SiliconAngle reports that third-party compromise accounted for 36% of all data breaches last year, which may still be undervalued due to inadequate reporting and improper classification, highlighting the escalation in vendor-driven attacks.
Attack surfaces have become more varied as technology services and products were only involved in almost half of all third-party breaches, compared with 75% in 2023, a report from SecurityScorecard revealed. Most targeted by third-party attacks were organizations in the retail and hospitality sector, followed by those in the tech and healthcare industries, while Singapore, the Netherlands, and Japan were the most impacted countries. Third-party breach prevalence in the U.S. last year was also found to be below the global average. "Our research shows ransomware groups and state-sponsored attackers increasingly leveraging supply chains as entry points. To stay ahead of these threats, security leaders must move from periodic vendor reviews to real-time monitoring to contain these risks before they escalate throughout their supply chain," said SecurityScorecard STRIKE Threat Research and Intelligence Senior Vice President Ryan Sherstobitoff.
Official XRP Ledger library infected to facilitate crypto theft Widely used XRP Ledger Foundation-maintained npm JavaScript library xrpl.js which Ripple recommended for the XRP blockchain has been compromised with malicious code enabling the exfiltration of XRP wallet seeds and private keys, which could then be used to pilfer cryptocurrency wallet assets, reports BleepingComputer.
Supply chain at risk of AI-hallucinated code dependencies Extensive dependence on large language models in the code development process could increase the risk of a slopsquatting supply chain intrusions, which involve the creation of hallucinated open source software to lure targets into downloading malicious packages, reports Infosecurity Magazine.
