supply-chain

NPM v12 to block supply-chain attacks with new security measures

• supply-chain

NPM v12 to block supply-chain attacks with new security measures

SC Staff June 10, 2026

The upcoming npm v12 will introduce stricter security protocols for the "npm install" command, a critical step...

Read More Read more about NPM v12 to block supply-chain attacks with new security measures

Mini Shai-Hulud ‘Hades’ variant affects 23 PyPI package versions

• supply-chain

Mini Shai-Hulud ‘Hades’ variant affects 23 PyPI package versions

Laura French June 10, 2026

The JavaScript stealer payload includes an anti-analysis LLM prompt injection.

Read More Read more about Mini Shai-Hulud ‘Hades’ variant affects 23 PyPI package versions

Microsoft investigates breach of open-source projects after malware injection

• supply-chain

Microsoft investigates breach of open-source projects after malware injection

SC Staff June 9, 2026

The compromised projects, many of which are related to Microsoft's Azure cloud service and AI development tools,...

Read More Read more about Microsoft investigates breach of open-source projects after malware injection

VS Code adds 2-hour delay for extension updates to combat supply chain threats

• supply-chain

VS Code adds 2-hour delay for extension updates to combat supply chain threats

SC Staff June 8, 2026

Starting with VS Code version 1.123, extensions will undergo a two-hour waiting period after publication before being...

Read More Read more about VS Code adds 2-hour delay for extension updates to combat supply chain threats

IronWorm malware, similar to Shai-Hulud, hits 57 projects across 9 organizations

• supply-chain

IronWorm malware, similar to Shai-Hulud, hits 57 projects across 9 organizations

Laura French June 5, 2026

The malware targets developer credentials and cryptocurrency and self-propagates on npm.

Read More Read more about IronWorm malware, similar to Shai-Hulud, hits 57 projects across 9 organizations

Hola browser supply chain attack delivers cryptocurrency miner

• supply-chain

Hola browser supply chain attack delivers cryptocurrency miner

SC Staff June 5, 2026

Cybersecurity researchers at Sophos and other companies discovered an undeclared executable, identified as a Monero cryptocurrency miner,...

Read More Read more about Hola browser supply chain attack delivers cryptocurrency miner

Why supply chain attacks work and what detection can actually do about it

• supply-chain

Why supply chain attacks work and what detection can actually do about it

Aaron Beardslee June 2, 2026

Here’s what to do in a world where credential theft has been automated and turned into a...

Read More Read more about Why supply chain attacks work and what detection can actually do about it

BadHost, Dead CTFs, Exploding NPMs, and the Verizon DBIR – ASW #385

• ai-benefitsrisks
• application-security
• supply-chain

BadHost, Dead CTFs, Exploding NPMs, and the Verizon DBIR – ASW #385

Mike Shema June 2, 2026

Read More Read more about BadHost, Dead CTFs, Exploding NPMs, and the Verizon DBIR – ASW #385

CISA adds Daemon Tools, TanStack, and Nx Console compromised versions to KEV catalog

• supply-chain

CISA adds Daemon Tools, TanStack, and Nx Console compromised versions to KEV catalog

SC Staff May 29, 2026

The vulnerabilities include compromised versions of Daemon Tools Lite (CVE-2026-8398), TanStack npm packages (CVE-2026-45321), and the Nx...

Read More Read more about CISA adds Daemon Tools, TanStack, and Nx Console compromised versions to KEV catalog

FCC, Github, MiniShai-hulud, Stated of Supply Chain, Itron, CRA, NIS2, and more!! – PSW #927

• supply-chain

FCC, Github, MiniShai-hulud, Stated of Supply Chain, Itron, CRA, NIS2, and more!! – PSW #927

David Johnson May 21, 2026

Read More Read more about FCC, Github, MiniShai-hulud, Stated of Supply Chain, Itron, CRA, NIS2, and more!! – PSW #927