Windows Report

Microsoft Links Mastra AI npm Supply Chain Attack to North Korean Sapphire Sleet Hackers

Microsoft links the recent Mastra AI npm supply chain attack to , a North Korean group known for cryptocurrency theft ...

Why a recent supply-chain attack singled out security firms Checkmarx and Bitwarden

It has been a bad six weeks for security firm Checkmarx. Over the past 40 days, it has been the victim of at least one supply-chain attack that delivered malware to customers on two separate occasions ...
SecurityWeek

Atomic Arch Supply Chain Attack Hits 1,500 AUR Packages

At least 1,500 malicious packages were published to the Arch User Repository (AUR) as part of the Atomic Arch supply chain ...
HHS

Supply Chain Attacks Really Are Surging

Threat intelligence firm Cyble said such attacks occurred, on average, nearly 13 times per month last year, from February through September 2024. Starting in October, they surged to nearly 16 per ...
CPO Magazine

“SearchLeak” Copilot Vulnerability Chain Turns the AI Assistant Into a Data Theft Partner

The Copilot vulnerability chain requires three steps, two of which are old-fashioned injections and request forgeries. But ...

Red Hat hit by npm supply‑chain attack - here's how to stay safe

Red Hat hit by npm supply‑chain attack - here's how to stay safe ...
VentureBeat

Four AI supply-chain attacks in 50 days exposed the release pipeline red teams aren't covering

Four supply-chain incidents hit OpenAI, Anthropic and Meta in 50 days: three adversary-driven attacks and one self-inflicted packaging failure. None targeted the model, and all four exposed the same ...

7,000 Langflow servers are under attack. LangGraph and LangChain have the same holes

Attackers are actively exploiting path traversal and SQL injection in Langflow, LangGraph, and LangChain — below where your ...