In what is described as the first known supply chain attack caused by another supply chain attack, the recent breach of 3CX was caused by an employee downloading a compromised piece of trading software.
A very commonly used VoIP telephony system has been compromised via trojans snuck in through an open source component, and the supply chain attack puts over half a million global businesses at risk.
A supply chain attack on a business partner will cost semiconductor giant Applied Materials $250 million in the coming quarter due to disruption of upcoming shipments. Ransomware attack on MKS Instruments is suspected to be the cause.
Attackers exfiltrated sensitive data from thousands of websites, desktop, and mobile applications in a supply chain attack leveraging typo-squatting in popular NPM packages.
Hackers timed a supply chain attack to hit when IT workers were off duty. An attack on MSPs making use of Kaseya products is thought to have compromised at least 200 of that company's clients.
Rapid7 says that the Codecov supply chain attack exposed source code repositories for internal tools used for the Managed Detection and Response (MDR) service,and a subset of its customers’ data.
Codecov supply chain attack remained undetected for months and likely affected Google, IBM, HP, and others. Hackers stole user data from the company’s continuous integration environment.
PHP open-source team averted a potential supply chain attack after hackers compromised their self-managed Git server and inserted malicious code in PHP’s “under development” version.
Cybersecurity professionals were left in the dark as the SolarWinds attack unfolded. Looking at how this could have been prevented, three distinct vulnerabilities stand out.
The SITA incident is a very significant supply chain attack, with a number of major airlines reporting that their frequent flyer programs were compromised as a result of the breach.