supply-chain

Supply chain attack against SAP npm packages facilitates credential theft

• data-security
• identity
• supply-chain

Supply chain attack against SAP npm packages facilitates credential theft

SC Staff May 1, 2026

Threat actors have compromised four SAP npm packages with credential-stealing malware as part of the new mini...

Read More Read more about Supply chain attack against SAP npm packages facilitates credential theft

Vimeo confirms customer data accessed following Anodot breach

• data-security
• identity
• supply-chain

Vimeo confirms customer data accessed following Anodot breach

SC Staff April 29, 2026

The breach was claimed by the ShinyHunters extortion group, which threatened to leak the data by April...

Read More Read more about Vimeo confirms customer data accessed following Anodot breach

Malicious elementary-data package version 0.23.3 steals developer data and cryptocurrency wallets

• data-security
• supply-chain

Malicious elementary-data package version 0.23.3 steals developer data and cryptocurrency wallets

SC Staff April 28, 2026

The attack exploited a GitHub Actions script injection flaw, allowing the attacker to inject shell code that...

Read More Read more about Malicious elementary-data package version 0.23.3 steals developer data and cryptocurrency wallets

North Korean hackers operate self-propagating supply chain hack

• supply-chain
• threat-intelligence

North Korean hackers operate self-propagating supply chain hack

SC Staff April 28, 2026

North Korean state-sponsored threat operation Void Dokkaebi, also known as Famous Chollima, has leveraged phony job interviews...

Read More Read more about North Korean hackers operate self-propagating supply chain hack

GlassWorm attackers activate new ‘sleeper’ extensions on Open VSX

• application-security
• malware
• ransomware
• supply-chain
• threat-intelligence
• threat-management

GlassWorm attackers activate new ‘sleeper’ extensions on Open VSX

Laura French April 28, 2026

A new cluster of 73 extensions impersonating legitimate projects has been tied to the GlassWorm campaign.

Read More Read more about GlassWorm attackers activate new ‘sleeper’ extensions on Open VSX

Further Vercel customer data compromise confirmed

• data-security
• supply-chain

Further Vercel customer data compromise confirmed

SC Staff April 24, 2026

TechCrunch reports that Vercel has disclosed that unencrypted customer information had been compromised prior to this month's...

Read More Read more about Further Vercel customer data compromise confirmed

Checkmarx supply chain hack impacts Bitwarden CLI

• devsecops
• identity
• supply-chain
• threat-intelligence

Checkmarx supply chain hack impacts Bitwarden CLI

SC Staff April 24, 2026

Bitwarden CLI was reported by Socket and JFrog researchers to have been affected by the TeamPCP-linked supply...

Read More Read more about Checkmarx supply chain hack impacts Bitwarden CLI

Anthropic probes alleged third-party breach of Claude Mythos

• aiml
• supply-chain

Anthropic probes alleged third-party breach of Claude Mythos

SC Staff April 23, 2026

HackRead reports that Anthropic has launched an investigation into the reported compromise of its Claude Mythos AI...

Read More Read more about Anthropic probes alleged third-party breach of Claude Mythos

Namastex npm packages compromised in ‘CanisterWorm’ supply chain attack

• aiml
• identity
• malware
• supply-chain
• threat-intelligence

Namastex npm packages compromised in ‘CanisterWorm’ supply chain attack

Laura French April 23, 2026

A self-propagating script was added to @automagik/genie and @pgserve packages.

Read More Read more about Namastex npm packages compromised in ‘CanisterWorm’ supply chain attack

The LiteLLM attack was a warning shot for Agentic AI supply chains

• aiml
• supply-chain

The LiteLLM attack was a warning shot for Agentic AI supply chains

Harold Byun April 22, 2026

Here’s why teams have to move to a more active security model.

Read More Read more about The LiteLLM attack was a warning shot for Agentic AI supply chains