Polyfill.io Supply Chain Attack: 384,773 hosts still embedding a polyfill JS script linking to the malicious domain

Cybersecurity company Censys has identified over 380,000 hosts that are still referencing the malicious polyfill.io domain.

Censys reported that over 380,000 internet-exposed hosts are still referencing the malicious polyfill.io domain.

The polyfill.io domain was suspended last week following multiple reports …

Malware-laced JAVS Viewer deploys RustDoor implant in supply chain attack

Malicious actors compromised the JAVS Viewer installer to deliver the RustDoor malware in a supply chain attack.

Rapid7 researchers warned that threat actors added a backdoor to the installer for the Justice AV Solutions JAVS Viewer software.

The attackers were …

A supply chain attack on crypto hardware wallet Ledger led to the theft of $600K

A supply chain attack against Crypto hardware wallet maker Ledger resulted in the theft of $600,000 in virtual assets.

Threat actors pushed a malicious version of the “@ledgerhq/connect-kit” npm module developed by crypto hardware wallet maker Ledger, leading to the …

North Korea-linked APT Lazarus is using a MagicLine4NX zero-day flaw in supply chain attack

UK and South Korea agencies warn that North Korea-linked APT Lazarus is using a MagicLine4NX zero-day flaw in supply-chain attack

The National Cyber Security Centre (NCSC) and Korea’s National Intelligence Service (NIS) released a joint warning that the North Korea-linked …

North Korea-linked APT Diamond Sleet supply chain attack relies on CyberLink software

North Korea-linked APT group Diamond Sleet is distributing a trojanized version of the CyberLink software in a supply chain attack.

Microsoft Threat Intelligence researchers uncovered a supply chain attack carried out by North Korea-linked APT Diamond Sleet (ZINC) involving a …

Ukrainian hackers are behind the Free Download Manager supply chain attack

The recently discovered Free Download Manager (FDM) supply chain attack, which distributed Linux malware, started back in 2020.

The maintainers of Free Download Manager (FDM) confirmed that the recently discovered supply chain attack dates back to 2020.

Recently, researchers from …

Free Download Manager backdoored to serve Linux malware for more than 3 years

Researchers discovered a free download manager site that has been compromised to serve Linux malware to users for more than three years.

Researchers from Kaspersky discovered a free download manager site that has been compromised to serve Linux malware. While …

Malicious packages in the NPM designed for highly-targeted attacks

Researchers discovered a new set of malicious packages on the npm package manager that can exfiltrate sensitive developer data.

On July 31, 2023, Phylum researchers observed the publication of ten different “test” packages on the npm package manager that were …

Malicious packages in the NPM designed for highly-targeted attacks

Researchers discovered a new set of malicious packages on the npm package manager that can exfiltrate sensitive developer data.

On July 31, 2023, Phylum researchers observed the publication of ten different “test” packages on the npm package manager that were …

Experts warn of OSS supply chain attacks against the banking sector

Checkmark researchers have uncovered the first known targeted OSS supply chain attacks against the banking sector.

In the first half of 2023, Checkmarx researchers detected multiple open-source software supply chain attacks aimed at the banking sector. These attacks targeted specific …

文 » A