12 articles. Supply chain attack intelligence. Software supply chain compromises, dependency hijacking, and third-party vendor breaches across MENA, EU, and US.
North Korea's UNC1069 social-engineered the lead Axios maintainer, hijacking npm and GitHub accounts to deploy the WAVESHAPER.V2 RAT via 100M weekly downloads.
A Russian-speaking actor deployed GlassWorm across 433 components in four developer ecosystems using invisible Unicode payloads and Solana blockchain C2.
TeamPCP backdoored the Telnyx Python SDK using credentials stolen during the LiteLLM compromise. Payloads hidden via WAV steganography. Quarantined in 6 hours.
Pro-Iranian NasirSecurity claimed breaches of four Gulf energy firms. Resecurity traced the data to compromised supply chain vendors, not the majors.
Hackers breached SitusAMC and exfiltrated SSNs, financial details tied to JPMorgan Chase, Citibank, Morgan Stanley. FBI investigation active.
TeamPCP backdoored LiteLLM on PyPI using credentials stolen from the Trivy compromise. 480M total downloads. .pth persistence infects all Python processes.
TeamPCP weaponized Aqua Security's Trivy scanner (CVE-2026-33634, CVSS 9.9), infecting 1,000+ cloud environments across five package ecosystems.
Google patched a high-severity Chrome zero-day after confirming active exploitation. CSSFontFeatureValuesMap use-after-free affecting all Chromium browsers.
A threat actor exploited CVE-2021-35587 in Oracle Cloud's SSO infrastructure, compromising 6M credentials globally including 634 UAE entities.
Oman-based oil and gas operator CC Energy Development was compromised in Cl0p's mass exploitation of the MOVEit Transfer zero-day that hit 2,500+.
Threat actor 'ZeroX' exfiltrated 1TB via a compromised third-party contractor, exposing 14,000 employees' data and demanding a $50M ransom in cryptocurrency.
A supply chain attack on aviation IT provider SITA exposed frequent flyer data for Qatar Airways Privilege Club members. SITA serves ~90% of the world's.