chain
Beyond the kill chain: What cybercriminals do with their money (Part 5)
Content warning: Because of the nature of some of the activities we discovered, this series of articles contains content that some readers may find upsetting. This includes profanity and references to drugs, drug addiction, gambling, pornography, violence, arson, and sex work. These references are textual only and do not include images or videos. Having explored…
Software supply chain security AI agents take action | TechTarget
Software supply chain security tools from multiple vendors moved from software vulnerability detection to proactive vulnerability fixes with new AI agents released this week. AI agents are autonomous software entities backed by large language models that can act on natural language prompts or event triggers within an environment, such as software pull requests. As…
⚡ THN Weekly Recap: GitHub Supply Chain Attack, AI Malware, BYOVD Tactics, and More
Mar 24, 2025Ravie LakshmananWeekly Recap / Hacking A quiet tweak in a popular open-source tool opened the door to a supply chain breach—what started as a targeted attack quickly spiraled, exposing secrets across countless projects. That wasn’t the only stealth move. A new all-in-one malware is silently stealing passwords, crypto, and control—while hiding in plain…
PlushDaemon compromises supply chain of Korean VPN service
ESET researchers provide details on a previously undisclosed China-aligned APT group that we track as PlushDaemon and one of its cyberespionage operations: the supply-chain compromise in 2023 of VPN software developed by a South Korean company, where the attackers replaced the legitimate installer with one that also deployed the group’s signature implant that we have…