AISEC > Security News > Supply Chain

// SUPPLY CHAIN

// SUPPLY CHAIN

2 articles
All Zero-Day Ransomware Phishing Supply Chain AI Security Data Breaches Malware Vulnerabilities Attacks Security
2026-02-25 The Hacker News
Malicious NuGet Packages Stole ASP.NET Data; npm Package Dropped Malware

Security researchers discovered four malicious NuGet packages designed to steal ASP.NET Identity data including user accounts and permissions, while manipulating authorization rules to create backdoors in victim applications. This represents an active malware campaign targeting ASP.NET developers with real data exfiltration capabilities.

2026-02-23 The Hacker News
Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens

Cybersecurity researchers discovered an active supply chain attack campaign using at least 19 malicious npm packages to harvest cryptocurrency keys, CI secrets, and API tokens. The campaign, codenamed SANDWORM_MODE by Socket, represents a real threat targeting developers through compromised package dependencies.