supply chain attack

Business

LNER Supply Chain Attack Exposes Customer Data

September 12, 2025
LNER logo on a red and white train car.

A supply chain attack via a third-party supplier exposed LNER customer data, including personal contact details and travel history, but…

Read More »
Cybersecurity

Fake npm 2FA Reset Email Used to Hijack Popular Code Packages

September 11, 2025
npm logo in red and white, set against a background of dark, stacked boxes.

A phishing campaign compromised at least 18 widely used JavaScript npm packages, injecting malicious code to hijack cryptocurrency transactions and…

Read More »
Cybersecurity

Wealthsimple Data Breach: Supply Chain Attack Exposes User Info

September 9, 2025
Digital shield dissolving into pixels, revealing a keyhole; symbolizes cybersecurity vulnerability.

A data breach at Wealthsimple compromised sensitive client information due to a supply chain attack, but no account passwords or…

Read More »
BigTech Companies

Qualys, Tenable Hit in Salesloft Data Breach

September 9, 2025
Close-up of a smartphone displaying the Zillow Offers (now called Homes) logo, with a blurred Zillow website in the background.

Tenable and Qualys experienced unauthorized access to their Salesforce data due to stolen OAuth tokens from the Salesloft Drift application,…

Read More »
BigTech Companies

Salesloft Links Drift Data Theft to March GitHub Hack

September 8, 2025
Close-up of a hand typing on a backlit laptop keyboard glowing red and blue. Cybersecurity or late-night work concept.

A data breach at Salesloft originated from a March intrusion into its GitHub account, allowing attackers to steal authentication tokens…

Read More »
BigTech Companies

Cloudflare Data Breach Linked to Salesloft Drift Supply Chain Attack

September 4, 2025
Cloudflare logo displayed against a red background of binary code, symbolizing cybersecurity and cloud services.

Cloudflare experienced a supply chain attack via its Salesforce customer support system, exposing API tokens and sensitive customer data, including…

Read More »
Newswire

Beware: Malicious npm Package Impersonates Email Library

September 3, 2025
Person checking email on laptop, new message notification shown.

A malicious npm package named "nodejs-smtp" impersonates the legitimate nodemailer library, compromising cryptocurrency wallets by altering transaction details to redirect…

Read More »
Cybersecurity

Critical Zero-Day Threat for Cursor & Windsurf Users Exposed

July 13, 2025
Cursor, Windsurf, Firebase Studio, and Gitpod app logos displayed on a cracked, dark surface. Each logo has a cracked texture.

A zero-day vulnerability in AI coding tools (e.g., Cursor, Windsurf) exposed developers to machine hijacking via compromised extensions, with attackers…

Read More »
Cybersecurity

Glasgow Council Services Disrupted by Major Supply Chain Breach

June 27, 2025
Glasgow City Chambers at dusk, illuminated, with a war memorial in the foreground.

Glasgow City Council experienced major service disruptions due to a cybersecurity breach affecting a key supplier, prompting system isolation and…

Read More »
Cybersecurity

CoinMarketCap hacked: Fake Web3 popup drained crypto wallets

June 24, 2025
Person in dark jacket with arms outstretched, surrounded by falling Bitcoin cryptocurrency coins and sparks.

CoinMarketCap suffered a cyberattack where hackers used deceptive Web3 popups to steal funds from users' crypto wallets by exploiting a…

Read More »