CyberNetsecIO8h ago

📰 WordPress Supply Chain Hit Again: ShapedPlugin Update Mechanism Compromised

⚠️ WordPress Supply Chain ATTACK: The update mechanism for ShapedPlugin has been hacked, pushing malicious code to sites via auto-updates. This is the 3rd major WP vendor hit recently. Review your plugins now! #WordPress #SupplyChainAttack #CyberSecu...

🌐 cyber[.]netsecops[.]io

🔗 https://cyber.netsecops.io/articles/wordpress-supply-chain-under-fire-as-shapedplugin-update-flow-is-hacked/?ut…

CyberNetsecIO2d ago

📰 WordPress Supply Chain Hit Again: ShapedPlugin Update Mechanism Compromised

⚠️ WordPress Supply Chain ATTACK: The update mechanism for ShapedPlugin has been hacked, pushing malicious code to sites via auto-updates. This is the 3rd major WP vendor hit recently. Review your plugins now! #WordPress #SupplyChainAttack #CyberSecu...

🌐 cyber[.]netsecops[.]io

🔗 https://cyber.netsecops.io/articles/wordpress-supply-chain-under-fire-as-shapedplugin-update-flow-is-hacked/?ut…

Tomas Ekeli3d ago
I've blogged. Cool down your dependencies: www.eke.li/security/2026/06/19/dependency-cooldowns.html

#dev #dependencyManagement #supplychainattack
Cool down your dependencies

Supply-chain attacks move fast and get caught fast. A dependency cooldown, ignoring any version published less than a few days ago, blocks most of them for a one-line config change. Here is how to turn it on across npm, PyPI, NuGet, Maven, and your editor.

Thoughts and stuff
The CyberSec Guru5d ago

How 144 Mastra npm Packages Got Poisoned in Under an Hour And Nobody Noticed Until It Was Too Late

144 Mastra npm packages were compromised on June 17, 2026 via easy-day-js, a typosquatted dependency that drops a cross-platform infostealer

https://thecybersecguru.com/news/mastra-npm-supply-chain-attack-easy-day-js/

fzap5d ago

"DepsGuard looks for npm, pnpm, yarn, bun, uv, pip, poetry, and aube on your machine, reads their config files, compares them to recommended supply-chain settings, and can apply fixes interactively. "

https://github.com/arnica/depsguard

#arch #archlinux #malware #supplychainattack #depsguard

GitHub - arnica/depsguard: Harden your package manager configs against supply chain attacks.

Harden your package manager configs against supply chain attacks. - arnica/depsguard

GitHub
K-Toast  Jun 15

In Anbetracht der aktuellen Angriffe auf das #AUR Repository, sehe ich dunkle Wolken auch für andere Repositories aufziehen. #AUR schätze ich als verhältnismäßig leichtes Ziel ein, aber die Unsympathen üben möglicherweise nur.

Die Bedrohungslage ist nicht nur gefühlt ziemlich hoch.

#OSS #OpenSource #SupplyChain #SupplyChainAttack #Risiko

AmmarSpacesJun 13

RE: https://fosstodon.org/@archlinux/116738652549604531

#Archlinux Supply chain incident shows the thing that always ignored by common people:

Expecting you are not the target, because people rarely used it.

Which points to: Attackers will do things where it is the place you are least expect.

#cybersecurity #supplychainattack

Hackread.comJun 12

📣🚨 Over 20 Linux packages were compromised in the #AtomicArch campaign, which abuses AUR ownership transfers to drop rootkit-like malware.

Read: https://hackread.com/atomic-arch-hijacks-linux-aur-packages-malware/

#CyberSecurity #Linux #Malware #SupplyChainAttack

Atomic Arch Campaign Hijacks 20+ Linux AUR Packages to Deliver Malware

Over 20 Linux packages were compromised in the Atomic Arch campaign, which abuses AUR ownership transfers to drop rootkit-like malware.

Hackread - Cybersecurity News, Data Breaches, AI and More
Show threadJTIJun 12

@sodiboo @ifin @threatintel Made a consolidated AUR malware checker for the atomic-lockfile supply-chain attack now on GitHub.

Merges detection scripts from the gist[1] and Kidev, BrianCArnold, commonsourcecs, Kacper-Kondracki, quantenProjects, Andre Herbst, ioctl.fail, and Kusoneko into a single repo. Checks known compromised packages, scans pacman.log history, checks for systemd persistence and eBPF rootkit artifacts.

https://github.com/lenucksi/aur-malware-check

UPDATE 7/13/26: Friendly contributors added a 'download official arch hedgedoc list' and the new new bun package and I added some more convenience features.

[1] https://gist.github.com/Kidev/59bf9f5fb53ab5eee99f19a6a2fc3992

#AUR #ArchLinux #SupplyChainAttack #Malware #InfoSec #atomiclockfile

GitHub - lenucksi/aur-malware-check: Detection tools for the June 2026 atomic-lockfile AUR supply-chain attack. Consolidated from community Gists.

Detection tools for the June 2026 atomic-lockfile AUR supply-chain attack. Consolidated from community Gists. - lenucksi/aur-malware-check

GitHub
Meteora WebJun 9

🚨 NEWS: Microsoft: repository GitHub hackerati per rubare password degli sviluppatori AI

Ecco i punti chiave in breve:
💡 Un attacco mirato ai repository open source di Microsoft ha esposto le credenziali di migliaia di sviluppatori AI. La società ha disattivato decine di repository GitHub dopo che un...

🚀 LINK: https://meteoraweb.com/news/microsoft-repository-github-hackerati-per-rubare-password-degli-sviluppatori-ai

#supplyChainAttack #microsoftGitHubHack #credentialStealerSviluppatoriAI #sicurezzaRepositoryOpenSource #furtoPasswordAI