Back to articles

Tag archive

#supplychainattack

n
Jul 16, 2026

npm Supply Chain Attacks: Miasma RAT & CI/CD Pipeline Exploits

A Unit 42 report details the evolution of npm supply chain attacks since the Shai-Hulud worm in 2025. It describes recent 2026 campaigns by the threat actor TeamPCP and the deployment of a new Miasma RAT variant. A significant attack on July 14, 2026, compromised AsyncAPI's GitHub repositories by exploiting unprotected pre-production branches in its CI/CD pipeline. This allowed attackers to bypass code reviews, steal credentials like NPM_TOKEN, and publish trojanized packages. The Miasma payload uses a multi-stage, obfuscated process, fetches a second stage from IPFS, and establishes persistence on compromised developer systems. The analysis highlights a strategic shift towards more sophisticated, systematic campaigns targeting software development lifecycles.

Jul 16, 20267 min read0 reactions0 comments
D
Jul 16, 2026

Deutsche Bank Confirms Third-Party Breach After Ransomware Claim

Deutsche Bank has acknowledged a cybersecurity incident at a third-party service provider following claims from the 'Unsafe' ransomware group. The group posted data on its leak site allegedly stolen from the bank, including employee records. Deutsche Bank asserts that its own internal systems were not compromised and that the incident was contained to an external marketing vendor in Germany. The event highlights the significant supply chain risks facing large financial institutions.

Jul 16, 20264 min read0 reactions0 comments
A
Jul 15, 2026

AsyncAPI Supply Chain Attack Delivers Miasma RAT via NPM

A sophisticated supply chain attack has compromised several official AsyncAPI npm packages. Attackers gained push access to the project's GitHub 'next' branch, using the legitimate CI/CD pipeline to publish malicious versions containing the Miasma RAT. This technique bypassed typical defenses by using valid npm OIDC provenance attestations, highlighting significant risks in modern software development workflows. The Miasma RAT payload affects Windows, macOS, and Linux systems, posing a threat to developer environments and downstream applications.

Jul 15, 20264 min read0 reactions0 comments
J
Jul 13, 2026

Jscrambler npm Package Compromised in Supply Chain Attack

A software supply chain attack targeted developers using the popular 'jscrambler' npm package on July 11, 2026. A malicious version, 8.14.0, was published to the npm registry containing a malicious preinstall hook. This hook automatically executed a native, cross-platform infostealer written in Rust upon installation via `npm install`. The malware was designed to harvest a wide array of developer credentials, including browser data, cryptocurrency wallets, password manager vaults, and cloud access tokens. The malicious version was quickly identified and deprecated by Jscrambler, who stated there were no confirmed downloads. The incident underscores the significant risk of compromised credentials in CI/CD pipelines and developer environments.

Jul 13, 20264 min read0 reactions0 comments
M
Jul 12, 2026

Malicious 'jscrambler' NPM Package Versions Deploy Cross-Platform Infostealer in Sophisticated Supply Chain Attack

A supply chain attack hit the popular `jscrambler` npm package, with malicious versions published to the registry using a compromised maintainer credential. These versions contained a Rust-based infostealer designed to steal developer credentials from cloud services (AWS, Azure, GCP), cryptocurrency wallets, and a new class of AI coding tools like Claude and Cursor. The malware executed via `preinstall` hooks and later `require()`-time injection, demonstrating evolving evasion tactics. Jscrambler has since revoked the credential, deprecated the malicious versions, and urged users to upgrade to a clean version and rotate all secrets.

Jul 12, 20265 min read0 reactions0 comments
E
Jul 18, 2026

EY Data Breach Linked to Compromised Third-Party IT Platform

Global professional services firm Ernst & Young (EY) has disclosed a data breach that occurred via a compromised third-party IT service management platform. Between March and April 2026, an unauthorized actor gained access to the system and downloaded documents containing sensitive personal and financial data from client tax support tickets. EY has secured the platform and notified authorities, but the full number of affected clients has not been disclosed.

Jul 18, 20263 min read0 reactions0 comments
T
Jul 18, 2026

Tata Electronics Responds to 'World Leaks' Ransomware Attack

Following a significant data exfiltration incident in June 2026 claimed by the 'World Leaks' ransomware group, Tata Electronics has implemented most of the cybersecurity controls recommended by incident response firm Mandiant. The attack resulted in the theft of over 200,000 files, including sensitive materials related to major clients like Apple and Tesla, highlighting the supply chain risks in the global electronics manufacturing ecosystem.

Jul 18, 20263 min read0 reactions0 comments
F
Jul 18, 2026

Fairlife Production Suspended Following Ransomware Incident

Fairlife, a dairy subsidiary of The Coca-Cola Company, has temporarily suspended its U.S. production operations following a ransomware attack. The incident compromised production-related systems, forcing an immediate shutdown to contain the threat. This attack underscores a growing trend of cybercriminals targeting the food and agriculture sector, which has seen a significant increase in both opportunistic and targeted attacks throughout 2026. Law enforcement has been notified, and an investigation is underway to determine the scope and origin of the attack.

Jul 18, 20263 min read0 reactions0 comments
N
Jul 17, 2026

Nichirei Cyberattack Disrupts Japanese Food Supply Chain

Japanese logistics giant Nichirei Corporation suffered a major cyberattack, causing significant disruption to the nation's food supply chain. The attack, detected on July 13, forced the company to halt operations at its refrigerated warehouses, impacting major clients like KFC Japan, which warned of potential store closures. The shutdown also affected retailer Aeon and restaurant operator Colowide. Nichirei, Japan's largest cold-chain operator, has since begun a phased resumption of services. The company has not disclosed the nature of the attack but confirmed some servers contained personal information.

Jul 17, 20264 min read0 reactions0 comments