Mastodon 🐘

techiFermilab Cyberattack Contained, But Raises Red Flags. Hackers hit Fermilab via a Microsoft SharePoint flaw, but damage was minimal and no classified data was accessed. Experts warn it's part of a growing trend of cyberattacks targeting U.S. research and energy systems.<a href="https://mstdn.social/tags/Fermilab" class="mention hashtag" rel="tag">#Fermilab</a> <a href="https://mstdn.social/tags/Cybersecurity" class="mention hashtag" rel="tag">#Cybersecurity</a> <a href="https://mstdn.social/tags/Microsoft" class="mention hashtag" rel="tag">#Microsoft</a> <a href="https://mstdn.social/tags/SharePoint" class="mention hashtag" rel="tag">#SharePoint</a> <a href="https://mstdn.social/tags/DOE" class="mention hashtag" rel="tag">#DOE</a> <a href="https://mstdn.social/tags/HackingAlert" class="mention hashtag" rel="tag">#HackingAlert</a> <a href="https://mstdn.social/tags/NNSA" class="mention hashtag" rel="tag">#NNSA</a> <a href="https://mstdn.social/tags/SupplyChainSecurity" class="mention hashtag" rel="tag">#SupplyChainSecurity</a> <a href="https://mstdn.social/tags/CyberAttack2025" class="mention hashtag" rel="tag">#CyberAttack2025</a> <a href="https://mstdn.social/tags/TechNews" class="mention hashtag" rel="tag">#TechNews</a>Read Full Article Here :- <a href="https://www.techi.com/fermilab-cyberattack-microsoft-sharepoint-flaw/" target="_blank" rel="nofollow noopener" translate="no">https://www.techi.com/fermilab-cyberattack-microsoft-sharepoint-flaw/</a>

TechnoTenshi :verified_trans: :Fire_Lesbian:Popular Python package <code>num2words</code> v0.5.15 was flagged as compromised after being published without a GitHub tag. Linked to the "Scavenger" threat actor, it was quickly removed from PyPI. Projects using automated tools may have already pulled the malicious version. Check and downgrade if needed. <a href="https://www.stepsecurity.io/blog/supply-chain-security-alert-num2words-pypi-package-shows-signs-of-compromise" rel="nofollow noopener" translate="no" target="_blank">https://www.stepsecurity.io/blog/supply-chain-security-alert-num2words-pypi-package-shows-signs-of-compromise</a><a href="https://infosec.exchange/tags/Python" class="mention hashtag" rel="nofollow noopener" target="_blank">#Python</a> <a href="https://infosec.exchange/tags/SupplyChainSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#SupplyChainSecurity</a> <a href="https://infosec.exchange/tags/PyPI" class="mention hashtag" rel="nofollow noopener" target="_blank">#PyPI</a> <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a>

kpcyrd 🏴Malware was recently found in some popular npm pkgs: <a href="https://socket.dev/blog/npm-is-package-hijacked-in-expanding-supply-chain-attack" rel="nofollow noopener" translate="no" target="_blank">https://socket.dev/blog/npm-is-package-hijacked-in-expanding-supply-chain-attack</a>I checked the affected versions against the whatsrc.org dataset, while most of the packages (eslint-config-prettier, eslint-plugin-prettier, synckit, @pkgr/core, napi-postinstall, is) have been seen in SBOM used by Linux distributions, the compromised versions aren't in the dataset.Looks like it got caught early enough. <a href="https://chaos.social/tags/supplychainsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#supplychainsecurity</a> <a href="https://chaos.social/tags/archlinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#archlinux</a>

LMG SecurityFederal Cybersecurity Cuts Increase the Risks for Your OrganizationA sweeping executive order just wiped out key federal cybersecurity mandates—including SBOMs, encryption standards, and phishing-resistant MFA requirements. If your business buys software, handles sensitive data, or supports critical infrastructure, this rollback directly impacts you.Find out: ▪ Which protections were cut ▪ Why the risk has shifted to your organization ▪ What security leaders must do now to fill the gapRead our blog: <a href="https://www.lmgsecurity.com/federal-cybersecurity-cuts-raise-risks-heres-how-to-respond/" rel="nofollow noopener" translate="no" target="_blank">https://www.lmgsecurity.com/federal-cybersecurity-cuts-raise-risks-heres-how-to-respond/</a><a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cybersecurity</a> <a href="https://infosec.exchange/tags/FederalCybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#FederalCybersecurity</a> <a href="https://infosec.exchange/tags/SBOM" class="mention hashtag" rel="nofollow noopener" target="_blank">#SBOM</a> <a href="https://infosec.exchange/tags/MFA" class="mention hashtag" rel="nofollow noopener" target="_blank">#MFA</a> <a href="https://infosec.exchange/tags/ThirdPartyRisk" class="mention hashtag" rel="nofollow noopener" target="_blank">#ThirdPartyRisk</a> <a href="https://infosec.exchange/tags/SupplyChainSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#SupplyChainSecurity</a> <a href="https://infosec.exchange/tags/CISO" class="mention hashtag" rel="nofollow noopener" target="_blank">#CISO</a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#Infosec</a> <a href="https://infosec.exchange/tags/RiskManagement" class="mention hashtag" rel="nofollow noopener" target="_blank">#RiskManagement</a> <a href="https://infosec.exchange/tags/ITsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#ITsecurity</a> <a href="https://infosec.exchange/tags/SMB" class="mention hashtag" rel="nofollow noopener" target="_blank">#SMB</a>

Pyrzout :vm:High-Value NPM Developers Compromised in New Phishing Campaign <a href="https://www.securityweek.com/high-value-npm-developers-compromised-in-new-phishing-campaign/" rel="nofollow noopener" translate="no" target="_blank">https://www.securityweek.com/high-value-npm-developers-compromised-in-new-phishing-campaign/</a> <a href="https://social.skynetcloud.site/tags/SupplyChainSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#SupplyChainSecurity</a> <a href="https://social.skynetcloud.site/tags/SupplyChain" class="mention hashtag" rel="nofollow noopener" target="_blank">#SupplyChain</a> <a href="https://social.skynetcloud.site/tags/phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#phishing</a> <a href="https://social.skynetcloud.site/tags/NPM" class="mention hashtag" rel="nofollow noopener" target="_blank">#NPM</a>

Manuel BisseyChina warns of foreign backdoors in tech—on land and under the sea. A geopolitical tech tug-of-war is reshaping global supply chain trust. 🌍🔍 <a href="https://cyberplace.social/tags/SupplyChainSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#SupplyChainSecurity</a> <a href="https://cyberplace.social/tags/GeopoliticalCyberRisk" class="mention hashtag" rel="nofollow noopener" target="_blank">#GeopoliticalCyberRisk</a><a href="https://go.theregister.com/feed/www.theregister.com/2025/07/23/china_backdoor_alerts/" rel="nofollow noopener" translate="no" target="_blank">https://go.theregister.com/feed/www.theregister.com/2025/07/23/china_backdoor_alerts/</a>

Hackread.com🚨 A fake npm website tricked a maintainer into giving up their token, letting attackers push malware into popular JS packages.Details: <a href="https://hackread.com/fake-npm-website-used-push-malware-via-stolen-token/" target="_blank" rel="nofollow noopener" translate="no">https://hackread.com/fake-npm-website-used-push-malware-via-stolen-token/</a><a href="https://mstdn.social/tags/Cybersecurity" class="mention hashtag" rel="tag">#Cybersecurity</a> <a href="https://mstdn.social/tags/npm" class="mention hashtag" rel="tag">#npm</a> <a href="https://mstdn.social/tags/JavaScript" class="mention hashtag" rel="tag">#JavaScript</a> <a href="https://mstdn.social/tags/infosec" class="mention hashtag" rel="tag">#infosec</a> <a href="https://mstdn.social/tags/supplychainsecurity" class="mention hashtag" rel="tag">#supplychainsecurity</a>

Sean Martin 🎙️✨:verified_paw: :donor:What’s Heating Up Before Black Hat? 🔥 AI agents, cloud risks, GRC shifts, identity chaos… or something else entirely?Join us live as we place our bets on the 4 trends that will shape this year’s hacker conference—and invite you to do the same.🧠 Insight from leading voices 🎤 Hosted by <a href="https://infosec.exchange/@seanmartin" class="u-url mention" rel="nofollow noopener" target="_blank">@seanmartin</a> & <a href="https://infosec.exchange/@Marcociappelli" class="u-url mention" rel="nofollow noopener" target="_blank">@Marcociappelli</a> 📅 Streamed live on July 31st, before Black Hat kicks off👉 Register now: <a href="https://www.crowdcast.io/c/whats-heating-up-before-black-hat-2025-place-your-bet-on-the-top-trends-set-to-shake-up-this-years-hacker-conference" rel="nofollow noopener" translate="no" target="_blank">https://www.crowdcast.io/c/whats-heating-up-before-black-hat-2025-place-your-bet-on-the-top-trends-set-to-shake-up-this-years-hacker-conference</a><a href="https://infosec.exchange/tags/BlackHat2025" class="mention hashtag" rel="nofollow noopener" target="_blank">#BlackHat2025</a> <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://infosec.exchange/tags/AgenticAI" class="mention hashtag" rel="nofollow noopener" target="_blank">#AgenticAI</a> <a href="https://infosec.exchange/tags/SupplyChainSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#SupplyChainSecurity</a> <a href="https://infosec.exchange/tags/GRC" class="mention hashtag" rel="nofollow noopener" target="_blank">#GRC</a> <a href="https://infosec.exchange/tags/AppSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#AppSec</a> <a href="https://infosec.exchange/tags/IdentitySecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#IdentitySecurity</a> <a href="https://infosec.exchange/tags/ITSPmagazine" class="mention hashtag" rel="nofollow noopener" target="_blank">#ITSPmagazine</a> <a href="https://infosec.exchange/tags/InfosecEvents" class="mention hashtag" rel="nofollow noopener" target="_blank">#InfosecEvents</a>

Cyfinoid ResearchIntroducing SBOM Play: A Privacy-First SBOM Explorer with Vulnerability & License Insights SBOM Play is a lightweight, browser-based tool designed to visualize and explore Software Bill of Materials (SBOMs), enhancing software supply chain management. It offers features like dependency graphs, license breakdowns, and vulnerability mapping, ensuring user privacy without complex setups or data uploads. Open source and user-friendly. <a href="https://cyfinoid.com/introducing-sbom-play-a-privacy-first-sbom-explorer-with-vulnerability-license-insights/" rel="nofollow noopener" translate="no" target="_blank">https://cyfinoid.com/introducing-sbom-play-a-privacy-first-sbom-explorer-with-vulnerability-license-insights/</a>

Olaf<a href="https://troet.cafe/@pixelschubsi" class="u-url mention" rel="nofollow noopener" target="_blank">@pixelschubsi</a> <a href="https://chaos.social/@Lilith" class="u-url mention" rel="nofollow noopener" target="_blank">@Lilith</a> du vergleist Äpfel mit Birnen. Das eine ist eine proprietär Software und das andere ein Protokoll. Geht also am Themen <a href="https://krefeld.life/tags/SupplyChainSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#SupplyChainSecurity</a> vorbei.

TechnoTenshi :verified_trans: :Fire_Lesbian:Helm v3.18.3 and earlier are vulnerable to local code execution via a crafted Chart.yaml and symlinked Chart.lock. Exploit occurs during dependency updates. Patched in v3.18.4.<a href="https://github.com/helm/helm/security/advisories/GHSA-557j-xg8c-q2mm" rel="nofollow noopener" translate="no" target="_blank">https://github.com/helm/helm/security/advisories/GHSA-557j-xg8c-q2mm</a><a href="https://infosec.exchange/tags/Helm" class="mention hashtag" rel="nofollow noopener" target="_blank">#Helm</a> <a href="https://infosec.exchange/tags/SupplyChainSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#SupplyChainSecurity</a> <a href="https://infosec.exchange/tags/GoLang" class="mention hashtag" rel="nofollow noopener" target="_blank">#GoLang</a> <a href="https://infosec.exchange/tags/DevSecOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#DevSecOps</a>

Manuel Bissey🛑 Ingram Micro confirms ransomware crippled operations, halting orders and services globally. SafePay claims responsibility, citing network misconfigurations. <a href="https://cyberplace.social/tags/Ransomware" class="mention hashtag" rel="nofollow noopener" target="_blank">#Ransomware</a> <a href="https://cyberplace.social/tags/SupplyChainSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#SupplyChainSecurity</a> 🧷🌐<a href="https://go.theregister.com/feed/www.theregister.com/2025/07/06/ingram_micro_confirms_ransomware_behind/" rel="nofollow noopener" translate="no" target="_blank">https://go.theregister.com/feed/www.theregister.com/2025/07/06/ingram_micro_confirms_ransomware_behind/</a>

Pyrzout :vm:Best Software Composition Analysis (SCA) Tools: Top 6 Solutions in 2025 – Source: securityboulevard.com <a href="https://ciso2ciso.com/best-software-composition-analysis-sca-tools-top-6-solutions-in-2025-source-securityboulevard-com/" rel="nofollow noopener" translate="no" target="_blank">https://ciso2ciso.com/best-software-composition-analysis-sca-tools-top-6-solutions-in-2025-source-securityboulevard-com/</a> <a href="https://social.skynetcloud.site/tags/rssfeedpostgeneratorecho" class="mention hashtag" rel="nofollow noopener" target="_blank">#rssfeedpostgeneratorecho</a> <a href="https://social.skynetcloud.site/tags/SecurityBloggersNetwork" class="mention hashtag" rel="nofollow noopener" target="_blank">#SecurityBloggersNetwork</a> <a href="https://social.skynetcloud.site/tags/ApplicationSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#ApplicationSecurity</a> <a href="https://social.skynetcloud.site/tags/SupplyChainSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#SupplyChainSecurity</a> <a href="https://social.skynetcloud.site/tags/CyberSecurityNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurityNews</a> <a href="https://social.skynetcloud.site/tags/SecurityBoulevard" class="mention hashtag" rel="nofollow noopener" target="_blank">#SecurityBoulevard</a> <a href="https://social.skynetcloud.site/tags/DevSecOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#DevSecOps</a> <a href="https://social.skynetcloud.site/tags/DevOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#DevOps</a>

Manuel Bissey🥦 Whole Foods supplier UNFI restores core systems after a cyberattack—supply chain resilience under pressure as investigations continue. <a href="https://cyberplace.social/tags/SupplyChainSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#SupplyChainSecurity</a> <a href="https://cyberplace.social/tags/RetailCyber" class="mention hashtag" rel="nofollow noopener" target="_blank">#RetailCyber</a> 🛒🔧<a href="https://www.bleepingcomputer.com/news/security/whole-foods-supplier-unfi-restores-core-systems-after-cyberattack/" rel="nofollow noopener" translate="no" target="_blank">https://www.bleepingcomputer.com/news/security/whole-foods-supplier-unfi-restores-core-systems-after-cyberattack/</a>

Bryce KunzPackage thieves are getting smarter, using devices to find GPS trackers. 🕵️‍♂️ The new countermove? Stealthy trackers that only 'wake up' and send signals when cargo *moves*, making them way harder to detect! <a href="https://infosec.exchange/tags/Tech" class="mention hashtag" rel="nofollow noopener" target="_blank">#Tech</a> <a href="https://infosec.exchange/tags/SupplyChainSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#SupplyChainSecurity</a> <a href="https://archive.is/RxRgP" rel="nofollow noopener" translate="no" target="_blank">https://archive.is/RxRgP</a>

Paul Reynolds :verified:NIS2: It’s not just an EU thing.A quiet shift in cybersecurity regulation is about to make noise – and UK businesses need to pay attention.NIS2 massively expands the original NIS Directive. More sectors. More requirements. More pressure on leadership to actually care about cyber risk.If your business touches the EU (or works with suppliers who do), it could be in scope – even if you’re based in the UK. And even if it’s not mandatory, aligning with NIS2 is quickly becoming a mark of credibility.🔒 Risk-based security ⏱ Rapid incident reporting 🔗 Supply chain accountability 📈 Leadership-level responsibilityNot sure if you’re affected? Want to get ahead of the game? Let’s talk.Compliance is moving fast. I’ll help you keep up 👽<a href="https://paulreynolds.uk/nis2-compliance/" rel="nofollow noopener" translate="no" target="_blank">https://paulreynolds.uk/nis2-compliance/</a><a href="https://infosec.exchange/tags/NIS2" class="mention hashtag" rel="nofollow noopener" target="_blank">#NIS2</a> <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://infosec.exchange/tags/Compliance" class="mention hashtag" rel="nofollow noopener" target="_blank">#Compliance</a> <a href="https://infosec.exchange/tags/RiskManagement" class="mention hashtag" rel="nofollow noopener" target="_blank">#RiskManagement</a> <a href="https://infosec.exchange/tags/SupplyChainSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#SupplyChainSecurity</a> <a href="https://infosec.exchange/tags/YDC" class="mention hashtag" rel="nofollow noopener" target="_blank">#YDC</a> <a href="https://infosec.exchange/tags/CyberEssentials" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberEssentials</a> <a href="https://infosec.exchange/tags/ISO27001" class="mention hashtag" rel="nofollow noopener" target="_blank">#ISO27001</a> <a href="https://infosec.exchange/tags/Leadership" class="mention hashtag" rel="nofollow noopener" target="_blank">#Leadership</a>

Manuel Bissey📧 Vendor Email Compromise (VEC) attacks are on the rise—more stealthy, more targeted, and harder to detect than ever. Trust alone isn’t a defense. Stay vigilant. <a href="https://cyberplace.social/tags/Scam" class="mention hashtag" rel="nofollow noopener" target="_blank">#Scam</a> 🕵️ <a href="https://cyberplace.social/tags/SupplyChainSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#SupplyChainSecurity</a> 🔐<a href="https://www.helpnetsecurity.com/2025/06/09/vendor-email-compromise-attacks-vec/" rel="nofollow noopener" translate="no" target="_blank">https://www.helpnetsecurity.com/2025/06/09/vendor-email-compromise-attacks-vec/</a>

Pyrzout :vm:React Native Aria Packages Backdoored in Supply Chain Attack <a href="https://www.securityweek.com/react-native-aria-packages-backdoored-in-supply-chain-attack/" rel="nofollow noopener" translate="no" target="_blank">https://www.securityweek.com/react-native-aria-packages-backdoored-in-supply-chain-attack/</a> <a href="https://social.skynetcloud.site/tags/SupplyChainSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#SupplyChainSecurity</a> <a href="https://social.skynetcloud.site/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#Malware</a>&Threats <a href="https://social.skynetcloud.site/tags/SupplyChain" class="mention hashtag" rel="nofollow noopener" target="_blank">#SupplyChain</a> <a href="https://social.skynetcloud.site/tags/backdoor" class="mention hashtag" rel="nofollow noopener" target="_blank">#backdoor</a> <a href="https://social.skynetcloud.site/tags/NPM" class="mention hashtag" rel="nofollow noopener" target="_blank">#NPM</a>

Recent searches

Search options

Administered by:

Server stats:

#supplychainsecurity