A routine NPM update became a launchpad for UNC6426’s devastating cloud breach. In just three days, attackers moved from harvesting credentials on a developer’s laptop to full AWS admin rights, data exfiltration, and infrastructure destruction—underscoring urgent gaps in supply chain and cloud identity security.
Peak-Toolworks, a leading industrial tooling company, has fallen victim to a ransomware attack, highlighting escalating cyber risks to the manufacturing sector and supply chain resilience.
A wave of malicious Rust packages and an AI-driven bot have exploited developer tools and CI/CD pipelines, stealing secrets and highlighting the urgent need for stronger supply chain security.
Contractors Supply, a key industrial supplier in Connecticut, is the latest victim of the Incransom ransomware group—a stark warning that cybercriminals are targeting the backbone of America's supply chain.
A ransomware attack on netCOMPONENTS exposes critical vulnerabilities in the digital supply chain, sending shockwaves through the global electronics industry.
A ransomware attack on Estra-Automotive halted production and exposed sensitive data, revealing critical vulnerabilities in Europe’s automotive supply chain.
Ericsson’s US subsidiary has disclosed a significant data breach after a service provider was hacked, exposing sensitive employee and customer data. The incident highlights the growing cybersecurity risks hidden within supply chains and the urgent need for stronger third-party defenses.
MAGNETA-LOGISTICS-UAB, a major Lithuanian logistics company, has been targeted in a ransomware attack, highlighting the growing threat cybercriminals pose to global supply chains.
A major ransomware attack has rocked Transsion Holdings, threatening user data and exposing the digital vulnerabilities of a global tech giant. This investigation unpacks the breach and its far-reaching implications.
A critical vulnerability has been detected in Ruby, the popular programming language. This feature explores the risks, technical context, and why the incident is a wake-up call for software supply chain security.