Security News

Lottie Player supply chain compromise: Sites, apps showing crypto scam pop-ups
2024-10-31 12:35

A supply chain compromise involving Lottie Player, a widely used web component for playing site and app animations, has made popular decentralized finance apps show pop-ups urging users to connect...

LottieFiles supply chain attack exposes users to malicious crypto wallet drainer
2024-10-31 11:55

A scary few Halloween hours for team behind hugely popular web plugin LottieFiles is overcoming something of a Halloween fright after battling to regain control of a compromised developer account...

LottieFiles hacked in supply chain attack to steal users’ crypto
2024-10-31 09:02

The popular LottieFiles Lotti-Player project was compromised in a supply chain attack to inject a crypto drainer into websites that steals visitors' cryptocurrency. [...]

LottieFiles hit in npm supply chain attack targeting users' crypto
2024-10-31 09:02

LottieFiles announced that specific versions of its npm package carry malicious code that prompts users to connect their cryptocurrency wallets so they can be emptied. [...]

Supply Chain Attacks Can Exploit Entry Points in Python, npm, and Open-Source Ecosystems
2024-10-14 11:08

Cybersecurity researchers have found that entry points could be abused across multiple programming ecosystems like PyPI, npm, Ruby Gems, NuGet, Dart Pub, and Rust Crates to stage software supply...

Israel’s Pager Attacks and Supply Chain Vulnerabilities
2024-09-24 11:05

Israel’s brazen attacks on Hezbollah last week, in which hundreds of pagers and two-way radios exploded and killed at least 37 people, graphically illustrated a threat that cybersecurity experts...

Australian Police conducted supply chain attack on criminal collaborationware
2024-09-18 02:32

Sting led to cuffing of alleged operator behind Ghost – an app for drug trafficking, money laundering, and violence-as-a-service Australia's Federal Police (AFP) yesterday arrested and charged a...

Revival Hijack supply-chain attack threatens 22,000 PyPI packages
2024-09-04 13:43

Threat actors are utilizing an attack called "Revival Hijack," where they register new PyPi projects using the names of previously deleted packages to conduct supply chain attacks. [...]

Researchers Identify Over 20 Supply Chain Vulnerabilities in MLOps Platforms
2024-08-26 10:31

Cybersecurity researchers are warning about the security risks in the machine learning (ML) software supply chain following the discovery of more than 20 vulnerabilities that could be exploited to...

Supply Chain Security Policy
2024-08-18 16:00

With the increasing reliance on complex and global supply chains, more companies are exposed to a wide range of risks, including theft, counterfeiting, cyberattacks, natural disasters, geopolitical conflicts, and regulatory changes. This customizable policy, written by Franklin Okeke for TechRepublic Premium, outlines the necessary measures and standards that will enhance the resilience of a supply chain.