Hacker News
- Polyfill supply chain attack hits 100K+ sites https://sansec.io/research/polyfill-supply-chain-attack 370 comments
- Namecheap Takes Down Polyfill.io Service Following Supply Chain Attack https://socket.dev/blog/namecheap-takes-down-polyfill-io-service-following-supply-chain-attack 9 comments
- Protect your open source project from supply chain attacks https://opensource.googleblog.com/2021/10/protect-your-open-source-project-from-supply-chain-attacks.html 2 comments
- $4.6M Series Seed to defend open source from supply chain attacks https://socket.dev/blog/series-seed 3 comments
- Is Cargo vulnerable to this supply-chain attack? https://medium.com/@alex.birsan/dependency-confusion-4a5d60fec610?sk=991ef9a180558d25c5c6bc5081c99089 28 comments rust
- Analysis of the rustdecimal supply-chain attack. https://www.sentinelone.com/labs/cratedepression-rust-supply-chain-attack-infects-cloud-ci-pipelines-with-go-malware/ 4 comments rust
- The SolarWinds Orion SUNBURST supply-chain Attack - TRUESEC Blog https://blog.truesec.com/2020/12/17/the-solarwinds-orion-sunburst-supply-chain-attack/ 5 comments technology
- New type of supply-chain attack hit Apple, Microsoft and 33 other companies https://arstechnica.com/information-technology/2021/02/supply-chain-attack-that-fooled-apple-and-microsoft-is-attracting-copycats/ 12 comments technews
- Trojan Source bug in most compilers could let adversaries launch powerful supply-chain attacks https://www.computing.co.uk/news/4039541/trojan-source-bug-most-compilers-adversaries-launch-powerful-supply-chain-attacks 3 comments compilers
- Vale's "Fearless FFI", for Memory Safety, Safer Dependencies, and Supply-Chain Attack Mitigation https://verdagon.dev/blog/fearless-ffi 12 comments programming
- Eastern European Hacker Group Stole $200m From Crypto Exchanges via Supply-Chain Attack https://forklog.media/eastern-european-hacker-group-stole-200m-from-crypto-exchanges-via-supply-chain-attack/ 34 comments programming
- Supply chain attacks using Terraform https://sprocketfox.io/xssfox/2022/02/09/terraformsupply/ 21 comments aws
- Apparent supply chain attack Ultralytics PyPI https://github.com/ultralytics/ultralytics/issues/18027 6 comments programming
- Polyfill JS Supply Chain Attack Affects Over 100,000 Websites https://cyberinsider.com/polyfill-js-supply-chain-attack-affects-over-100000-websites/ 94 comments programming
- How Go Mitigates Supply Chain Attacks https://github.com/rust-lang/cargo/issues/7169 16 comments rust
- Supply Chain attack on `vue-cli` Ru/Be IPs https://github.com/RIAEvangelist/node-ipc/blob/847047cf7f81ab08352038b2204f0e7633449580/dao/ssl-geospec.js 20 comments node
- Linux marketplaces vulnerable to RCE and supply chain attacks https://positive.security/blog/hacking-linux-marketplaces 11 comments linux
- Linux marketplaces vulnerable to RCE and supply chain attacks https://positive.security/blog/hacking-linux-marketplaces 6 comments netsec
- Dependency Confusion Supply Chain Attack on pub.dev https://pub.dev 11 comments dartlang
- Covid-19 vaccine supply chain attacked by unknown nation state https://www.computerweekly.com/news/252493091/covid-19-vaccine-supply-chain-attacked-by-unknown-nation-state 4 comments technology
- Chinese Antivirus Firm Was Part of APT41 ‘Supply Chain’ Attack https://krebsonsecurity.com/2020/09/chinese-antivirus-firm-was-part-of-apt41-supply-chain-attack/ 16 comments programming
- The Ticking Supply Chain Attack Bomb of Exposed Kubernetes Secrets https://blog.aquasec.com/the-ticking-supply-chain-attack-bomb-of-exposed-kubernetes-secrets 13 comments sysadmin
- Sushiswap's MISO launchpad hit by $3 million supply chain attack https://arstechnica.com/information-technology/2021/09/cryptocurrency-launchpad-hit-by-3-million-supply-chain-attack/ 11 comments cryptocurrency
- Third malware strain discovered in SolarWinds supply chain attack https://www.zdnet.com/article/third-malware-strain-discovered-in-solarwinds-supply-chain-attack/?ftag=tre49e8aa0&bhid=29602930762069243344564803214773&mid=13233595&cid=2352230730 5 comments technology
- Russian hackers hit US government using widespread supply chain attack https://arstechnica.com/information-technology/2020/12/russian-hackers-hit-us-government-using-widespread-supply-chain-attack/ 14 comments technology
- Evidence Aurora Operation Still Active: Supply Chain Attack Through CCleaner http://www.intezer.com/evidence-aurora-operation-still-active-supply-chain-attack-through-ccleaner/ 45 comments netsec
- Sigstore: A New Tool Wants to Save Open Source From Supply Chain Attacks https://www.linux.com/news/sigstore-a-new-tool-wants-to-save-open-source-from-supply-chain-attacks-wired/ 8 comments linux
- Red Sea attacks already bigger issue for supply chain than pandemic, maritime advisory warns https://www.cnbc.com/2024/01/18/red-sea-crisis-already-bigger-issue-for-shipping-than-covid-data-show.html 34 comments worldnews
- When will we learn? - Drew DeVault of Rust's (and other package managers') recent supply chain attack https://drewdevault.com/2022/05/12/Supply-chain-when-will-we-learn.html 8 comments opensource
- Notice the supply chain attacks from `node-ipc` (`peacenotwar`) https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/supply-chain-malware 17 comments node
- Introducing Harden-Runner: GitHub Action to prevent supply chain attacks https://www.bleepingcomputer.com/news/security/popular-codecov-code-coverage-tool-hacked-to-steal-dev-credentials/ 2 comments devops
- Experts disclosed a flaw in the PHP software package repository Packagist that could have been exploited to carry out supply chain attacks. https://securityaffairs.co/wordpress/136638/hacking/packagist-supply-chain-attack-flaw.html 4 comments programming
- NPM supply chain attack: node-ipc and peacenotwar sabotaged as an act of protest by the maintainer https://snyk.io/blog/peacenotwar-malicious-npm-node-ipc-package-vulnerability/ 37 comments netsec
- New REvil Ransomware Attack Hits 200+ Companies, Targeting Supply Chain Industry. Demanding $5 Million in Monero https://www.bleepingcomputer.com/news/security/revil-ransomware-hits-200-companies-in-msp-supply-chain-attack/ 19 comments cryptocurrency
- Us? Pwn SolarWinds? With our reputation? Russian spy chief makes laughable denial of supply chain attack https://www.theregister.com/2021/05/18/russian_spymaster_solarwinds/ 2 comments technology
- SolarWinds.Orion.Core.BusinessLayer.OrionImprovementBusinessLayer - In a historic supply chain attack, these 4k lines of C# code were added to the SolarWinds Orion software and comprise the most consequential hack of the past decade. This is the code setting the InfoSec world on fire https://gist.github.com/wataf1/7f5c6be06ba2946c595e22325a7b7aed#file-orionimprovementbusinesslayer-cs 57 comments csharp
- Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With Sunburst Backdoor https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html 5 comments technology
- The Saudi drone attack took out a known weak spot in the oil supply chain with a cheap, low-tech weapon that billions' worth of air defenses are powerless to stop https://www.businessinsider.com/saudi-drone-attack-targeted-weak-spot-powerless-2019-9 402 comments worldnews
- No One Knows How Deep Russia's Hacking Rampage Goes. A supply chain attack against IT company SolarWinds has exposed as many as 18,000 companies to Cozy Bear's attacks. https://www.wired.com/story/russia-solarwinds-supply-chain-hack-commerce-treasury/ 695 comments technology
- The Cybersecurity World Is Debating WTF Is Going on With Bloomberg’s Chinese Microchip Stories - No one is really sure who to believe after Businessweek's bombshell story on an alleged Chinese supply chain attack against Apple, Amazon, and others. https://motherboard.vice.com/en_us/article/qv9npv/bloomberg-china-supermicro-apple-hack 6 comments technology