Robuta

Aug 29, 2025 - The Nx build system is a popular toolkit for managing large software projects. It can currently cause security issues.

npm supply chain attacks continue. This time targeting @ctrl/tinycolor and multiple other packages with credential stealer malware. In this blog, we will...

Feb 19, 2026 - Access the english version here: Click Here Olá pessoal. Hoje quero trazer um pouquinho a mais de... Tagged with node, javascript, cybersecurity, ai.

May 5, 2025 - Attack that started in April and remains ongoing runs malicious code on visitors' devices.

The attack that targeted customer data management tool Gainsight resulted in the theft of information from approximately 300 Salesforce-using firms, the...

The Huntress team recaps what happened during the Kaseya VSA supply chain attack—and what we can learn from it.

The threat actor behind “Shai Hulud 2.0” launched a new malware campaign compromising the supply chain of Zapier, ENS Domains and more — exposing secrets,...

Learn how to detect the September 2025 NPM supply chain attack that compromised debug, chalk. Includes a bash script to scan your repositories for malicious...

Cloudflare is the latest company impacted in a recent string of Salesloft Drift breaches, part of a supply-chain attack disclosed last week.

Sep 10, 2025 - Learn about the npm debug / chalk Supply-Chain Attack and how it affects popular packages and your projects.

Nov 24, 2025 - Shai-Hulud is back, spreading an npm malware worm through thousands of GitHub repos. Learn the impact, attacker methods, and how to defend your supply chain.

The ticking supply chain attack bomb of exposed Kubernetes secrets

Jan 15, 2026 - Cortex XDR's AI stopped the 3CX supply chain attack days before the security industry knew it existed. See how behavioral detection caught what signatures...

Apr 21, 2025 - Developers who mistype names and owners of GitHub Actions expose their repositories and accounts to malicious code execution, with significant software supply...

Jan 12, 2026 - Researchers discovered malicious npm packages posing as n8n integrations, exfiltrating OAuth tokens and API keys from enterprise workflows.

Critical npm supply chain attack compromises zapier-sdk, @asyncapi, posthog, and @postman packages with self-replicating malware. Technical analysis reveals...

Jan 2, 2026 - Hundreds of crypto wallets were drained across multiple blockchains following a supply chain attack on Trust Wallet’s Chrome...

How attackers weaponized n8n's community nodes to steal credentials through legitimate workflow execution

A targeted npm supply chain attack installs an Express backdoor, enables remote SQL/file access, and rewrites gambling balances while keeping logs consistent.

RL researchers detected the first self-replicating worm that compromised npm packages with cloud token-stealing malware. Here's what you need to know.

Oct 17, 2025 - Recent updates in the Svelte ecosystem, including a significant supply chain attack.

Dec 2, 2025 - Learn about the ongoing Shai Hulud npm supply chain attack, including all currently known compromised packages

The Python Software Foundation team has invalidated all PyPI tokens stolen in the GhostAction supply chain attack in early September, confirming that the...

Follow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread

More recently, the cybersecurity community has seen numerous studies of supply chain attacks on Web apps.

Dec 18, 2025 - Second wave of Shai‑Hulud hit npm on Nov 24. Use this step‑by‑step playbook to triage, rotate tokens, and move to Trusted Publishing now.

This top 3 list of riskiest software supply chain attack patterns was created by identifying the most commonly overlapping software supply chain attack...

openSUSE maintainers received notification of a supply chain attack against the “xz” compression tool and “liblzma5” library. Background Andres Freund...

Jul 24, 2025 - Phishing attacks on package maintainer accounts led to infected JavaScript type testing utilities.

Get details on the Shai-Hulud npm, a major worm. Discover the number of compromised npm packages, the dangers, and how to plan a more secure supply chain.

Jul 1, 2025 - Learn how a supply chain attack works, why it's so dangerous, and what security measures can help protect your organization from hidden threats.

Self-replicating worm “Shai-Hulud” has compromised hundreds of software packages in a supply chain attack targeting the npm ecosystem. We discuss scope and...

Sep 3, 2025 - Cloudflare confirms it was a victim of a major supply-chain attack via Salesloft, exposing customer support data and potential credentials from its Salesforce...

Apr 17, 2018 - CCleaner owner Avast is sharing more details on the malware attackers used to infect legitimate software updates with malware.

Get details on this recent supply chain attack and how to avoid falling victim to similar attacks.

Aug 27, 2025 - Detect and mitigate a critical supply chain compromise affecting the Nx NPM Package. Organizations should act urgently.

Aug 27, 2025 - : Stolen dev credentials posted to GitHub as attackers abuse CLI tools for recon

A deep technical analysis of the NeoShadow npm supply-chain attack, detailing how JavaScript, MSBuild, and blockchain techniques were combined to compromise...

Nov 13, 2025 - Third-party breaches now account for 30% of all data breaches, double what they were just a year ago, according to Verizon. 

Jan 15, 2026 - Researchers at Wiz, who discovered the hole, said it could have led to compromised AWS GitHub repositories.

Jan 15, 2026 - Researchers at Wiz, who discovered the hole, said it could have led to compromised AWS GitHub repositories.

Jul 22, 2025 - DLL-based malware targets Windows users after a phishing campaign tricked the maintainer into leaking a token.