All Categories

Supply Chain Attacks

Compromising software or hardware at the source before it reaches the end user.

13 case studies

·

Supply Chain Attacks

13 cases
2024critical

XZ Utils Backdoor: Two-Year Social Engineering of Open Source Maintainer

2 min readSupply Chain Attacks
2024high

Polyfill.io CDN Hijack: 100,000 Websites Serve Malicious JavaScript After Domain Sale

2 min readSupply Chain Attacks
2023high

GitHub Actions Supply Chain: tj-actions Breach Exposes CI Secrets of 23,000 Repositories

2 min readSupply Chain Attacks
2023critical

3CX Supply Chain: Attack Inside an Attack — Trading Technologies Compromised First

2 min readSupply Chain Attacks
2022high

PyPI Malicious Packages: Thousands of Typosquatting Packages Steal Developer Credentials

2 min readSupply Chain Attacks
2021critical

Kaseya VSA: Ransomware Delivered to 1,500 Businesses in One Hit

2 min readSupply Chain Attacks
2021critical

Codecov Bash Uploader Compromise: CI/CD Secrets Harvested from Thousands of Companies

2 min readSupply Chain Attacks
2021critical

PHP Git Backdoor: Attackers Push Malicious Commits to PHP's Official Source

2 min readSupply Chain Attacks
2020critical

SolarWinds Supply Chain Attack

2 min readSupply Chain Attacks
2019critical

ASUS Live Update ShadowHammer: 1 Million PCs Receive Backdoored Official Updates

2 min readSupply Chain Attacks
2018high

EventStream npm: Malicious Code Buried in Dependency Targets Bitcoin Wallet

2 min readSupply Chain Attacks
2017critical

CCleaner Backdoor: 2.27 Million Downloads Infected via Legitimate Software Update

2 min readSupply Chain Attacks
2011critical

RSA SecurID: When Two-Factor Authentication Gets Hacked

2 min readSupply Chain Attacks

Defend against supply chain attacks

Practical guides drawn directly from these incidents.

Browse guides