The supply chain attack method leverages commonly-used dependency managers and private or non-existent dependencies to install malicious code and backdoors in internal applications. Read More
CISA says that SolarWinds hack possibly affected federal, state, and local government agencies and critical infrastructure entities dealing with gas, electricity, and manufacturing. Read More
It took two months for the public to learn of the Blackbaud ransomware supply chain attack, and has led to data breaches in more than a hundred universities and nonprofit organizations. Read More
Magecart cybercrime group appears to have broaden their supply chain attacks to target more sites by going after third-party advertising vendors that works with media or entertainment websites. Read More
Vulnerable IT service providers are becoming entry points for supply chain attacks as seen in the recent attack on Wipro. The attack follows closely after Wipro CEO declares "security cannot be a show stopper for business priorities". Read More
A massive supply chain attack had distributed malware to tens of thousands of ASUS computers worldwide through legitimate ASUS software updates. It appears as if the attackers had inside information about ASUS servers and systems. Read More