supply-chain-attack

Blog All categories All authors All tags
Preview image for a blog post

Malicious npm Package Unmasked: "@openclaw-ai/openclawai" Deploys RAT, Targets macOS Credentials in Supply Chain Attack

Malicious npm package "@openclaw-ai/openclawai" masquerades as OpenClaw installer, deploying a RAT to steal macOS credentials.
Preview image for a blog post

Cybersecurity Review: npm Malware Supply Chain Attacks & Cisco SD-WAN 0-Day Exploits Unveiled

Critical review of self-spreading npm malware, Cisco SD-WAN 0-day exploitation, synthetic fraud, and securing agentic AI.
Preview image for a blog post

RoguePilot: Unmasking the GitHub Codespaces & Copilot GITHUB_TOKEN Leak

Deep dive into RoguePilot, a critical flaw in GitHub Codespaces allowing Copilot to leak GITHUB_TOKENs via malicious AI instructions.
Preview image for a blog post

Shai-Hulud's Shadow: A Deep Dive into the npm Supply Chain Worm Targeting AI Developers

Analysis of the Shai-Hulud-like supply chain worm exploiting npm packages to compromise AI development environments.
Preview image for a blog post

SANDWORM_MODE Unleashed: Malicious npm Packages Steal Crypto Keys, CI Secrets, and API Tokens in a Shai-Hulud-like Supply Chain Attack

Active npm supply chain worm, SANDWORM_MODE, harvests crypto keys, CI secrets, and API tokens, demanding urgent developer vigilance.
Preview image for a blog post

Beyond the Qi2: Unpacking the Cybersecurity Implications of Your $20 Car Charger Upgrade

Deep dive into Qi2 car charger's cybersecurity risks, supply chain vulnerabilities, and OSINT for hardware forensics.
Preview image for a blog post

Notepad++ Supply Chain Attack: Unpacking State-Sponsored Tactics & Patch Tuesday's Forecast

Analyzing the sophisticated Notepad++ supply chain attack, the utility of global threat intelligence, and the critical forecast for upcoming Patch Tuesday vulnerabilities.
Preview image for a blog post

eScan Antivirus Update Infrastructure Breached: Multi-Stage Malware Delivered via Supply Chain Attack

eScan's update servers compromised, delivering multi-stage malware to enterprise and consumer systems via a sophisticated supply chain attack.
Preview image for a blog post

Moltbot: A Cybersecurity Catastrophe in the Making - 5 Critical Red Flags for Researchers

Unpack Moltbot's security flaws: opaque architecture, excessive permissions, data exfiltration, supply chain risks, and AI vulnerabilities.
Preview image for a blog post

Moltbot AI's Malicious Impersonator: VS Code Extension Drops Stealthy Malware

New VS Code extension, 'ClawdBot Agent - AI Coding Assistant,' is a sophisticated malware dropper, posing a severe threat to developers.