🐺 Wolves in the Repository: A Software Engineering Analysis of the XZ Utils Supply Chain Attack

｢ a new breed of supply chain attack that manipulates software engineering practices themselves – from community management to CI/CD configurations – to establish legitimacy and maintain long-term control ｣

https://arxiv.org/pdf/2504.17473

#xzutils #supplychainattack #opensource

🐺 Wolves in the Repository: A Software Engineering Analysis of the XZ Utils Supply Chain Attack

｢ a new breed of supply chain attack that manipulates software engineering practices themselves – from community management to CI/CD configurations – to establish legitimacy and maintain long-term control ｣

https://arxiv.org/pdf/2504.17473

#xzutils #supplychainattack #opensource

just came across this video which describes a supply chain attack on a popular minecraft server-side mod (zauctionhouse) which occured because credentials were obtained from stealer logs

https://www.youtube.com/watch?v=Ro-ucL_TA98

#infosec#minecraft#SupplyChainAttack

🚨 Malware Found in Official GravityForms Plugin Indicating Supply Chain Breach - Patchstack

https://patchstack.com/articles/critical-malware-found-in-gravityforms-official-plugin-site/

#gravityforms #supplychainattack #malware #wordpress