Attackers exfiltrated sensitive data from thousands of websites, desktop, and mobile applications in a supply chain attack leveraging typo-squatting in popular NPM packages.
Hackers timed a supply chain attack to hit when IT workers were off duty. An attack on MSPs making use of Kaseya products is thought to have compromised at least 200 of that company's clients.
Rapid7 says that the Codecov supply chain attack exposed source code repositories for internal tools used for the Managed Detection and Response (MDR) service,and a subset of its customers’ data.
Codecov supply chain attack remained undetected for months and likely affected Google, IBM, HP, and others. Hackers stole user data from the company’s continuous integration environment.
PHP open-source team averted a potential supply chain attack after hackers compromised their self-managed Git server and inserted malicious code in PHP’s “under development” version.
Cybersecurity professionals were left in the dark as the SolarWinds attack unfolded. Looking at how this could have been prevented, three distinct vulnerabilities stand out.
The SITA incident is a very significant supply chain attack, with a number of major airlines reporting that their frequent flyer programs were compromised as a result of the breach.
The supply chain attack method leverages commonly-used dependency managers and private or non-existent dependencies to install malicious code and backdoors in internal applications.
CISA says that SolarWinds hack possibly affected federal, state, and local government agencies and critical infrastructure entities dealing with gas, electricity, and manufacturing.
It took two months for the public to learn of the Blackbaud ransomware supply chain attack, and has led to data breaches in more than a hundred universities and nonprofit organizations.