Recherche : [supply] - Cyberveille

Targeted supply chain attack against Chrome browser extensions https://blog.sekoia.io/targeted-supply-chain-attack-against-chrome-browser-extensions/

24/01/2025 09:22:51

In this blog post, learn about the supply chain attack targeting Chrome browser extensions and the associated targeted phishing campaign.

Government and university websites targeted in ScriptAPI[.]dev client-side attack - c/side https://cside.dev/blog/government-and-university-websites-targeted-in-scriptapi-dev-client-side-attack

24/01/2025 09:20:53

Yesterday we discovered another client-side JavaScript attack targeting +500 websites, including governments and universities. The injected scripts create hidden links in the Document Object Model (DOM), pointing to external websites, a programming interface for web documents.

Vulnerabilities in CocoaPods Open the Door to Supply Chain Attacks Against Thousands of iOS and MacOS Applications https://www.evasec.io/blog/eva-discovered-supply-chain-vulnerabities-in-cocoapods

02/07/2024 18:58:38

E.V.A Information Security researchers uncovered several vulnerabilities in the CocoaPods dependency manager that allows any malicious actor to claim ownership over thousands of unclaimed pods and insert malicious code into many of the most popular iOS and MacOS applications. These vulnerabilities have since been patched.
Such an attack on the mobile app ecosystem could infect almost every Apple device, leaving thousands of organizations vulnerable to catastrophic financial and reputational damage. One of the vulnerabilities could also enable zero day attacks against the most advanced and secure organizations’ infrastructure.
Developers and DevOps teams that have used CocoaPods in recent years should verify the integrity of open source dependencies used in their application code.
Dependency managers are an often-overlooked aspect of software supply chain security. Security leaders should explore ways to increase governance and oversight over the use these tools.

npm Supply Chain Attack Targeting Germany-Based Companies https://jfrog.com/blog/npm-supply-chain-attack-targets-german-based-companies/

11/05/2022 11:32:33

The JFrog Security Research team identified and quickly disclosed new npm malicious packages aimed at compromising leading industrial organizations

Liens par page

Filtres