A massive supply chain attack had distributed malware to tens of thousands of ASUS computers worldwide through legitimate ASUS software updates. It appears as if the attackers had inside information about ASUS servers and systems.
The SITA incident is a very significant supply chain attack, with a number of major airlines reporting that their frequent flyer programs were compromised as a result of the breach.
It took two months for the public to learn of the Blackbaud ransomware supply chain attack, and has led to data breaches in more than a hundred universities and nonprofit organizations.
In what is described as the first known supply chain attack caused by another supply chain attack, the recent breach of 3CX was caused by an employee downloading a compromised piece of trading software.
Codecov supply chain attack remained undetected for months and likely affected Google, IBM, HP, and others. Hackers stole user data from the company’s continuous integration environment.
Over 2.6 million people may have been affected by a massive supply chain attack leveraging over 35 compromised Chrome extensions to take over Facebook Ad accounts.
Attackers exfiltrated sensitive data from thousands of websites, desktop, and mobile applications in a supply chain attack leveraging typo-squatting in popular NPM packages.
Magecart cybercrime group appears to have broaden their supply chain attacks to target more sites by going after third-party advertising vendors that works with media or entertainment websites.
A supply chain attack on a business partner will cost semiconductor giant Applied Materials $250 million in the coming quarter due to disruption of upcoming shipments. Ransomware attack on MKS Instruments is suspected to be the cause.
PHP open-source team averted a potential supply chain attack after hackers compromised their self-managed Git server and inserted malicious code in PHP’s “under development” version.