supply-chain attackSupply chain attack via DAEMON Tools
A targeted supply chain attack via popular software for mounting disk images.
supply-chain attack
11 articles
supply chainSpam packages in npm: what are they and why are they dangerous?
In November 2025, the npm ecosystem was hit by a flood of junk packages that were part of the IndonesianFoods malicious campaign. We’re breaking down the lessons learned from this incident.
Popular npm packages compromised
Unknown attackers have compromised several popular npm packages in a supply-chain attack.
phishingPhishers targeting PyPi and AMO developers
Attackers are sending phishing emails to developers of PyPi packages and Firefox add-ons.
Attack on DevOps: secrets leaked via malicious GitHub Action
How to respond to a compromised GitHub changed-files Action incident.
Remove Polyfill.io from your website
The JavaScript CDN service Polyfill.io has started spreading malicious code. Remove the service’s script from your website.
Malicious code discovered in Linux distributions
A backdoor implanted into XZ Utils has found its way into popular Linux distributions.
cryptocurrenciesCase study: fake hardware cryptowallet
Full review of a fake cryptowallet incident. It looks and feels like a Trezor wallet, but puts all your crypto-investments into the hands of criminals.
PHP language source code compromise attempt
Unknown attackers tried to add a backdoor to PHP scripting language source code.
Do not become a link in a supply chain attack
Even if you are really not an interesting target for an APT actor, you can still be used in a malware delivery chain