Topic: software supply chain
-
Malicious npm Packages Target Ethereum Smart Contracts
A new wave of malicious npm packages uses Ethereum smart contracts to hide command-and-control infrastructure, making detection more difficult. Attackers also created fake GitHub repositories with artificially inflated metrics to appear legitimate and target cryptocurrency developers. This campai...
Read More » -
Why Satellite Cybersecurity Is Everyone's Concern
Satellite cybersecurity has become a critical global issue due to the widespread reliance on these systems for communications, navigation, finance, and national security, with many older satellites lacking modern security protections. Vulnerabilities exist across all segments of space systems, in...
Read More » -
Red Hat Admits GitLab Hack, User Data Stolen
Red Hat confirmed a security breach of an internal GitLab system used by its Consulting team, initially misreported as targeting GitHub, where a cybercriminal group claimed to have stolen substantial proprietary data. The attackers, Crimson Collective, allegedly exfiltrated around 570 GB of compr...
Read More » -
US Data at Risk as Key Cyber Law Expires
The Cybersecurity Information Sharing Act (CISA 2015) has expired, removing legal immunity for companies that share cyber threat intelligence and exposing them to lawsuits. Experts warn the lapse undermines national security by discouraging threat data sharing, increasing risks like software supp...
Read More » -
Hackers Breach Red Hat's GitLab Repositories
The Crimson Collective cybercrime group breached Red Hat's internal GitLab repositories, stealing proprietary data from over 28,000 repositories and potentially exposing sensitive client information and internal technical assets. Stolen materials include confidential items like login credentials,...
Read More »