This page collects WhisperX intelligence signals tagged #supply_chain_attack. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A sophisticated supply chain attack has compromised the core security tools of Aqua Security's Trivy project, with a threat actor using stolen credentials to publish malicious software releases and force-push dozens of version tags to credential-stealing malware. The attack targeted the `aquasecurity/trivy-action` GitH...
The cloud development platform Vercel has been compromised, with hackers linked to the notorious ShinyHunters group attempting to sell stolen data. The breach, which Vercel has confirmed as a 'security incident,' exposed sensitive information including employee names, email addresses, and activity timestamps. This atta...
A sweeping npm supply chain attack has surfaced, targeting more than 170 packages with over 400 malicious versions published. The campaign stands out for a critical anomaly: investigators found no evidence that any maintainer accounts were compromised, raising sharp questions about how the malicious code entered the ec...
A sophisticated supply chain attack compromised 84 versions of TanStack npm packages between 19:20 and 19:26 UTC on May 11, embedding malware capable of credential theft, self-propagation, and complete disk erasure on infected hosts. The campaign, linked to the ongoing Mini Shai-Hulud operation, also targeted packages ...
Security researchers at Endor Labs have uncovered a sophisticated supply chain attack dubbed "Shai-Hulud," which has compromised over 80 packages within the Tanstack ecosystem. The attack represents a significant intrusion into one of JavaScript's most widely used developer frameworks, raising alarms across the open-so...