software supply chain - The Cyber Trove

How This New 7-Zip Flaw Exposes Your Whole System

Latest News

How This New 7-Zip Flaw Exposes Your Whole System

A high-severity 7-Zip vulnerability has been disclosed that allows threat actors to achieve arbitrary remote code … How This New 7-Zip Flaw Exposes Your Whole SystemRead more

by Rakesh•May 26, 2026May 26, 2026•0

Malicious NuGet Packages Compromise 64K+ Developer Systems

Latest News

Malicious NuGet Packages Compromise 64K+ Developer Systems

A stealthy supply chain attack is quietly spreading through the .NET ecosystem, targeting developers and build … Malicious NuGet Packages Compromise 64K+ Developer SystemsRead more

by Rakesh•May 7, 2026May 7, 2026•0

pnpm 11 Turns On Minimum Release Age by Default to Reduce npm Supply Chain Risk

Latest News

pnpm 11 Turns On Minimum Release Age by Default to Reduce npm Supply Chain Risk

The npm ecosystem has become one of the most targeted environments for supply chain attacks, where … pnpm 11 Turns On Minimum Release Age by Default to Reduce npm Supply Chain RiskRead more

by Rakesh•May 5, 2026May 5, 2026•0

NPM Supply Chain Attack Spreads CanisterWorm Malware

Latest News

NPM Supply Chain Attack Spreads CanisterWorm Malware

A dangerous new npm supply chain attack has emerged, compromising packages linked to Namastex.ai and delivering … NPM Supply Chain Attack Spreads CanisterWorm MalwareRead more

by Rakesh•April 22, 2026April 22, 2026•0

PHP Composer Vulnerability Exposes Developers to Command Injection Attacks

Latest News

PHP Composer Vulnerability Exposes Developers to Command Injection Attacks

The recent PHP Composer vulnerability has raised serious concerns across the global development and DevSecOps community. … PHP Composer Vulnerability Exposes Developers to Command Injection AttacksRead more

by Rakesh•April 15, 2026April 15, 2026•0

36 Malicious npm Strapi Packages Used in Targeted Supply Chain Attack

Latest News

36 Malicious npm Strapi Packages Used in Targeted Supply Chain Attack

A sophisticated software supply chain attack has been discovered targeting developers using Strapi. Attackers published 36 … 36 Malicious npm Strapi Packages Used in Targeted Supply Chain Attack Read more

by Rakesh•April 6, 2026April 6, 2026•0

Axios npm Supply Chain Attack: Detection, Risks, and Mitigation Guide

Latest News

Axios npm Supply Chain Attack: Detection, Risks, and Mitigation Guide

On March 31, 2026, the cybersecurity community faced a major wake-up call when a widely trusted … Axios npm Supply Chain Attack: Detection, Risks, and Mitigation Guide Read more

by Rakesh•April 3, 2026April 3, 2026•0

Backdoored Telnyx Python SDK on PyPI Steals Credentials Across Platforms

Latest News

Backdoored Telnyx Python SDK on PyPI Steals Credentials Across Platforms

A new software supply chain attack has targeted developers after threat actors compromised the Telnyx Python … Backdoored Telnyx Python SDK on PyPI Steals Credentials Across PlatformsRead more

by Rakesh•April 1, 2026April 1, 2026•0

Malicious Axios Package Delivers WAVESHAPER.V2 Backdoor in Supply Chain Attack

Latest News

Malicious Axios Package Delivers WAVESHAPER.V2 Backdoor in Supply Chain Attack

A major software supply chain attack has impacted the JavaScript ecosystem after threat actors compromised the … Malicious Axios Package Delivers WAVESHAPER.V2 Backdoor in Supply Chain AttackRead more

by Rakesh•April 1, 2026April 1, 2026•0

CanisterWorm Spreads Through npm Accounts Stealing Tokens

Latest News

CanisterWorm Spreads Through npm Accounts Stealing Tokens

A new supply chain malware campaign called CanisterWorm is targeting the npm ecosystem by compromising publisher … CanisterWorm Spreads Through npm Accounts Stealing TokensRead more

by Rakesh•March 23, 2026March 23, 2026•0