JDownloader website compromised to distribute malicious installers
The supply chain attack involved attackers modifying the website's download links to point to malicious third-party payloads.
Manufacturing
20 articles
Build Application Firewalls Aim to Stop the Next Supply Chain Attack
Rather than scanning code alone, Build Application Firewalls inspect runtime behavior inside the software build pipeline. The post Build Application Firewall...
GTIG AI Threat Tracker: Adversaries Leverage AI for Vulnerability Exploitation, Augmented Operations, and Initial Access
Executive Summary Since our February 2026 report on AI-related threat activity, Google Threat Intelligence Group (GTIG) has continued to track a maturing tra...
fsnotify Maintainer Access Change Sparks Supply Chain Security Concerns
A dispute over maintainer access in the widely used Go library fsnotify has triggered temporary supply chain concerns after contributors were removed from th...
Police take down relaunched criminal marketplace with 22,000 users, €3.6 million in revenue
German authorities shut down a relaunched version of the criminal marketplace Crimenetwork and arrested its suspected operator. The domain seizure notice (So...
Checkmarx Jenkins AST Plugin Compromised in Supply Chain Attack
A malicious version of the plugin was published to the Jenkins Marketplace late last week. The post Checkmarx Jenkins AST Plugin Compromised in Supply Chain ...
Review: Foundations of Cybersecurity, 2nd edition
Jason Andress has refreshed his introductory security text for No Starch Press. He writes in the introduction that the term security now extends past data ce...
Over 500 Organizations Hit in Years-Long Phishing Campaign
Victims span across the aviation, critical infrastructure, energy, logistics, public administration, and technology sectors. The post Over 500 Organizations ...
Official JDownloader site served malware to Windows and Linux users between May 6 and May 7
JDownloader website was hacked to distribute malicious Windows and Linux installers carrying a Python RAT between May 6–7, 2026. JDownloader official website...
Braintrust security incident raises concerns over AI supply chain risks
Braintrust warned customers to rotate API keys after hackers breached an AWS account, exposing secrets tied to cloud-based AI models. AI observability startu...
Cyberattacks on Poland’s Water Plants: A Blueprint for Hybrid Warfare
Poland’s ABW confirmed hackers breached ICS at five water plants, gaining ability to alter equipment settings. Russia-linked APT groups suspected.
UIDAI and NFSU forge 5-year cybersecurity and digital forensics partnership
This strategic alliance, formalized on May 5 in Ahmedabad, establishes a framework to enhance cyber resilience within UIDAI's digital identity ecosystem.
Polish Security Agency Reports ICS Breaches at Five Water Treatment Plants
The hackers gained the ability to modify equipment operational parameters, creating a direct risk to the public water supply. The post Polish Security Agency...
Quasar Linux RAT Steals Developer Credentials for Software Supply Chain Compromise
A previously undocumented Linux implant codenamed Quasar Linux RAT (QLNX) is targeting developers' systems to establish a silent foothold as well as facilita...
Your refresh plan has a CVE blind spot
The conversation is straightforward, but the problem behind it is not. The customer bought servers in 2017 and typically refresh every five to six years.
Vendor Says Daemon Tools Supply Chain Attack Contained
The software developer has identified the impacted systems, removed potentially compromised files, and validated installation packages. The post Vendor Says ...
AI Coding Agents Could Fuel Next Supply Chain Crisis
“TrustFall” attack shows how AI coding agents can be manipulated into launching stealthy supply chain compromises. The post AI Coding Agents Could Fuel Next ...
Hackers Weaponize Claude AI in Attacks on Water and Drainage Utilities
Hackers have abused commercial Claude AI models to help compromise a Mexican water and drainage utility’s IT network and probe systems connected to critical ...
ThreatsDay Bulletin: Edge Plaintext Passwords, ICS 0-Days, Patch-or-Die Alerts and 25+ New Stories
Bad week. Turns out the easiest way to get hacked in 2026 is still the same old garbage: shady packages, fake apps, forgotten DNS junk, scam ads, and stolen ...
Gemini CLI Vulnerability Could Have Led to Code Execution, Supply Chain Attack
Attackers could inject prompts into a GitHub issue and take over the AI agent designed to automatically triage the issue. The post Gemini CLI Vulnerability C...