cybersecuritydive.com
Resources curated from this publisher and indexed across appsec.fyi topic pages. Last item added: 2026-06-03.
| Date Added | Resource | Excerpt |
|---|---|---|
| 2026-06-03 2026 | Dozens of Red Hat npm packages targeted in supply- chain attackSupply Chain | Dozens of Red Hat npm packages were compromised in a sophisticated supply-chain attack. The vulnerability allowed attackers to inject malicious code into the development pipeline, potentially affecting a wide range of users and projects relying on these packages. Details about the specific vulnerabilities and the extent of the compromise are still emerging, but the incident highlights the ongoing risks associated with software supply chains. No bounty payout amount is mentioned in the provided content. |
| 2026-05-29 2026 | CISA urges security teams to check for software development compromisesSupply Chain | CISA is issuing an urgent alert to security teams, advising them to proactively scan their systems for compromises within their software development environments. This directive highlights the critical need to safeguard the integrity of the software supply chain. The agency's recommendation stems from concerns about potential vulnerabilities and breaches that could affect the development process, leading to widespread risks for downstream users. Security teams are encouraged to implement robust checks and balances to ensure the safety and trustworthiness of their software development practices. |
| 2026-05-21 2026 | Grafana Labs links GitHub environment breach to TanStack npm supply chain attackSupply Chain | Grafana Labs has linked a breach of their GitHub environment to a supply chain attack targeting the TanStack npm package. Attackers compromised the TanStack npm package, likely through unauthorized access, and then used it to inject malicious code. This malicious code was subsequently utilized to gain unauthorized access to Grafana Labs' GitHub environment. The investigation is ongoing to determine the full extent of the compromise and to implement necessary security measures. |
| 2026-04-21 2026 | CISA urges security teams to view environments following axios compromiseSupply Chain | CISA urges security teams to view environments following axios compromise https://ift.tt/JYRaA0z |
| 2026-04-20 2026 | Vulnerability exploitation surges often precede disclosure offering possible early warningsRCE | Vulnerability exploitation surges often precede disclosure, offering possible early warnings https://ift.tt/UAnQyhJ |
| 2026-04-09 2026 | CISA adds second critical flaw in Ivanti EPMM to exploited vulnerabilities catalogRCE | CISA adds second critical flaw in Ivanti EPMM to exploited vulnerabilities catalog https://ift.tt/vfeE3wl |
| 2026-04-03 2026 | Researchers warn of critical flaws in Progress ShareFileRCE | Researchers warn of critical flaws in Progress ShareFile https://ift.tt/OIsV6B0 |
| 2026-04-02 2026 | Axios open source library targeted in sophisticated supply chain attackSupply Chain | Axios open source library targeted in sophisticated supply chain attack https://ift.tt/m7Wu1vD |