Axios npm packages backdoored in supply chain attack - Help Net Security An attacker has published backdoored Axios npm packages that trigger the installation of droppers and remote access trojans.

Axios npm packages backdoored in supply chain attack

📖 Read more: www.helpnetsecurity.com/2026/03/31/a...

#cybersecurity #cybersecuritynews #supplychaincompromise #supplychainattacks #JavaScript @opensourcemalware.bsky.social

Using coding agents? Be explicit with your prompts, don’t assume the agent knows your intent.

LLMs are trained to be helpful & try to over deliver.

In agents, this can be dangerous.

Compare these prompts & responses.

@github.com this is dangerous.

#Agentic #AI #LLM #SupplyChainCompromise #Axios

CISA sounds alarm on Langflow RCE, Trivy supply chain compromise after rapid exploitation - Help Net Security CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities catalog: CVE-2026-33017 and CVE-2026-33634.

CISA sounds alarm on Langflow RCE, Trivy supply chain compromise after rapid exploitation

📖 Read more: www.helpnetsecurity.com/2026/03/27/c...

#cybersecurity #cybersecuritynews #supplychaincompromise #vulnerability

LiteLLM PyPI packages compromised in expanding TeamPCP supply chain attacks - Help Net Security A slew of supply chain attacks against popular open source tools and packages appears to have been orchestrated by TeamPCP cybercriminals.

LiteLLM PyPI packages compromised in expanding TeamPCP supply chain attacks

📖 Read more: www.helpnetsecurity.com/2026/03/25/t...

#cybersecurity #cybersecuritynews #malware #opensource #supplychaincompromise @pypi.org @aikidosecurity.bsky.social

Firmware-level Android backdoor found on tablets from multiple manufacturers - Help Net Security A new Android backdoor embedded directly in device firmware can quietly take control of apps and harvest data, Kaspersky researchers found.

Firmware-level Android backdoor found on tablets from multiple manufacturers

📖 Read more: www.helpnetsecurity.com/2026/02/17/f...

#cybersecurity #cybersecuritynews #Android #backdoor #malware #firmware #supplychaincompromise

Salesforce Gainsight compromise: Early findings and customer guidance - Help Net Security Following Salesforce's revocation of tokens associated with Gainsight-published applications, Gainsight has been keeping customers updated.

Salesforce Gainsight compromise: Early findings and customer guidance

📖 Read more: www.helpnetsecurity.com/2025/11/21/s...

#cybersecurity #cybersecuritynews #supplychaincompromise @mandiant.com

Cloudflare confirms data breach linked to Salesloft Drift supply chain compromise - Help Net Security Cloudflare has also been affected by the Salesloft Drift breach, and the attackers got their hands on 104 Cloudflare API tokens.

Cloudflare confirms data breach linked to Salesloft Drift supply chain compromise
www.helpnetsecurity.com/2025/09/03/c...

#Infosec #Security #Cybersecurity #CeptBiro #Cloudflare #DataBreach #SalesloftDrift #SupplyChainCompromise

Malicious RVTools installer found on official site, researcher warns - Help Net Security The official site for RVTools has apparently been hacked to serve malware with the utility, a security researcher has warned.

Malicious RVTools installer found on official site, researcher warns

📖 Read more: www.helpnetsecurity.com/2025/05/19/r...

#cybersecurity #cybersecuritynews #supplychaincompromise #virtualization

Lottie Player supply chain compromise: Sites, apps showing crypto scam pop-ups - Help Net Security A supply chain compromise involving Lottie Player has made decentralized finance apps show pop-ups urging users to connect their wallets.

Lottie Player supply chain compromise: Sites, apps showing crypto scam pop-ups
www.helpnetsecurity.com/2024/10/31/l...
#Infosec #Security #Cybersecurity #CeptBiro #LottiePlayer #SupplyChainCompromise #Sites #Apps #CryptoScamPopUps