Critical GitHub CodeQL Vulnerability Exposes Supply Chain Attack Risk
A security flaw in GitHub CodeQL temporarily exposed a privileged token that could enable supply chain attacks affecting thousands of repositories. The vulnerability allowed potential code execution and data theft through GitHub Actions workflows, though GitHub's swift response prevented any known compromises.
Vietnamese Hackers Target Supply Chain with Zero-Day Exploits in VeraCore Software
XE Group, a Vietnamese cybercrime organization, has evolved from credit card theft to sophisticated supply chain attacks by exploiting critical zero-day vulnerabilities in VeraCore. The group deployed advanced web shells to maintain persistent unauthorized access to manufacturing and distribution systems since 2020.
Hijacked AWS Storage Buckets Expose Major Organizations to Supply Chain Attacks
Security researchers discovered 150 abandoned AWS S3 storage buckets previously used by major organizations that could be easily re-registered and hijacked. The vulnerability allowed researchers to gain control over storage locations still receiving millions of requests from government agencies and corporations.