#supplychainattacks — Public Fediverse posts

https://www.europesays.com/ie/470816/ Google expands Android Binary Transparency to counter supply chain attacks #Android #DigitalSignature #Éire #encryption #Google #GooglePlay #IE #Ireland #MobileDevices #Smartphones #SupplyChainAttacks #Technology

#Supplychainattacks targeting security and developer tools continue, with #SAP, #Intercom, and #lightning #npmpackages compromised. The attacks, attributed to TeamPCP, involve credential-stealing malware that self-propagates, encrypts stolen data, and exfiltrates it to a new GitHub repository. https://www.theregister.com/2026/04/30/supply_chain_attacks_sap_npm_packages/?eicker.news #tech #media #news

#Supplychainattacks targeting security and developer tools continue, with #SAP, #Intercom, and #lightning #npmpackages compromised. The attacks, attributed to TeamPCP, involve credential-stealing malware that self-propagates, encrypts stolen data, and exfiltrates it to a new GitHub repository. https://www.theregister.com/2026/04/30/supply_chain_attacks_sap_npm_packages/?eicker.news #tech #media #news

#Supplychainattacks targeting security and developer tools continue, with #SAP, #Intercom, and #lightning #npmpackages compromised. The attacks, attributed to TeamPCP, involve credential-stealing malware that self-propagates, encrypts stolen data, and exfiltrates it to a new GitHub repository. https://www.theregister.com/2026/04/30/supply_chain_attacks_sap_npm_packages/?eicker.news #tech #media #news

#Supplychainattacks targeting security and developer tools continue, with #SAP, #Intercom, and #lightning #npmpackages compromised. The attacks, attributed to TeamPCP, involve credential-stealing malware that self-propagates, encrypts stolen data, and exfiltrates it to a new GitHub repository. https://www.theregister.com/2026/04/30/supply_chain_attacks_sap_npm_packages/?eicker.news #tech #media #news

#Supplychainattacks targeting security and developer tools continue, with #SAP, #Intercom, and #lightning #npmpackages compromised. The attacks, attributed to TeamPCP, involve credential-stealing malware that self-propagates, encrypts stolen data, and exfiltrates it to a new GitHub repository. https://www.theregister.com/2026/04/30/supply_chain_attacks_sap_npm_packages/?eicker.news #tech #media #news

🐱‍💻 Oh, Astral's here to save us all from the horrors of open source security, one blog post at a time. Because, clearly, a company that "builds tools" for "millions" will tame the wild world of supply chain attacks with just a sprinkle of their secret sauce. 🥄✨
https://astral.sh/blog/open-source-security-at-astral #OpenSourceSecurity #AstralSupplyChain #CybersecurityBlog #SupplyChainAttacks #TechInnovation #HackerNews #ngated

European Commission Cloud Breach: Stolen Data Posted Online

The European Commission cloud breach did not begin with a dramatic system hack or a visible outage. It…
#Europe #EU #EuropeanCommission #AWSsecret #CERT-EU #cloudenvironments #darkwebleak #DataTheft #EUEntities #EuropeanCommissioncloudbreach #EuropeanDataProtectionSupervisor #Supplychainattacks #TrivyTool
https://www.europesays.com/europe/7182/

True that:

“Every Dependency You Add Is A Supply Chain Attack Waiting To Happen”, Ben Hoyt (https://benhoyt.com/writings/dependencies/).

Via Lobsters: https://lobste.rs/s/j6uemk/every_dependency_you_add_is_supply_chain

On HN: https://news.ycombinator.com/item?id=47613210

#Security #Dependencies #Programming #SupplyChainAttacks #ComputerSecurity

Es gibt beim Einsatz einer weitreichenden #HomeAutomation schwere nicht zu vernachlässigende #Sicherheitsrisiken, nicht
nur durch Einsatz von #agenticAI.

Der Ersteller dieses Threads hat völlig recht.

Aber auch durch die vielen Integrationen und Plugins (z.T. auch externe über diverse Repos) ergibt sich ein erhebliches Verwundbarkeitspotential.

https://community.simon42.com/t/warnung-niemals-einer-ki-zugriff-auf-euren-ha-gewaehren-eine-ki-auf-euren-ha-lassen/80847

#InfoSec #SupplyChainAttacks

Ransomware Attacks Have Soared 30% in Recent Months https://thecyberexpress.com/ransomware-attacks-soar-30-percent/ #TheGentlemenransomwaregroup #Akiraransomwaregroup #Cl0pransomwaregroup #TheCyberExpressNews #Supplychainattacks #ransomwareattack #Qilinransomware #TheCyberExpress #FirewallDaily #CyberThreats #cyberattacks #Ransomware #CyberNews #Sinobi #cyble

Ransomware Attacks Have Soared 30% in Recent Months https://thecyberexpress.com/ransomware-attacks-soar-30-percent/ #TheGentlemenransomwaregroup #Akiraransomwaregroup #Cl0pransomwaregroup #TheCyberExpressNews #Supplychainattacks #ransomwareattack #Qilinransomware #TheCyberExpress #FirewallDaily #CyberThreats #cyberattacks #Ransomware #CyberNews #Sinobi #cyble

Ransomware Attacks Have Soared 30% in Recent Months https://thecyberexpress.com/ransomware-attacks-soar-30-percent/ #TheGentlemenransomwaregroup #Akiraransomwaregroup #Cl0pransomwaregroup #TheCyberExpressNews #Supplychainattacks #ransomwareattack #Qilinransomware #TheCyberExpress #FirewallDaily #CyberThreats #cyberattacks #Ransomware #CyberNews #Sinobi #cyble

Ransomware Attacks Have Soared 30% in Recent Months https://thecyberexpress.com/ransomware-attacks-soar-30-percent/ #TheGentlemenransomwaregroup #Akiraransomwaregroup #Cl0pransomwaregroup #TheCyberExpressNews #Supplychainattacks #ransomwareattack #Qilinransomware #TheCyberExpress #FirewallDaily #CyberThreats #cyberattacks #Ransomware #CyberNews #Sinobi #cyble

Open-source attacks move through normal development workflows https://www.helpnetsecurity.com/2026/02/03/open-source-attacks-supply-chain-development-workflows/ #vulnerabilitymanagement #supplychainattacks #ReversingLabs #supplychain #opensource #Don'tmiss #attacks #report #News

Open-source attacks move through normal development workflows https://www.helpnetsecurity.com/2026/02/03/open-source-attacks-supply-chain-development-workflows/ #vulnerabilitymanagement #supplychainattacks #ReversingLabs #supplychain #opensource #Don'tmiss #attacks #report #News

Open-source attacks move through normal development workflows https://www.helpnetsecurity.com/2026/02/03/open-source-attacks-supply-chain-development-workflows/ #vulnerabilitymanagement #supplychainattacks #ReversingLabs #supplychain #opensource #Don'tmiss #attacks #report #News

Open-source attacks move through normal development workflows https://www.helpnetsecurity.com/2026/02/03/open-source-attacks-supply-chain-development-workflows/ #vulnerabilitymanagement #supplychainattacks #ReversingLabs #supplychain #opensource #Don'tmiss #attacks #report #News

UK announces grand plan to secure online public services https://www.helpnetsecurity.com/2026/01/07/uk-public-services-cyber-security/ #OrangeCyberdefense #supplychainattacks #publicsector #government #Proofpoint #Don'tmiss #Hotstuff #News #UK

UK announces grand plan to secure online public services https://www.helpnetsecurity.com/2026/01/07/uk-public-services-cyber-security/ #OrangeCyberdefense #supplychainattacks #publicsector #government #Proofpoint #Don'tmiss #Hotstuff #News #UK

UK announces grand plan to secure online public services https://www.helpnetsecurity.com/2026/01/07/uk-public-services-cyber-security/ #OrangeCyberdefense #supplychainattacks #publicsector #government #Proofpoint #Don'tmiss #Hotstuff #News #UK

UK announces grand plan to secure online public services https://www.helpnetsecurity.com/2026/01/07/uk-public-services-cyber-security/ #OrangeCyberdefense #supplychainattacks #publicsector #government #Proofpoint #Don'tmiss #Hotstuff #News #UK

So Senna just told me about the most recent attack on #NPM.

I swear I wrote the above post independent of that! The problem ist just so pervasive that you keep running into it.

#supplychainattacks

Pluralistic: O(N^2) nationalism (26 Nov 2025)

https://web.brid.gy/r/https://pluralistic.net/2025/11/26/difficult-multipolarism/

Pluralistic: O(N^2) nationalism (26 Nov 2025)

https://web.brid.gy/r/https://pluralistic.net/2025/11/26/difficult-multipolarism/

Pluralistic: O(N^2) nationalism (26 Nov 2025)

https://web.brid.gy/r/https://pluralistic.net/2025/11/26/difficult-multipolarism/

Pluralistic: O(N^2) nationalism (26 Nov 2025)

https://fed.brid.gy/r/https://pluralistic.net/2025/11/26/difficult-multipolarism/

Pluralistic: O(N^2) nationalism (26 Nov 2025)

https://web.brid.gy/r/https://pluralistic.net/2025/11/26/difficult-multipolarism/

Software Supply Chain Attacks Set Records in October https://thecyberexpress.com/software-supply-chain-attacks-set-records/ #criticalinfrastructure #softwaresupplychain #TheCyberExpressNews #Supplychainattacks #ThreatIntelligence #TheCyberExpress #Vulnerabilities #FirewallDaily #cybersecurity #CyberThreats #cyberattacks #Ransomware #CyberNews

Shadow AI is breaking corporate security from within https://www.helpnetsecurity.com/2025/09/18/ai-attack-surface-risks/ #Artificialintelligence #thirdpartycompromise #supplychainattacks #cybersecurity #compliance #report #News #IO

Shadow AI is breaking corporate security from within https://www.helpnetsecurity.com/2025/09/18/ai-attack-surface-risks/ #Artificialintelligence #thirdpartycompromise #supplychainattacks #cybersecurity #compliance #report #News #IO

Shadow AI is breaking corporate security from within https://www.helpnetsecurity.com/2025/09/18/ai-attack-surface-risks/ #Artificialintelligence #thirdpartycompromise #supplychainattacks #cybersecurity #compliance #report #News #IO

Self-replicating worm hits 180+ npm packages in (largely) automated supply chain attack https://www.helpnetsecurity.com/2025/09/16/self-replicating-worm-hits-180-npm-packages-in-largely-automated-supply-chain-attack/ #supplychainattacks #AikidoSecurity #ReversingLabs #StepSecurity #JavaScript #opensource #Don'tmiss #Hotstuff #Nodejs #worms #News #Wiz

Self-replicating worm hits 180+ npm packages in (largely) automated supply chain attack https://www.helpnetsecurity.com/2025/09/16/self-replicating-worm-hits-180-npm-packages-in-largely-automated-supply-chain-attack/ #supplychainattacks #AikidoSecurity #ReversingLabs #StepSecurity #JavaScript #opensource #Don'tmiss #Hotstuff #Nodejs #worms #News #Wiz

Self-replicating worm hits 180+ npm packages in (largely) automated supply chain attack https://www.helpnetsecurity.com/2025/09/16/self-replicating-worm-hits-180-npm-packages-in-largely-automated-supply-chain-attack/ #supplychainattacks #AikidoSecurity #ReversingLabs #StepSecurity #JavaScript #opensource #Don'tmiss #Hotstuff #Nodejs #worms #News #Wiz

Self-replicating worm hits 180+ npm packages in (largely) automated supply chain attack https://www.helpnetsecurity.com/2025/09/16/self-replicating-worm-hits-180-npm-packages-in-largely-automated-supply-chain-attack/ #supplychainattacks #AikidoSecurity #ReversingLabs #StepSecurity #JavaScript #opensource #Don'tmiss #Hotstuff #Nodejs #worms #News #Wiz

Software packages with more than 2 billion weekly downloads hit in supply-chain attack - Hackers planted malicious code in open source software packa... - https://arstechnica.com/security/2025/09/software-packages-with-more-than-2-billion-weekly-downloads-hit-in-supply-chain-attack/ #supplychainattacks #supplychain #opensource #security #biz⁢ #npm

Palo Alto Networks, Zscaler Among Salesloft Breach Victims https://thecyberexpress.com/salesloft-breach/ #softwaresupplychain #TheCyberExpressNews #Supplychainattacks #TheCyberExpress #FirewallDaily #cybersecurity #cyberattacks #Cyberattack #databreach #Salesforce #CyberNews #Salesloft

Supply-chain attacks are a favourite in the toolbox of cyber warfare. The SolarWinds attack remains in the history books of cybersecurity for the clever use of patching as an attack vector to disrupt C2 infrastructure.

Read how it unfolded in our deep dive article! 👇

https://negativepid.blog/the-solarwinds-supply-chain-attack/

#cyberwarfare #supplychainattacks #patching #cozybear #orion #C2

Supply-chain attacks are a favourite in the toolbox of cyber warfare. The SolarWinds attack remains in the history books of cybersecurity for the clever use of patching as an attack vector to disrupt C2 infrastructure.

Read how it unfolded in our deep dive article! 👇

https://negativepid.blog/the-solarwinds-supply-chain-attack/

#cyberwarfare #supplychainattacks #patching #cozybear #orion #C2

Breaches are up, budgets are too, so why isn’t healthcare safer? https://www.helpnetsecurity.com/2025/08/11/resilience-top-healthcare-cybersecurity-risks/ #supplychaincompromise #supplychainattacks #cyberresilience #cybersecurity #securityROI #healthcare #resilience #cyberrisk #report #News

Breaches are up, budgets are too, so why isn’t healthcare safer? https://www.helpnetsecurity.com/2025/08/11/resilience-top-healthcare-cybersecurity-risks/ #supplychaincompromise #supplychainattacks #cyberresilience #cybersecurity #securityROI #healthcare #resilience #cyberrisk #report #News

Breaches are up, budgets are too, so why isn’t healthcare safer? https://www.helpnetsecurity.com/2025/08/11/resilience-top-healthcare-cybersecurity-risks/ #supplychaincompromise #supplychainattacks #cyberresilience #cybersecurity #securityROI #healthcare #resilience #cyberrisk #report #News

Breaches are up, budgets are too, so why isn’t healthcare safer? https://www.helpnetsecurity.com/2025/08/11/resilience-top-healthcare-cybersecurity-risks/ #supplychaincompromise #supplychainattacks #cyberresilience #cybersecurity #securityROI #healthcare #resilience #cyberrisk #report #News

Supply-chain attacks on open source software are getting out of hand - It has been a busy week for supply-chain attacks targeting o... - https://arstechnica.com/security/2025/07/open-source-repositories-are-seeing-a-rash-of-supply-chain-attacks/ #supplychainattacks #repositories #opensource #security #biz&it

Are Web Components & Cybersecurity A Better Combo?

I'm not trying to dunk on popular #UI #frameworks – I'm sure they're totally fine for #cybersecurity stuff, probably get loads of reviews and #audits.

But from my angle: Web Components are *native* to the #browser. Doesn't that just inherently reduce the risk of **#SupplyChainAttacks** (you know, like a rogue `npm install` on a bad network) for your #AppSecurity?

Or am I overthinking it, and the #framework choice is less important than the #browser, #OS, or #device running it? What are your thoughts, #DevCommunity?

---

Quick context: I've got a #ReactJS #messagingApp (repo here: https://github.com/positive-intentions/chat) and a separate #UIFramework (repo here: https://github.com/positive-intentions/dim) built with #Lit (which uses Web Components). I'm genuinely wondering if there's a compelling #cybersecurity reason to refactor the chat app to use my #WebComponent UI framework. Might be a whole new level of #SecurityByDesign for #FrontEndDev.

FYI, same question's on Reddit here: https://www.reddit.com/r/ExperiencedDevs/comments/1lmk1rg/are_web_components_better_for_cybersecurity/, got some good #insights, but want to make sure nothing's getting overlooked! Let's discuss #InfoSec #WebDev #JavaScript #OpenSource #TechQuestion.

Are Web Components & Cybersecurity A Better Combo?

I'm not trying to dunk on popular #UI #frameworks – I'm sure they're totally fine for #cybersecurity stuff, probably get loads of reviews and #audits.

But from my angle: Web Components are *native* to the #browser. Doesn't that just inherently reduce the risk of **#SupplyChainAttacks** (you know, like a rogue `npm install` on a bad network) for your #AppSecurity?

Or am I overthinking it, and the #framework choice is less important than the #browser, #OS, or #device running it? What are your thoughts, #DevCommunity?

---

Quick context: I've got a #ReactJS #messagingApp (repo here: https://github.com/positive-intentions/chat) and a separate #UIFramework (repo here: https://github.com/positive-intentions/dim) built with #Lit (which uses Web Components). I'm genuinely wondering if there's a compelling #cybersecurity reason to refactor the chat app to use my #WebComponent UI framework. Might be a whole new level of #SecurityByDesign for #FrontEndDev.

FYI, same question's on Reddit here: https://www.reddit.com/r/ExperiencedDevs/comments/1lmk1rg/are_web_components_better_for_cybersecurity/, got some good #insights, but want to make sure nothing's getting overlooked! Let's discuss #InfoSec #WebDev #JavaScript #OpenSource #TechQuestion.

Are Web Components & Cybersecurity A Better Combo?

I'm not trying to dunk on popular #UI #frameworks – I'm sure they're totally fine for #cybersecurity stuff, probably get loads of reviews and #audits.

But from my angle: Web Components are *native* to the #browser. Doesn't that just inherently reduce the risk of **#SupplyChainAttacks** (you know, like a rogue `npm install` on a bad network) for your #AppSecurity?

Or am I overthinking it, and the #framework choice is less important than the #browser, #OS, or #device running it? What are your thoughts, #DevCommunity?

---

Quick context: I've got a #ReactJS #messagingApp (repo here: https://github.com/positive-intentions/chat) and a separate #UIFramework (repo here: https://github.com/positive-intentions/dim) built with #Lit (which uses Web Components). I'm genuinely wondering if there's a compelling #cybersecurity reason to refactor the chat app to use my #WebComponent UI framework. Might be a whole new level of #SecurityByDesign for #FrontEndDev.

FYI, same question's on Reddit here: https://www.reddit.com/r/ExperiencedDevs/comments/1lmk1rg/are_web_components_better_for_cybersecurity/, got some good #insights, but want to make sure nothing's getting overlooked! Let's discuss #InfoSec #WebDev #JavaScript #OpenSource #TechQuestion.

Are Web Components & Cybersecurity A Better Combo?

I'm not trying to dunk on popular #UI #frameworks – I'm sure they're totally fine for #cybersecurity stuff, probably get loads of reviews and #audits.

But from my angle: Web Components are *native* to the #browser. Doesn't that just inherently reduce the risk of **#SupplyChainAttacks** (you know, like a rogue `npm install` on a bad network) for your #AppSecurity?

Or am I overthinking it, and the #framework choice is less important than the #browser, #OS, or #device running it? What are your thoughts, #DevCommunity?

---

Quick context: I've got a #ReactJS #messagingApp (repo here: https://github.com/positive-intentions/chat) and a separate #UIFramework (repo here: https://github.com/positive-intentions/dim) built with #Lit (which uses Web Components). I'm genuinely wondering if there's a compelling #cybersecurity reason to refactor the chat app to use my #WebComponent UI framework. Might be a whole new level of #SecurityByDesign for #FrontEndDev.

FYI, same question's on Reddit here: https://www.reddit.com/r/ExperiencedDevs/comments/1lmk1rg/are_web_components_better_for_cybersecurity/, got some good #insights, but want to make sure nothing's getting overlooked! Let's discuss #InfoSec #WebDev #JavaScript #OpenSource #TechQuestion.

Are Web Components & Cybersecurity A Better Combo?

I'm not trying to dunk on popular #UI #frameworks – I'm sure they're totally fine for #cybersecurity stuff, probably get loads of reviews and #audits.

But from my angle: Web Components are *native* to the #browser. Doesn't that just inherently reduce the risk of **#SupplyChainAttacks** (you know, like a rogue `npm install` on a bad network) for your #AppSecurity?

Or am I overthinking it, and the #framework choice is less important than the #browser, #OS, or #device running it? What are your thoughts, #DevCommunity?

---

Quick context: I've got a #ReactJS #messagingApp (repo here: https://github.com/positive-intentions/chat) and a separate #UIFramework (repo here: https://github.com/positive-intentions/dim) built with #Lit (which uses Web Components). I'm genuinely wondering if there's a compelling #cybersecurity reason to refactor the chat app to use my #WebComponent UI framework. Might be a whole new level of #SecurityByDesign for #FrontEndDev.

FYI, same question's on Reddit here: https://www.reddit.com/r/ExperiencedDevs/comments/1lmk1rg/are_web_components_better_for_cybersecurity/, got some good #insights, but want to make sure nothing's getting overlooked! Let's discuss #InfoSec #WebDev #JavaScript #OpenSource #TechQuestion.