Security researchers have uncovered a new supply chain attack targeting the NPM registry with malicious code that exhibits worm-like propagation capabilities. Named Sandworm_Mode, the attack was deployed through 19 packages published under two aliases, which relied on typo squatting to trick developers into executing the malicious code. According to cybersecurity firm Socket, the attack bears the hallmarks of the Shai-Hulud campaign that hit roughly 800 NPM packages in September and November 2
supplychainattack (3)
Many malware attacks against open-source software components have compromised thousands of software packages and repositories, but the practical damage these attacks have caused organizations is harder to quantify. The longer-term and indirect costs of these attacks may prove most significant for organizations. Open-source components and software have long been a well-established source of threat activity. The widespread use, combined with the broad variance in how well-supported different pro
What began as a quiet investigation into suspicious Salesforce activity has escalated into one of the most significant SaaS supply chain incidents of the year. Google's Threat Intelligence Group (GTIG) reports that a threat actor, tracked as UNC6395, exploited compromised OAuth tokens from Salesloft's Drift integrations to extract data from multiple customers' Salesforce instances. The campaign ran at least from 8 to 18 August 2025. GTIG's assessment is blunt: "GTIG assesses the primary intent o
