Strapi plugins exploit Redis and PostgreSQL via postinstall scripts, enabling persistent access and data theft.
LiteLLM 1.82.7–1.82.8 supply chain attack exposed 33,185 secrets across 6,943 machines, leaving 3,760 valid credentials ...
Vivo is gearing up to launch its flagship X300 series in India, with the X300 Ultra and X300 FE set to arrive soon. Following their international debut, both devices have been officially confirmed for ...
FEATURE Two supply chain attacks in March infected open source tools with malware and used this access to steal secrets from ...
As organizations disclose breaches tied to TeamPCP's supply chain attacks, ShinyHunters and Lapsus$ are creating a murky ...
An attacker purchased 30+ WordPress plugins on Flippa, planted backdoors that lay dormant for eight months, then activated ...
With almost 175,000 npm projects listing the library as a dependency, the attack had a huge cascade effect and shows how quickly a compromised package can propagate through the ecosystem.
Securing software supply chain without slowing developmentSupply chain attacks exploit the trust relationships between different organisations and target the weakest link in the chain of trust. By ...
LiteLLM, a widely used AI developer tool, was hit by a supply chain attack through a malicious PyPI release. The malware stole credentials, spread across systems, and crashed machines. The incident ...
The 2024 XZ incident illustrates how open-source software (OSS) has become strategic infrastructure in the global economy, ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results