A massive supply chain attack dubbed Megalodon has infected over 5,500 GitHub repositories with credential-stealing malware, creating backdoors and automated workflows.
The supply chain attack on third-party library Axios has forced OpenAI to revoke its code-signing certificate and require users to update their macOS certificates.
Hackers injected malicious code into nearly a dozen 20 NPM packages with billions of weekly downloads in a software supply chain attack after phishing a maintainer’s account.
A compromise of the popular GitHub Actions tool turned into a massive supply chain attack, at this point thought to be responsible for the follow-on exposure of over 23,000 GitHub repositories.
Over 2.6 million people may have been affected by a massive supply chain attack leveraging over 35 compromised Chrome extensions to take over Facebook Ad accounts.
Luxury goods retailer Neiman Marcus Group confirms a data breach linked to the Snowflake hack allowing hackers to access the personal information of over 64,000 people.
In what is described as the first known supply chain attack caused by another supply chain attack, the recent breach of 3CX was caused by an employee downloading a compromised piece of trading software.
A very commonly used VoIP telephony system has been compromised via trojans snuck in through an open source component, and the supply chain attack puts over half a million global businesses at risk.
A supply chain attack on a business partner will cost semiconductor giant Applied Materials $250 million in the coming quarter due to disruption of upcoming shipments. Ransomware attack on MKS Instruments is suspected to be the cause.
Attackers exfiltrated sensitive data from thousands of websites, desktop, and mobile applications in a supply chain attack leveraging typo-squatting in popular NPM packages.








