This page collects WhisperX intelligence signals tagged #supply-chain attack. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
The threat actors behind the recent Trivy supply-chain breach have escalated their campaign, now poisoning the Python Package Index (PyPI) with malicious versions of the Telnyx SDK. This latest attack aims to infect developers' systems with credential-stealing malware, marking a continued and aggressive exploitation of...
A critical supply-chain attack has compromised the widely used Axios HTTP client library on the NPM registry, with malicious versions deploying a remote access trojan (RAT). This incident represents a direct infiltration of a foundational JavaScript package, posing an immediate and severe risk to countless applications...
For six hours this week, the trusted CPUID website became a trap. Attackers hijacked a portion of its backend infrastructure, transforming legitimate download links for popular system monitoring tools like HWMonitor into a delivery mechanism for malware. Visitors seeking genuine software were instead exposed to a coin ...
Официальный сайт CPUID, разработчика популярных диагностических утилит CPU-Z и HWMonitor, был скомпрометирован. В течение примерно 24 часов все ссылки для скачивания на сайте вели не на легитимные программы, а на вредоносные сборки. Эти сборки разворачивали на компьютерах ничего не подозревающих пользователей удалённый...
A critical supply-chain vulnerability has been identified in the CI infrastructure powering CakePHP organization repositories, prompting an urgent call for hardening measures across all GitHub Actions workflows. The flaw, tracked as CVE-2026-45793, enables the exposure of GitHub authentication tokens through Composer e...