Popular open-source coding application targeted in Chinese-linked supply-chain attack

By AJ Vicens Feb 2 (Reuters) - A Chinese-linked cyberespionage group with a long history hijacked the update process for the ...
Cryptopolitan on MSN

ClawHub hosts AI agent skills enabling supply chain attacks

ClawHub contains malicious skills and prompts, noted SlowMist in its latest preview of the marketplace. AI bot skills may contain stealers or malicious installations.
OSTechNix

Notepad++ Supply Chain Attack: Is Your Version Secure?

Notepad++ update servers were compromised for 6 months in 2025. Learn how the Chrysalis backdoor targeted users and why you must manually update to version 8.9.1 now.
The Silicon Review

eScan Antivirus Delivers Malware in Supply Chain Attack

Hackers compromised an eScan Antivirus update server, using it to deliver malware to customers in a severe software supply chain attack.
SiliconANGLE

Shai Hulud malware turns developers into unwitting distributors in NPM supply chain attacks

A new report out today from managed detection and response company Expel Inc. details a newly identified variant of the Shai Hulud malware that is demonstrating how software supply chain attacks are ...
Dark Reading

Supply Chain Attacks Targeting GitHub Actions Increased in 2025

Some of the most significant software supply chain incidents over the past year were carried out by threat actors who exploited vulnerabilities in GitHub, the global repository widely used by software ...