Major Increase in Ransomware Attacks Targeting Europe, Warns New Report
Analysis of ransomware incidents by researchers at Black Kite found that attacks have risen by over 50% in the last year, with supply chain attacks increasing
Supply-chain attacks compromise trusted vendors or dependencies, potentially reaching downstream systems; verify provenance and limit access before deployment.
Search across headline titles and summaries.
Background for this topic.
Supply chain is the network of suppliers, software developers, service providers, components, and processes used to build and deliver an organization’s products or services. In a security threat model, it extends the trust boundary beyond the organization: a compromised supplier account, build system, software dependency, update mechanism, or hardware component can introduce malicious code, expose credentials, or undermine systems used by many customers.
Effective protection starts with mapping critical suppliers, dependencies, data flows, and access, then applying risk-based due diligence and least-privilege, segmented access. For software, maintain an inventory such as a software bill of materials, verify signed artifacts and update provenance where feasible, and monitor dependencies for vulnerabilities or unexpected changes. Contracts and technical controls should support timely notification and investigation. Response plans should cover revoking supplier access, isolating affected versions or integrations, determining exposure, and coordinating remediation with the provider.
Weekly headline count for the current query.
Analysis of ransomware incidents by researchers at Black Kite found that attacks have risen by over 50% in the last year, with supply chain attacks increasing
North Korean threat actor Sapphire Sleet has been linked to a supply chain attack targeting Mastra, according to Microsoft security researchers
NPM, part of GitHub, announced a new version of the npm package manager with several security improvements, including disabling install scripts
AI risks threaten to permeate supply chains through unvetted code and unaudited suppliers
Grafana Labs has confirmed a recent data breach was caused by the TanStack supply chain attack
Mini Shai-Hulud worm hits Alibaba AntV ecosystem in largest npm supply chain wave to date
The G7 Cybersecurity Working Group releases new SBOM for AI guidance, outlining seven key data clusters to boost transparency and security across AI supply chains
Malicious npm packages spread via worm-like propagation and steal developer credentials
TeamPCP is exploring ways to monetize the secrets harvested during supply chain attacks, with identified ties to the Lapsus$ and Vect ransomware gangs
Socket and Endor Labs discovered a new TeamPCP campaign leading to the delivery of credential-stealing malware
Python package LiteLLM compromised with credential-stealing malware linked to TeamPCP threat group
New Trivy Docker images 0.69.5 and 0.69.6 compromised with TeamPCP infostealer, impacting CI/CD scans
Black Kite reveals 26,000 unnamed corporate victims linked to 136 third-party breaches
Supply chain worm mimicking Shai-Hulud malware spread via malicious npm packages, targeting AI tools has been identified by security researchers
Pillar Security discovered two new critical vulnerabilities in n8n that could lead to supply chain compromise, credential harvesting and complete takeover attacks
DockerDash vulnerability allows RCE and data exfiltration via unverified metadata in Ask Gordon
A supply chain attack on Notepad++ update process was linked to compromised hosting infrastructure
Supply chain breach in eScan antivirus distributes multi-stage malware via legitimate updates
Open letter by NHS technology leaders outlines plans to identify risks to software supply chain security across health and social care system
While ‘traditional’ ransomware attacks remain stable, some gangs are shifting towards exploiting zero-days and supply chains to go straight to stealing data