supply chain attack Archives

Mercor’s 4TB Data Heist: When a Poisoned AI Library Exposed OpenAI and Meta’s Training Pipeline

Deepak Gupta | June 8, 2026 | AI Security, Cybersecurity, Data breach, Machine Identity, SBN News, supply chain attack

A poisoned LiteLLM package led to 4TB stolen from Mercor, the AI training startup serving Meta, OpenAI, and Anthropic. Class action lawsuits filed ...

Deepak Gupta's notebook

DAEMON Tools Trojanized in Supply-Chain Attack to Deploy Backdoor

Evan Rowe | May 6, 2026 | Cyber threats and incidents, DAEMON Tools, supply chain attack

What happened Kaspersky researchers have identified a supply-chain attack that trojanized installers for DAEMON Tools, a Windows virtual drive utility, delivering a backdoor to thousands of systems across more than 100 countries ...

CISO Whisperer

Backdoored PyTorch Lightning Package Drops Credential Stealer

Evan Rowe | May 5, 2026 | Cyber threats and incidents, PyTorch Lightning, supply chain attack

What happened A malicious version of the PyTorch Lightning deep learning framework was published to PyPI on April 30, 2026, containing a hidden execution chain that silently downloads and executes a credential-stealing ...

CISO Whisperer

Attackers Weaponize SAP npm Packages to Steal GitHub, Cloud, and AI Coding Tool Secrets

Evan Rowe | May 5, 2026 | Cyber threats and incidents, SAP npm, supply chain attack

What happened A supply chain attack targeting the SAP developer ecosystem has poisoned four official SAP npm packages with a credential-stealing worm called Mini Shai-Hulud. The affected packages are mbt version 1.2.48, ...

CISO Whisperer

Microsoft Windows malware software supply chain

Bitwarden CLI Compromise Linked to Ongoing Checkmarx Supply Chain Campaign

Jeffrey Burt | April 23, 2026 | AI, Bitwarden, Checkmarx, CI/CD Security, GitHub, JFrog Security, MCP, npm repository, OX Security, Shai-Hulud, Socket, StepSecurity, supply chain attack, TeamPCP, Trivy

A compromise of the popular Bitwarden password manager is linked to the ongoing Checkmarx supply chain campaign, with bad actor injecting malicious code in a version of its CLI. However, while there ...

Security Boulevard

AI Infrastructure LiteLLM Supply Chain Poisoning Alert

NSFOCUS | March 26, 2026 | AI Risk, AI Security, Blog, Emergency Response, LiteLLM, llm security, supply chain attack, TeamPCP

Overview Recently, NSFOCUS Technology CERT detected that the GitHub community disclosed that there was a credential stealing program in the new version of LiteLLM. Analysis confirmed that it had suffered supply chain ...

NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks.

Salesloft Drift Breach Rolls Up Cloudflare, Palo Alto, Zscaler and Others

Jeffrey Burt | September 3, 2025 | CloudFlare, Palo Alto Networks, supply chain attack, Third Party APIs

Cloudflare, Palo Alto Networks, and Zscaler are the latest among hundreds of victims of an expanding data-stealing attack by the UNC6395 threat group that is exploiting compromised OAuth tokens associated with Salesloft's ...

Security Boulevard

Why Supply Chain Attacks Are The Biggest Threat To Businesses?

Puja Saikia | March 5, 2025 | cyber attacks, cyber attck, Cyber Security, supply chain attack, VAPT

In 2024, approximately 183,000 customers worldwide were affected by supply chain attacks. In terms of frequency, the software supply chain experienced one attack every 48 hours. Surprisingly, India is among the most ...

kratikalsite

Backdoor in RFID Cards for Offices, Hotels Can Lead to Instant Cloning

Jeffrey Burt | August 21, 2024 | Backdoor Exploit, contactless card fraud, RFID cards, supply chain attack

A backdoor found in millions of Chinese-made RFID cards that are used by hotels and other businesses around the world can let bad actors instantly clone the cards to gain unauthorized access ...

Security Boulevard

The U.S. Bans Kaspersky Antivirus, WordPress Plugin Supply Chain Attacks

In episode 336 of the Shared Security Podcast, we discuss the Biden administration’s recent ban on Kaspersky antivirus software in the U.S. due to security concerns linked to its Russian origins. We ...

Shared Security Podcast

supply chain attack

Mercor’s 4TB Data Heist: When a Poisoned AI Library Exposed OpenAI and Meta’s Training Pipeline

DAEMON Tools Trojanized in Supply-Chain Attack to Deploy Backdoor

Backdoored PyTorch Lightning Package Drops Credential Stealer

Attackers Weaponize SAP npm Packages to Steal GitHub, Cloud, and AI Coding Tool Secrets

Bitwarden CLI Compromise Linked to Ongoing Checkmarx Supply Chain Campaign

AI Infrastructure LiteLLM Supply Chain Poisoning Alert

Salesloft Drift Breach Rolls Up Cloudflare, Palo Alto, Zscaler and Others

Why Supply Chain Attacks Are The Biggest Threat To Businesses?

Backdoor in RFID Cards for Offices, Hotels Can Lead to Instant Cloning

The U.S. Bans Kaspersky Antivirus, WordPress Plugin Supply Chain Attacks

Senator Sanders Wants to Own AI Companies — and Hand America’s Adversaries the Keys

NIST’s Nine: The PQC Signature Race Moves to Round Three

The Quantum Arms Race: Why Washington Just Wrote a $2 Billion Check to Nine Companies

Beyond Moore’s Law: The Hyper-Acceleration of Autonomous AI Cyber Capabilities

The Exception Economy: When Security Teams Stop Protecting and Start Negotiating

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

C2A Security’s EVSec Risk Management and Automation Platform Gains Traction in Automotive Industry as Companies Seek to Efficiently Meet Regulatory Requirements

Zama Raises $73M in Series A Lead by Multicoin Capital and Protocol Labs to Commercialize Fully Homomorphic Encryption

RSM US Deploys Stellar Cyber Open XDR Platform to Secure Clients

ThreatHunter.ai Halts Hundreds of Attacks in the past 48 hours: Combating Ransomware and Nation-State Cyber Threats Head-On