#supplyChainAttack

@it4intserver.bsky.social

11 hours ago

Alert: GlassWorm campaign escalates with 72 malicious Open VSX extensions targeting developers. Stay vigilant and review your extensions. #CyberSecurity #GlassWorm #VSCode #SupplyChainAttack Link: thedailytechfeed.com/glassworm-ma...

1 1 0 0

iT4iNT SERVER

1 day ago

GlassWorm Supply-Chain Attack Abuses 72 Open VSX Extensions to Target Developers Cybersecurity researchers have flagged a new iteration of the GlassWorm campaign that they say represents a "significant escalation" in how it propagates through the Open VSX registry. "Instead of requiring every malicious listing to embed the loader directly, the threat actor is now abusing extensionPack and extensionDependencies to turn initially standalone-looking extensions into transitive

iT4iNT SERVER GlassWorm Supply-Chain Attack Abuses 72 Open VSX Extensions to Target Developers VDS VPS Cloud #Cybersecurity #SupplyChainAttack #GlassWorm #OpenVSX #Malware

0 0 0 0

3 days ago

UNC6426 exploits nx npm supply chain, achieving full AWS admin access in 72 hours. A stark reminder of the need for robust security in software development. #CyberSecurity #SupplyChainAttack #AWS #DevSecOps Link: thedailytechfeed.com/unc6426-expl...

2 0 2 0

Ahmandonk

@ahmandonk.bsky.social

3 days ago

📰 Serangan Supply Chain ‘PhantomRaven’ Sebarkan 88 Paket NPM Berbahaya untuk Mencuri Data Developer

👉 Baca artikel lengkap di sini: ahmandonk.com/2026/03/12/serangan-phan...

#cyberSecurity #hacking #keamananSiber #malware #npm #supplyChainAttack

0 0 0 0

A GitHub Issue Title Compromised 4,000 Developer Machines A prompt injection in a GitHub issue triggered a chain reaction that ended with 4,000 developers getting OpenClaw installed without consent. The attack composes well-understood vulnerabilities into something new: one AI tool bootstrapping another.

6 days ago

GitHub Malware Campaign Spreads BoryptGrab
Read More: buff.ly/H9DFqqP

#BoryptGrab #GitHubMalware #InfoStealer #ReverseSSH #SupplyChainAttack #CredentialTheft #ThreatResearch #Infosec

0 0 0 0

Istvan Hok

@ihoka.bsky.social

1 week ago

If you're running AI agents in CI/CD with access to secrets and untrusted input (issues, PRs, comments), you have this exposure right now.

Full writeup: grith.ai/blog/clinej...

#SupplyChainAttack #PromptInjection #AIAgents #DevSecOps

2 0 1 0

1 week ago

Fake Laravel Packages Spread RAT Malware
Read More: buff.ly/gOmOIpX

#LaravelSecurity #Packagist #SupplyChainAttack #RATmalware #PHPsecurity #OpenSourceRisk #DeveloperSecurity #InfosecAlert

0 0 0 0

1 week ago

Alert: Malicious Laravel packages on Packagist deploy PHP RATs, granting attackers remote access. Developers, audit your dependencies now! #CyberSecurity #Laravel #SupplyChainAttack Link: thedailytechfeed.com/malicious-la...

0 0 0 0

roxsross

@roxsross.bsky.social

1 week ago

🕵️ Hackers norcoreanos 'Famous Chollima' usan paquetes npm maliciosos para robar datos

Paquetes npm infectados roban credenciales de desarrolladores. F

devops.com/n-korean-famous-chollima...

#npm #SupplyChainAttack #Cybersecurity #RoxsRoss

0 0 0 0

1 week ago

North Korean hackers infiltrate npm with 26 malicious packages, deploying cross-platform RATs via Pastebin C2. Developers, stay vigilant! #CyberSecurity #npm #SupplyChainAttack #Malware Link: thedailytechfeed.com/north-korean...

0 0 0 0

1 week ago

North Korean Hackers Hide RAT In npm
Read More: buff.ly/hueDNJ7

#StegaBin #npmSecurity #SupplyChainAttack #FamousChollima #Steganography #RemoteAccessTrojan #DeveloperSecurity #InfosecAlert

0 0 0 0

roxsross

@roxsross.bsky.social

1 week ago

🔓 Tras el caso XZ Utils: La misión para prevenir la próxima puerta trasera global

Tras el hallazgo de una puerta trasera en XZ Utils, la comunidad se moviliza.

thenewstack.io/commonhaus-open-source-g...

#LinuxSecurity #SupplyChainAttack #OpenSource #RoxsRoss

2 0 0 0

Cyber FM

@cyberfm.bsky.social

2 weeks ago

SATURDAY | 28 FEB 2026 | Cybersecurity Report

#CyberFM #AriasThomas #CyberSecurity #DataBreach #TechNews2026 #InfoSec #Odido #CiscoZeroDay #SupplyChainAttack #RSSH #DigitalUnderworld #PrivacyIsPower

0 0 0 0

2 weeks ago

Alert: Malicious Go module mimics trusted library to steal credentials and deploy Rekoobe backdoor. Developers, audit your dependencies now! #CyberSecurity #GoLang #SupplyChainAttack Link: thedailytechfeed.com/malicious-go...

0 0 0 0

2 weeks ago

Alert: Malicious Go module 'github[.]com/xinfeisoft/crypto' steals passwords and deploys Rekoobe backdoor. Developers, verify your dependencies! #CyberSecurity #GoLang #SupplyChainAttack Link: thedailytechfeed.com/malicious-go...

0 0 0 0

Simon Zerafa (Status: :no_AI_logo: :catthink: 😊)

2 weeks ago

Fake Next.js Job Repos Spread Malware AI
Read More: buff.ly/tGWKeKt

#NextJS #MaliciousRepo #DeveloperSecurity #SupplyChainAttack #GitHubAbuse #AIenabledThreats #Infostealer #ThreatIntel

1 0 0 0

@simonzerafa.infosec.exchange.ap.brid.gy

2 weeks ago

The XZ supply chain attack episode from @veritasium

This episode discusses the history, sequence of events and an explanation of the attack along with some speculation as to the threat actor involved.

https://youtu.be/aoag03mSuXQ [52' 59"]

#XZ #SupplyChainAttack #InfoSec #APT

0 1 0 0

Ahmandonk

@ahmandonk.bsky.social

2 weeks ago

📰 Waspada! Tes Wawancara Kerja Next.js Palsu Sisipkan Backdoor di Perangkat Developer

👉 Baca artikel lengkap di sini: ahmandonk.com/2026/02/26/backdoor-next...

#backdoor #cyberSecurity #developer #hacking #javascript #malware #microsoft #node.js #supplyChainAttack

1 0 0 0

Awesome Agents

@awesomeagents.bsky.social

2 weeks ago

RoguePilot - How a Hidden Comment in a GitHub Issue Could Steal Your Entire Repository Orca Security reveals RoguePilot, a supply chain attack that weaponizes GitHub Issues to hijack Copilot in Codespaces and exfiltrate repository tokens.

RoguePilot - How a Hidden Comment in a GitHub Issue Could Steal Your Entire Repository

awesomeagents.ai/news/roguepilot-github-c...

#GithubCopilot #SupplyChainAttack #PromptInjection

1 0 0 0

2 weeks ago

Alert: Malicious npm packages are targeting developers, exploiting AI tools to steal crypto keys and credentials. Stay vigilant and secure your environments. #CyberSecurity #SupplyChainAttack #AI Link: thedailytechfeed.com/malicious-np...

0 0 0 0

2 weeks ago

Malicious Npm Packages Steal Secrets
Read More: buff.ly/ZvuFHlP

#SANDWORMMODE #npmSecurity #SupplyChainAttack #PromptInjection #GitHubAbuse #CredentialTheft #AIcodingRisk #ThreatIntel

0 0 0 0

Hackers Hide Pulsar RAT Inside PNG Images in New NPM Supply Chain Attack Cybersecurity researchers at Veracode reveal a typosquatting attack that disguises Pulsar RAT as images to bypass Windows security and antivirus programs.

3 weeks ago

Alert: 'SANDWORMMODE' worm targets npm ecosystem, stealing developer & CI/CD secrets via malicious packages. Ensure your projects are secure. #CyberSecurity #npm #SupplyChainAttack Link: thedailytechfeed.com/npm-worm-san...

0 0 0 0

Hackread.com

@hackread.bsky.social

3 weeks ago

📢⚠️ Hackers hid a #PulsarRAT inside a PNG image and slipped it into NPM using a typosquatted package. The malware uses steganography, process hollowing, and AV evasion to gain full system control.

hackread.com/hackers-puls...

#CyberSecurity #Malware #SupplyChainAttack #NPM

2 1 0 0

3 weeks ago

Unauthorized update to Cline CLI 2.3.0 installs OpenClaw on developer systems. Users should update immediately and check for unintended installations. #SupplyChainAttack #CyberSecurity #OpenClaw Link: thedailytechfeed.com/cline-cli-co...

0 0 0 0

TechNadu

@technadu.com

3 weeks ago

Supply chain alert:
Cline CLI v2.3.0 was published with a compromised npm token.
It auto-installed OpenClaw via a hidden postinstall script.
~4,000 downloads in 8 hours.
No malware - but unauthorized execution in dev environments.

#CyberSecurity #SupplyChainAttack #AIsecurity #OpenSource #DevSecOps

1 0 0 0

@it4intserver.bsky.social

3 weeks ago

Alert: Cline AI Dev Tool's npm package was compromised for 8 hours due to a stolen publish token. Developers, update to the latest version and audit your tools. #CyberSecurity #SupplyChainAttack #DevTools Link: thedailytechfeed.com/cline-ai-dev...

1 0 0 0

iT4iNT SERVER

3 weeks ago

Cline CLI 2.3.0 Supply Chain Attack Installed OpenClaw on Developer Systems In yet another software supply chain attack, the open-source, artificial intelligence (AI)-powered coding assistant Cline CLI was updated to stealthily install OpenClaw, a self-hosted autonomous AI agent that has become exceedingly popular in the past few months. "On February 17, 2026, at 3:26 AM PT, an unauthorized party used a compromised npm publish token to publish an update to Cline CLI

iT4iNT SERVER Cline CLI 2.3.0 Supply Chain Attack Installed OpenClaw on Developer Systems VDS VPS Cloud #SupplyChainAttack #OpenClaw #ClineCLI #CyberSecurity #AI

0 0 0 0

TechNadu

@technadu.com

1 month ago

Developers are being targeted through fake crypto job interviews.

ReversingLabs found 192 malicious npm/PyPI packages delivering a RAT - attributed to Lazarus Group.
Clean GitHub repo.
Poisoned dependency.
Crypto wallet targeting.

#CyberSecurity #SupplyChainAttack #DevSecurity #Lazarus #Malware

1 0 0 0