#supply-chain
// 6 transmissions tagged with #supply-chain
Red Hat npm packages compromised, users urged to secure dependencies
A GitHub issue reports that several Red Hat npm packages have been compromised, exposing users to potential security risks. Red Hat is investigating and recommends immediate removal or audit of the affected packages.
FBI director Kash Patel's apparel site hosts clickfix malware
The website for FBI director Kash Patel's apparel brand is actively hosting a 'ClickFix' attack that tricks visitors into installing malware, PCMag reported May 23, 2026 [PCMag]. The malicious script was delivered through a third-party service on the site.
Memory shortage pushes smartphone prices up 15% in 2026
AI-driven memory demand has tightened supply, pushing average smartphone prices up 15% in 2026 and threatening the era of budget devices [davidoks.blog].
GitHub confirms breach via malicious VS Code extension
GitHub says attackers accessed 3,800 internal repos after compromising an employee device through a malicious VS Code extension [source: @appinventiv4ai].
Mini Shai-Hulud malware hits 314 npm packages
The Mini Shai-Hulud malware has compromised 314 npm packages by injecting obfuscated malicious code, according to SafeDep.
TanStack npm supply-chain compromise revealed
TanStack's postmortem analysis details the npm supply-chain compromise, caused by a vulnerable dependency in one of its packages [TanStack Blog]. The incident led to malicious code injection, affecting users.