Supply chain attacks compromise trusted software, hardware, or service providers to reach downstream targets at scale. From poisoned open-source packages to compromised build pipelines, these attacks exploit the trust relationships that modern organizations depend on. defend.network tracks supply chain compromises across software ecosystems, cloud providers, and managed service providers.
North Korean-linked BlueNoroff compromised 140+ npm packages via Mastra AI. Gravity SMTP WordPress plugin (100k sites) actively exploited for API key theft. AutoJack attack chain targets Windows AI browsing agents.
FBI dismantles Outsider Enterprise phishing network; Arch Linux AUR compromised with 400+ malicious packages deploying credential stealer and rootkit; Splunk Enterprise CVSS-9.8 RCE patched.
Over 400 Arch Linux AUR packages compromised with credential stealer and eBPF rootkit; China-linked Velvet Ant backdoored Linux authentication for decade; Google sues Chinese phishing-as-a-service using Gemini AI.
Microsoft released record 200 Patch Tuesday fixes including critical flaws; Veeam Backup & Replication RCE (CVE-2026-44963, CVSS 9.4) requires immediate patching; 73 GitHub repos remain compromised as Miasma supply-chain attack investigation continues.
Miasma worm compromises 73 Microsoft GitHub repositories; SolarWinds Serv-U DoS flaw confirmed actively exploited; WordPress Everest Forms Pro critical RCE under active attack; Meta AI bot abused to reset Instagram accounts.
Microsoft GitHub hit by Miasma self-replicating worm across 73 repositories; SolarWinds Serv-U actively exploited for DoS; Chrome 149 patches record 429 vulnerabilities.
IronWorm and Miasma worms actively distributed via 50+ poisoned npm packages; WordPress Everest Forms Pro (CVE-2026-3300) exploited for RCE on 4,000 sites; SolarWinds Serv-U flaw weaponized for DoS; 900+ US fuel tank gauges exposed and under attack.
Cisco patches critical Unified CM RCE with public PoC; Claude Code GitHub Action flaw enables repository hijack via GitHub issues; AI agents exploited in defense networks; Hola Browser compromised with cryptominer.
Red Hat npm packages compromised with Miasma credential-stealing worm; WordPress RCE via CVE-2026-8732; Instagram accounts hijacked via Meta AI bot exploit. Patch WP Maps Pro immediately, rotate developer credentials, enable MFA.
Ghost CMS SQL injection actively exploited across 700+ sites; Microsoft 365 phishing service Kali365 bypasses MFA; multi-ecosystem supply-chain attacks deliver credential stealers.
Supply-chain attacks hit npm and Composer ecosystems; LiteSpeed cPanel CVE-2026-48172 actively exploited; CISA contractor exposed AWS GovCloud credentials on GitHub.
Multiple supply-chain attacks targeting Laravel-Lang and Packagist packages, active exploitation of Drupal CVE-2026-9082, and critical CISA AWS credential leak on GitHub.
GitHub campaign injects malware into 5,561 repos; Drupal SQL injection actively exploited; CISA contractor exposes AWS GovCloud credentials.
Microsoft Exchange zero-day under active exploitation with no patch available. Shai-Hulud worm source code leaked, spawning clones targeting npm developers. INTERPOL Operation Ramz arrested 201 cybercriminals across MENA region.
Critical Microsoft Exchange zero-day exploited in wild; npm supply chain attacks compromise OpenAI; Turla APT evolves Kazuar into P2P botnet; WordPress plugins actively harvesting payment cards.
Critical supply-chain attacks via compromised npm/PyPI packages, Canvas ransomware disrupting education nationwide, and massive vulnerability patches (Microsoft 137, Adobe 52, Exim critical) require immediate response.
Critical supply chain compromise of Checkmarx Jenkins plugin, first AI-generated zero-day 2FA bypass exploit, and active Canvas education platform extortion campaign require immediate response.
Canvas learning platform compromised in extortion attack affecting hundreds of schools; supply-chain attacks hit JDownloader, Hugging Face, and Trellix; banking trojan TCLBANKER targets 59 financial platforms; critical ICS/OT breaches at water treatment plants.
Critical vulnerabilities in Apache HTTP/2 and MetInfo CMS, supply-chain compromise of DAEMON Tools, and persistent OAuth backdoors require immediate response.
Critical supply chain attacks compromise PyTorch Lightning and SAP packages; Russian state-sponsored actors steal Office tokens; AI-accelerated exploitation shrinks time-to-compromise to 24 hours.
Critical supply-chain attacks on SAP npm packages and North Korean AI-assisted malware, combined with cPanel authentication bypass and state-sponsored credential harvesting, create immediate existential threats to enterprise infrastructure and critical systems.
Critical supply chain attacks on developer platforms, Russian state-sponsored token theft via router exploits, and unpatched Windows RPC privilege escalation demand immediate defensive action.
Critical supply-chain compromises affecting Bitwarden CLI and Checkmarx tools; Russian state actors harvesting Office 365 tokens; AI-powered attacks outpacing human response capabilities.
Critical supply chain attacks via malicious Docker images and npm worms, state-sponsored credential theft campaigns targeting Microsoft Office, and destructive Lotus Wiper malware deployed against Venezuelan energy infrastructure require immediate response across all organizations.
Critical Adobe Reader zero-day, CPUID supply-chain compromise distributing STX RAT, Russian APT harvesting Office tokens via router exploits, and Iranian actors targeting 4,000+ U.S. industrial control systems.
Critical exploitation of Marimo RCE, Iranian targeting of 4,000 US PLCs, and Russian token harvesting via routers demand immediate patching and access controls.
State-sponsored APT campaigns targeting Microsoft 365 and supply chains escalate with GitHub C2 usage and zero-day exploits deployed within 24 hours of breach.
Critical Citrix vulnerability actively exploited, Axios npm supply chain attack spreading RAT, OpenAI vulnerabilities enabling data theft, state-sponsored APT operations escalating against telecom and healthcare sectors
Critical supply-chain compromise of Telnyx PyPI package, active iOS exploitation, state-sponsored wiper attacks on medical device firm, and advanced APT malware targeting telecom infrastructure demand immediate response.
Critical supply chain attacks on LiteLLM and development tools, wiper attacks on medical device manufacturer, and RCE vulnerabilities in manufacturing systems demand immediate response.
Critical supply chain attacks on Trivy scanner and VS Code, destructive Iran-linked wipers targeting Kubernetes, and phishing-as-a-service platforms resurging with 29K IRS victims. Initial access now occurs in 22 seconds.
Critical vulnerabilities in Oracle Identity Manager and Langflow actively exploited; Trivy supply chain attack escalates with CanisterWorm across 47 npm packages; Russian intelligence phishing campaigns compromise thousands.
Subscribe free and never miss a threat briefing.