Sleeper Supply Chain Attack Activates After 6 Years
A coordinated supply chain attack has compromised between 500 and 1,000 e-commerce websites by exploiting vulnerabilities in 21 Magento extensions from vendors Tigren, Meetanshi, and Magesolution (MGS). Security firm Sansec discovered that attackers had injected backdoors into these extensions as early as 2019, with the malicious code remaining dormant until activated in April 2025. The […]
Russian-Controlled Open Source Tool Raises Alarms Over U.S. Cybersecurity
A widely used open-source Go library, easyjson, used in healthcare, finance and even defence has come under scrutiny after cybersecurity firm Hunted Labs revealed its deep ties to a sanctioned Russian company, the VK Group. The tool, integral to numerous U.S. government and enterprise systems, is maintained by developers based in Moscow, raising concerns about […]
Signal Archiving Tool Used By Trump Admin Is Breached, Raising Alarms Over Messaging Security (EDITORIAL)
(EDITORIAL) A messaging tool used by Trump administration officials to archive encrypted Signal messages has been hacked — twice — forcing its suspension and raising new concerns over how high-level U.S. communications are being protected. TeleMessage, an Israel-based tool used by government agencies to archive encrypted messages from platforms like Signal, Telegram, and WeChat, has […]
