Tag : supply-chain

8 attack reports | 0 vulnerabilities

Attack Reports

Title Published Tags Description Number of indicators
Persistent npm Campaign Shipping Trojanized jQuery July 10, 2024, 9:36 a.m. The report describes a persistent supply chain attack involving the distribution of a trojanized version of jQuery through variou… 67
Exposing Attack Operations Utilizing PyPI Against Windows, Linux and macOS Platforms July 8, 2024, 10:50 a.m. The report details the APT-C-26 (Lazarus) group's recent attack campaign utilizing malicious Python packages hosted on the PyPI r… 28
Supply Chain Compromise Leads to Trojanized Installers July 1, 2024, 11:05 a.m. Rapid7 discovered that installers for Notezilla, RecentX, and Copywhiz hosted on conceptworld[.]com were trojanized to execute in… 27
Polyfill supply chain attack hits 100K+ sites June 27, 2024, 12:32 p.m. A malicious Chinese entity acquired control over the popular Polyfill JS open-source project and has been injecting malware into … 7
Malicious npm package targets AWS users June 27, 2024, 7:58 a.m. ReversingLabs' researchers discovered a malicious package named legacyreact-aws-s3-typescript on the npm repository. It mimicked … 3
Uncovering Espionage Operations June 24, 2024, 7:58 a.m. This comprehensive analysis delves into the intricate tactics employed by a suspected China-nexus cyber espionage actor, UNC3886.… 39
Fake Advanced IP Scanner Installer Delivers Dangerous Backdoor June 6, 2024, 12:27 p.m. Security researchers discovered a malicious version of the Advanced IP Scanner installer, which contained a backdoored DLL module… 11
CVE-2024-4978: Backdoored Justice AV Solutions Viewer Software Used in Apparent Supply Chain Attack May 24, 2024, 1:29 p.m. Rapid7 discovered that version 8.3.7 of the JAVS Viewer software from Justice AV Solutions contained a backdoor installer allowin… 10