Miasma Worm Hits 73 Microsoft GitHub Repositories in Major Supply Chain Attack
Microsoft's GitHub repositories have become the latest to fall victim to the ongoing Miasma self-replicating supply chain attack campaign
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Microsoft's GitHub repositories have become the latest to fall victim to the ongoing Miasma self-replicating supply chain attack campaign
Checkmarx has disclosed that its ongoing investigation tied to the supply chain security incident has revealed that a cybercriminal group published data related to the company on the dark web
You scroll past one incident and see another that feels familiar, like it should have been fixed years ago, but it still works with small changes. Same bugs. Same mistakes
OpenAI revealed a GitHub Actions workflow used to sign its macOS apps led to the download of the malicious Axios library on March 31, but noted that no user data or internal system was compromised
ESET says factory outages, lost revenue, and supply chain disruption are becoming routine Nearly 80 percent of British manufacturers say they've been hit by a cyber incident in the past year, as new research suggests disruption on the factory floor is no longer an exception but business as usual.…
UK NCSC's Richard Horne on Strengthening Cyber Defense and Incident ResponseCyber risk is rising as digital dependence grows and threat actors expand. NCSC CEO Richard Horne outlines why leaders must treat cybersecurity as mission-critical, strengthen their resilience, and align defense efforts to counter ransomware, AI-driven threats, and supply chain attacks.
UK NCSC's Richard Horne on Strengthening Cyber Defense and Incident ResponseCyber risk is rising as digital dependence grows and threat actors expand. NCSC CEO Richard Horne outlines why leaders must treat cybersecurity as mission-critical, strengthen their resilience, and align defense efforts to counter ransomware, AI-driven threats, and supply chain attacks.
ManuSec Canada Speakers From Subaru and Toronto Transit Discuss Cyber ResilienceCanadian manufacturers face rising cyber risk as IT and OT systems converge. Leaders from Subaru Canada and the Toronto Transit Commission outline how ransomware, supply chain exposure and legacy OT vulnerabilities demand stronger resilience, segmentation and incident response readiness.
Attack Spotlights Threats, Risks Facing Healthcare Supply ChainUFP Technologies, a Massachusetts-based maker of single-use medical devices and other healthcare supplies, has notified the U.S. Securities and Exchange Commission of a cyber incident discovered on Valentine's Day that involved the theft or destruction of company data.
In December 2025, in response to the Sha1-Hulud incident, npm completed a major authentication overhaul intended to reduce supply-chain attacks. While the overhaul is a solid step forward, the changes don’t make npm projects immune from supply-chain attacks. npm is still susceptible to malware attacks – here’s what you need to know for a safer Node community
eScan lawyers up after Morphisec claimed 'critical supply-chain compromise' A spat has erupted between antivirus vendor eScan and threat intelligence outfit Morphisec over who spotted an update server incident that disrupted some eScan customers earlier this month.…
NAV Canada CISO Tom Bornais on Keeping IT and OT Systems RunningWith threats targeting aviation infrastructure, NAV Canada CISO Tom Bornais explained how his team focuses on building resilience rather than chasing perfection. He outlined why internal alignment, incident simulation and supply chain security are critical to defending IT and OT systems.
Digital Extortionists Try Recruiting Insiders, Email BarragesCollective efforts to bolster cybersecurity defenses have been taking a big bite out of ransomware groups' earnings, leading groups to reach for new strategies, including social engineering, supply chain attacks, extortion services and bribing insiders, warn incident response experts.
Salesloft has revealed that the data breach linked to its Drift application started with the compromise of its GitHub account
New research has uncovered Docker images on Docker Hub that contain the infamous XZ Utils backdoor, more than a year after the discovery of the incident
Glasgow City Council has warned of service disruption and potential data loss after a security incident
Government Says Managed Service Providers Need More RegulationThe British government pledged to introduce stricter rules surrounding incident reporting and supply chain vulnerability patching through legislation it previewed in July 2024. The proposed Cyber Security and Resilience Bill will bring under its scope managed service providers.
Australian Payments Plus' Cody Kieltyka on Using Approaches Beyond QuestionnairesUnderstanding vendor interdependencies is too complex for humans alone, said Cody Kieltyka, CISO at Australian Payments Plus. While questionnaires remain common for supply chain risk management, they need supplementation with dark web monitoring and incident response planning with critical vendors.
Attack on Blood Center Spotlights Ongoing Supply Chain Risk in Healthcare SectorSix months after a ransomware attack temporarily crippled its blood donation and distribution activities, Florida-based nonprofit OneBlood is reporting a data breach to regulators that affected donors' personal information. Why is the incident reawakening healthcare supply chain concerns?
The data leak was not actually due to a breach in Amazon's systems but rather that of a third-party vendor; the supply chain incident affected several other clients as well.