Home > Topics > supply chain attack

supply chain attack

10 articles and related resources

// Articles
News 5 min read Jul 5, 2026

Vect and TeamPCP Collaborate in Unprecedented Ransomware Campaign

Vect and TeamPCP's alliance marks a new era in ransomware, combining credential theft with advanced deployment for industrialized attacks.

News 4 min read Jul 4, 2026

GitHub Breach Highlights Developer Devices as Supply Chain Vulnerability

The recent GitHub breach underscores the critical vulnerability of developer devices in the software supply chain, highlighting the need for enhanced security m

News 3 min read Jun 23, 2026

Mini Shai-Hulud Supply Chain Attack Targets npm and PyPI Ecosystems

The Mini Shai-Hulud attack in May 2026 compromised npm and PyPI packages, highlighting the need for robust software supply chain security measures.

News 4 min read Jun 6, 2026

NCSC Warns of Escalating Software Supply Chain Attacks Targeting Open Source Dependencies

The UK's NCSC warns of a surge in software supply chain attacks targeting open source dependencies, urging organizations to strengthen their security practices.

News 5 min read Jun 4, 2026

NCSC Warns of Rising Software Supply Chain Attacks Exploiting Open Source Dependencies

The NCSC warns of escalating software supply chain attacks exploiting open source dependencies, urging organizations to enhance security measures.

News 4 min read May 19, 2026

Malicious npm Package Compromises Multiple Production Deployments

A 42-line npm package was exploited to infiltrate multiple production environments, highlighting critical supply chain vulnerabilities.

News 5 min read May 16, 2026

Mini Shai-Hulud Campaign Targets Mistral AI and TanStack Packages

The 'Mini Shai-Hulud' campaign compromised Mistral AI and Tan ... , exposing sensitive credentials and highlighting software supply chain vulnerabilities.

News 4 min read May 13, 2026

TeamPCP's Supply Chain Attacks Compromise Cloud-Native Security Tools

In March 2026, TeamPCP executed a sophisticated supply chain attack compromising cloud-native security tools, leading to widespread credential theft and unautho

News 3 min read Apr 18, 2026

Notepad++ Update Infrastructure Compromised in Sophisticated Supply Chain Attack

Notepad++'s update infrastructure was compromised in a sophisticated supply chain attack, potentially exposing millions of users to malicious software.

News 2 min read Apr 17, 2026

CocoaPods Vulnerability Exposes iOS Apps to Supply Chain Attacks

Recent research reveals critical vulnerabilities in CocoaPods, exposing numerous iOS apps to potential supply chain attacks through dependency hijacking.

News 3 min read Apr 10, 2026

North Korean Hackers Compromise Axios npm Package in Major Supply Chain Attack

On March 31, 2026, North Korean hackers compromised the Axios npm package, highlighting critical vulnerabilities in the software supply chain.

News 2 min read Apr 3, 2026

Critical Supply Chain Attack Compromises Axios npm Package

On March 31, 2026, the widely-used JavaScript library Axios was compromised in a supply chain attack, leading to the publication of malicious versions containin

News 3 min read Apr 1, 2026

Axios npm Package Compromised in Major Supply Chain Attack

The widely-used Axios npm package was compromised in a significant supply chain attack, affecting millions of applications and exposing sensitive data.

News 3 min read Mar 24, 2026

New Research Unveils 'Java-Class-Hijack' Supply Chain Attack

Researchers unveil 'Java-Class-Hijack,' a novel supply chain attack exploiting Java's dependency resolution and classloading, posing significant risks to applic

News 2 min read Mar 17, 2026

CISA Warns of Widespread npm Supply Chain Attack Impacting Over 500 Packages

CISA issues an urgent advisory on the Shai-Hulud npm supply chain attack, compromising over 500 packages and urging immediate dependency reviews.

News 3 min read Mar 16, 2026

Notepad++ Update Mechanism Hijacked in Targeted Supply Chain Attack

State-sponsored hackers compromised Notepad++'s update mechanism, delivering malicious payloads to targeted users in East Asia's telecom and financial sectors.