff #News #UK

UK announces grand plan to secure online public services https://www.helpnetsecurity.com/2026/01/07/uk-public-services-cyber-security/ #OrangeCyberdefense #supplychainattacks #publicsector #government #Proofpoint #Don'tmiss #Hotstuff #News #UK

So Senna just told me about the most recent attack on #NPM.

I swear I wrote the above post independent of that! The problem ist just so pervasive that you keep running into it.

#supplychainattacks

Pluralistic: O(N^2) nationalism (26 Nov 2025)

https://web.brid.gy/r/https://pluralistic.net/2025/11/26/difficult-multipolarism/

Pluralistic: O(N^2) nationalism (26 Nov 2025)

https://web.brid.gy/r/https://pluralistic.net/2025/11/26/difficult-multipolarism/

Pluralistic: O(N^2) nationalism (26 Nov 2025)

https://web.brid.gy/r/https://pluralistic.net/2025/11/26/difficult-multipolarism/

Pluralistic: O(N^2) nationalism (26 Nov 2025)

https://fed.brid.gy/r/https://pluralistic.net/2025/11/26/difficult-multipolarism/

Pluralistic: O(N^2) nationalism (26 Nov 2025)

https://web.brid.gy/r/https://pluralistic.net/2025/11/26/difficult-multipolarism/

Software Supply Chain Attacks Set Records in October https://thecyberexpress.com/software-supply-chain-attacks-set-records/ #criticalinfrastructure #softwaresupplychain #TheCyberExpressNews #Supplychainattacks #ThreatIntelligence #TheCyberExpress #Vulnerabilities #FirewallDaily #cybersecurity #CyberThreats #cyberattacks #Ransomware #CyberNews

Shadow AI is breaking corporate security from within https://www.helpnetsecurity.com/2025/09/18/ai-attack-surface-risks/ #Artificialintelligence #thirdpartycompromise #supplychainattacks #cybersecurity #compliance #report #News #IO

Shadow AI is breaking corporate security from within https://www.helpnetsecurity.com/2025/09/18/ai-attack-surface-risks/ #Artificialintelligence #thirdpartycompromise #supplychainattacks #cybersecurity #compliance #report #News #IO

Shadow AI is breaking corporate security from within https://www.helpnetsecurity.com/2025/09/18/ai-attack-surface-risks/ #Artificialintelligence #thirdpartycompromise #supplychainattacks #cybersecurity #compliance #report #News #IO

Self-replicating worm hits 180+ npm packages in (largely) automated supply chain attack https://www.helpnetsecurity.com/2025/09/16/self-replicating-worm-hits-180-npm-packages-in-largely-automated-supply-chain-attack/ #supplychainattacks #AikidoSecurity #ReversingLabs #StepSecurity #JavaScript #opensource #Don'tmiss #Hotstuff #Nodejs #worms #News #Wiz

Self-replicating worm hits 180+ npm packages in (largely) automated supply chain attack https://www.helpnetsecurity.com/2025/09/16/self-replicating-worm-hits-180-npm-packages-in-largely-automated-supply-chain-attack/ #supplychainattacks #AikidoSecurity #ReversingLabs #StepSecurity #JavaScript #opensource #Don'tmiss #Hotstuff #Nodejs #worms #News #Wiz

Self-replicating worm hits 180+ npm packages in (largely) automated supply chain attack https://www.helpnetsecurity.com/2025/09/16/self-replicating-worm-hits-180-npm-packages-in-largely-automated-supply-chain-attack/ #supplychainattacks #AikidoSecurity #ReversingLabs #StepSecurity #JavaScript #opensource #Don'tmiss #Hotstuff #Nodejs #worms #News #Wiz

Self-replicating worm hits 180+ npm packages in (largely) automated supply chain attack https://www.helpnetsecurity.com/2025/09/16/self-replicating-worm-hits-180-npm-packages-in-largely-automated-supply-chain-attack/ #supplychainattacks #AikidoSecurity #ReversingLabs #StepSecurity #JavaScript #opensource #Don'tmiss #Hotstuff #Nodejs #worms #News #Wiz

Software packages with more than 2 billion weekly downloads hit in supply-chain attack - Hackers planted malicious code in open source software packa... - https://arstechnica.com/security/2025/09/software-packages-with-more-than-2-billion-weekly-downloads-hit-in-supply-chain-attack/ #supplychainattacks #supplychain #opensource #security #biz⁢ #npm

Palo Alto Networks, Zscaler Among Salesloft Breach Victims https://thecyberexpress.com/salesloft-breach/ #softwaresupplychain #TheCyberExpressNews #Supplychainattacks #TheCyberExpress #FirewallDaily #cybersecurity #cyberattacks #Cyberattack #databreach #Salesforce #CyberNews #Salesloft

TV set-top boxes infected with malware are being sold online at Amazon and other resellers, and the Electronic Frontier Foundation wants the Federal Trade Commission to put a stop to it. #EFF #FTC #AndroidTV #settopboxes #malware #clickfraud #cybersecurity #supplychainattacks #consumerprotection
https://jpmellojr.blogspot.com/2023/11/eff-calls-for-ftc-action-on-poisoned.html

Are Web Components & Cybersecurity A Better Combo?

I'm not trying to dunk on popular #UI #frameworks – I'm sure they're totally fine for #cybersecurity stuff, probably get loads of reviews and #audits.

But from my angle: Web Components are *native* to the #browser. Doesn't that just inherently reduce the risk of **#SupplyChainAttacks** (you know, like a rogue `npm install` on a bad network) for your #AppSecurity?

Or am I overthinking it, and the #framework choice is less important than the #browser, #OS, or #device running it? What are your thoughts, #DevCommunity?

---

Quick context: I've got a #ReactJS #messagingApp (repo here: https://github.com/positive-intentions/chat) and a separate #UIFramework (repo here: https://github.com/positive-intentions/dim) built with #Lit (which uses Web Components). I'm genuinely wondering if there's a compelling #cybersecurity reason to refactor the chat app to use my #WebComponent UI framework. Might be a whole new level of #SecurityByDesign for #FrontEndDev.

FYI, same question's on Reddit here: https://www.reddit.com/r/ExperiencedDevs/comments/1lmk1rg/are_web_components_better_for_cybersecurity/, got some good #insights, but want to make sure nothing's getting overlooked! Let's discuss #InfoSec #WebDev #JavaScript #OpenSource #TechQuestion.

Breaches are up, budgets are too, so why isn’t healthcare safer? https://www.helpnetsecurity.com/2025/08/11/resilience-top-healthcare-cybersecurity-risks/ #supplychaincompromise #supplychainattacks #cyberresilience #cybersecurity #securityROI #healthcare #resilience #cyberrisk #report #News

Supply-chain attacks on open source software are getting out of hand - It has been a busy week for supply-chain attacks targeting o... - https://arstechnica.com/security/2025/07/open-source-repositories-are-seeing-a-rash-of-supply-chain-attacks/ #supplychainattacks #repositories #opensource #security #biz&it

CoinMarketCap, Cointelegraph compromised to serve pop-ups to drain crypto wallets https://www.helpnetsecurity.com/2025/06/23/coinmarketcap-cointelegraph-compromised-to-serve-pop-ups-to-drain-crypto-wallets/ #supplychainattacks #cryptocurrency #JavaScript #Don'tmiss #Hotstuff #Blockaid #c/side #News

What is a supply chain attack in crypto and how to prevent it? - Supply chain attacks in crypto exploit trusted depe... - https://cointelegraph.com/explained/what-is-a-supply-chain-attack-in-crypto-and-how-to-prevent-it #supplychainattacks

Securing the invisible: Supply chain security trends https://www.helpnetsecurity.com/2025/04/30/supply-chain-security-trends/ #supplychainattacks #cybersecurity #iconfidential #Don'tmiss #Eclypsium #zerotrust #News #CISO

Supply Chain Attacks on Linux Distributions – Fedora Pagure

https://fenrisk.com/pagure

#HackerNews #SupplyChainAttacks #LinuxDistributions #FedoraPagure #Cybersecurity #OpenSource

Supply Chain Attacks on Linux Distributions

https://fenrisk.com/supply-chain-attacks

#HackerNews #SupplyChainAttacks #LinuxDistributions #CyberSecurity #OpenSource #ThreatDetection

Undocumented backdoor found in Bluetooth chip used by a billion devices

> The undocumented commands allow spoofing of trusted devices, unauthorized data access, pivoting to other devices on the network, and potentially establishing long-term persistence.

https://www.bleepingcomputer.com/news/security/undocumented-backdoor-found-in-bluetooth-chip-used-by-a-billion-devices/

#infosec #supplychainsecurity #supplychainattacks

Malicious ML models found on Hugging Face Hub https://www.helpnetsecurity.com/2025/02/10/malicious-ml-models-found-on-hugging-face-hub/ #artificialintelligence #softwaredevelopment #supplychainattacks #machinelearning #ReversingLabs #HuggingFace #Don'tmiss #Hotstuff #JFrog #News

Cybersecurity for Businesses in 2025: What to Expect https://thecyberexpress.com/cybersecurity-for-businesses/ #CybersecurityforBusinessesin2025 #CybersecurityTrends2025 #ZeroTrustArchitecture #TheCyberExpressNews #Supplychainattacks #AIinCybersecurity #BiometricSecurity #TheCyberExpress #FirewallDaily #Trends2025 #Features #Trends