This Week in Security: The Github Supply Chain Attack, Ransomware Decryption, and Paragon - Last Friday Github saw a supply chain attack hidden in a popular Github Action. To... - https://hackaday.com/2025/03/21/this-week-in-security-the-github-supply-chain-attack-ransomware-decryption-and-paragon/ #thisweekinsecurity #supplychainattack #hackadaycolumns #securityhacks #githubactions #paragon #news

The 'Rules File Backdoor': A New Era of AI-Driven Supply Chain Attacks

Pillar Security researchers have unveiled a critical vulnerability in AI coding assistants like GitHub Copilot and Cursor, allowing hackers to inject malicious code through seemingly innocuous configu...

https://news.lavx.hu/article/the-rules-file-backdoor-a-new-era-of-ai-driven-supply-chain-attacks

A supply chain attack on a GitHub Actions tool has put up to 23,000 organisations at risk of having credentials stolen.

https://www.computing.co.uk/news/2025/security/github-attack-threatens-23-000-organisations

Large enterprises scramble after supply-chain attack spills their secrets - Open-source software used by more than 23,000 organizations, some of them ... - https://arstechnica.com/information-technology/2025/03/supply-chain-attack-exposing-credentials-affects-23k-users-of-tj-actions/ #opensourcesoftware #supplychainattack #tj-actions #security #biz&it

Inside the SunBurst Attack
A Bit of Security for December 9, 2024
SunBurst has two important lessons for us: supply chain security and security vendor claims. Listen to this -
https://youtu.be/Gu1dFqfzf6s
Let me know what you think!
#cybersecuritytips #supplychainattack #SDLC #softwarebuild #AIforsecurity #BitofSec

Backdoor slips into popular code library, drains ~$155k from digital wallets - Hackers pocketed as much as $155,000 by sneaking a backdoor into a code li... - https://arstechnica.com/information-technology/2024/12/backdoor-slips-into-popular-code-library-drains-155k-from-digital-wallets/ #supplychainattack #cryptocurrency #security #backdoor #biz⁢ #solana

Welp, here we are.
https://openssf.org/blog/2024/04/15/open-source-security-openssf-and-openjs-foundations-issue-alert-for-social-engineering-takeovers-of-open-source-projects/

SUPPLY CHAIN ATTACK SCENARIO —
What we know about the xz Utils backdoor that almost infected the world
https://arstechnica.com/security/2024/04/what-we-know-about-the-xz-utils-backdoor-that-almost-infected-the-world/ #malware #backdoor #xzUtils #Linux #SupplyChainAttack #Debian #RedHat

There's A LOT going on (analysis, discussion, vendor notices, etc...) related to the ongoing xz/liblzma compromise so I created a "link roundup" which centralizes and buckets a lot of the awesome links and threads I've seen flying around.

https://shellsharks.com/xz-compromise-link-roundup

I will *try* to keep this up-to-date (ish) for a few days while things are hot but I make no promises beyond that.

Backdoor found in widely used Linux utility breaks encrypted SSH connections - Enlarge / Internet Backdoor in a string of binary code in a shape of an... - https://arstechnica.com/?p=2013674 #supplychainattack #backdoors #security #xzutils #biz⁢ #linux

GitHub besieged by millions of malicious repositories in ongoing attack - Enlarge (credit: Getty Images)

GitHub is struggling to contain... - https://arstechnica.com/?p=2006797 #supplychainattack #repositories #security #biz⁢ #github

This Week in Security: Cookie Monster, CyberGhost, NEXX, and Dead Angles - “Operation Cookie Monster” ranks as one of the best code names in recent memory. A... - https://hackaday.com/2023/04/07/this-week-in-security-cookie-monster-cyberghost-nexx-and-dead-angles/ #thisweekinsecurity #supplychainattack #hackadaycolumns #securityhacks #news #nexx #vpn

For the curious, my slides for the @C4DT_EPFL supply chain attacks and how we deal with it at @circl and @misp are available:

https://cra.circl.lu/pres/circl-misp-c4dt-presentation.pdf

CrowdStrike and SentinelOne are reporting that a version of the 3CX softphone app has been bundled with malware in a supply chain attack, similar to what happened with Solarwinds. CrowdStrike intelligence has attributed this activity to a North Korean APT group they track as LABYRINTH CHOLLIMA The response from 3CX is arrogant as hell!