cybermagazine.com
Resources curated from this publisher and indexed across appsec.fyi topic pages. Last item added: 2026-07-07.
| Date Added | Resource | Excerpt |
|---|---|---|
| 2026-07-07 2026 | Sophos Flags Vect-TeamPCP Cybercriminal Ransomware AllianceSupply Chain | Sophos has identified a new ransomware alliance called "Vect-TeamPCP." This group appears to be a collaboration of cybercriminals, with Vect (likely a ransomware strain) and Team PCP (potentially a ransomware-as-a-service platform) joining forces. This alliance suggests a more organized and sophisticated threat landscape, with increased potential for widespread attacks. Sophos is monitoring this development closely. |
| 2026-06-02 2026 | State of Supply Chain Security: Roundup of the Big HitsSupply Chain | Roundup of significant cyber incidents highlights the escalating threats to software supply chains and third-party vendors. The Maersk NotPetya attack in 2017, originating from a compromised M.E.Doc update, crippled global operations and underscored the need for patch management and business continuity. More recent attacks in 2025 impacted UK grocery chains like Marks & Spencer and manufacturer JLR, causing substantial revenue losses and production halts. These events emphasize the critical need for asset visibility, dependency tracking, continuous compliance monitoring, software security, and robust vendor risk management in increasingly interconnected ecosystems, especially with the expanding attack surface driven by AI adoption. |
| 2026-05-23 2026 | This Week's Top Five Stories in CyberSupply Chain | Platform addresses AI agent security risks with Agentic Fabric, enhancing visibility and control over non-human identities. Experian launches Transaction Forensics, an AI-powered threat detection platform, in collaboration with Resistant AI, to combat financial crime. Supply chain attacks targeting npm and PyPi ecosystems with credential stealer payloads, attributed to TeamPCP, highlight software supply chain vulnerabilities. Additionally, a lawsuit filed against Netflix alleges a surveillance system monetizing user viewing habits, using addictive designs to collect data. |
| 2026-05-19 2026 | TeamPCPs Mini Shai-Hulud Campaign Breaches TanStack npmSupply Chain | Writeup on the Mini Shai-Hulud campaign that targeted TanStack npm packages, exploiting GitHub Actions vulnerabilities to poison caches and publish malicious versions. This supply chain attack, attributed to TeamPCP, utilized a credential stealer and self-propagating worm to exfiltrate tokens, including OpenID Connect, CI/CD, and cloud credentials, affecting organizations like OpenAI. The malware specifically avoided Russian-language systems. |
| 2026-04-13 2026 | Axios Breach Fallout: OpenAI's MacOS App Updates ExplainedSupply Chain | Library updates address a supply chain attack that compromised the Axios JavaScript library, leading to a potential remote access trojan threat and exploited GitHub Actions workflows targeting OpenAI's macOS applications. OpenAI has rotated its macOS code signing certificate, released new versions of ChatGPT Desktop, Codex App, Codex CLI, and Atlas, and is revoking support for older, vulnerable versions to prevent credential misuse and the distribution of counterfeit software signed with compromised certificates. |