supply chain

The Clop ransomware group weaponized CVE-2025-61882 and CVE-2025-61884 to breach nearly 100 organizations including Allianz UK, GlobalLogic, Envoy Air, Harvard, and Washington Post, with ransom demands reaching $50 million.

CVE-2025-11953 in React Native CLI's Metro Development Server is being exploited in the wild to deploy Rust-based malware on developer systems, with attacks observed since December 2025.

Noma Labs discovered a critical flaw in Docker's Ask Gordon AI assistant allowing attackers to hijack AI reasoning through malicious image metadata, leading to remote code execution or data exfiltration.

Lotus Blossom APT compromised Notepad++'s hosting provider to intercept update traffic and deliver the Chrysalis backdoor to targeted government and financial organizations over a six-month period.

Over 400 malicious OpenClaw AI agent skills on ClawHub deploy Atomic Stealer via ClickFix-style social engineering. The hightower6eu account alone published 314 malicious skills targeting crypto and developer credentials.

Comprehensive guide to integrating security throughout the software development lifecycle, covering AI code assistant risks, supply chain security, SBOM requirements, and modern SAST/DAST tooling.

A comprehensive guide to managing cybersecurity risks from vendors, suppliers, and service providers, covering assessment frameworks, continuous monitoring, regulatory requirements, and incident response for third-party breaches.

A practical guide to securing your software supply chain, covering SBOM generation, SLSA provenance, dependency management, CI/CD pipeline hardening, and regulatory requirements including the EU Cyber Resilience Act.

Two VS Code extensions masquerading as AI coding assistants—ChatMoss and ChatGPT中文版—exfiltrated source code, API keys, and proprietary algorithms from 1.5 million developers to servers in China.

Attackers compromised an eScan regional update server on January 20, 2026, distributing signed malicious updates that deployed a multi-stage backdoor. IOCs and detection guidance included.

A malicious VS Code extension posing as an AI coding assistant deploys ConnectWise ScreenConnect for persistent remote access using quadruple impersonation tactics and Rust-based backup delivery.

Attackers breached an eScan regional update server and distributed signed malicious updates with backdoor capabilities during a two-hour window on January 20.

In March 2024, a Microsoft engineer accidentally discovered a backdoor in xz Utils that had been planted by an attacker who spent nearly three years building trust in the open-source community. The near-miss could have compromised millions of Linux servers.

Packages 'spellcheckerpy' and 'spellcheckpy' downloaded over 1,000 times use multi-layer encryption and fileless execution to deliver cryptocurrency-stealing RAT. Same threat actor linked to November 2025 campaign.

Crypto hardware wallet maker Ledger disclosed that customer names, addresses, and order data were exposed after hackers breached e-commerce partner Global-e. No wallet keys or recovery phrases were compromised.

A BlackSuit ransomware attack on CDK Global, the dominant dealer management system provider, shut down operations at 15,000 auto dealerships for nearly two weeks in June 2024, causing over $1 billion in losses and exposing critical supply chain risks.

The Cl0p ransomware group exploited a zero-day vulnerability in Progress Software's MOVEit Transfer, compromising over 2,700 organizations and exposing data of 95+ million individuals in one of the largest mass exploitation events ever.