Critical Vulnerabilities in Fedora's Pagure Platform Expose Supply Chain Attack Risks
Security researchers discovered multiple critical vulnerabilities in Fedora's Pagure code hosting platform that could enable supply chain attacks through malicious code injection. The most severe flaw allowed attackers to compromise repositories and package specifications, leading Fedora to patch the issues and plan migration to Forgejo.
XE Group Evolves from Card Skimming to Zero-Day Exploitation in Supply Chain Attacks
Notorious cybercrime group XE Group has shifted tactics from credit card theft to exploiting critical vulnerabilities in supply chain software. The group now leverages sophisticated zero-day exploits and web shells to maintain long-term unauthorized access to manufacturing and distribution systems.
Abandoned AWS Storage Buckets: A Critical Supply Chain Attack Risk
Security researchers reveal how abandoned AWS S3 storage buckets can be exploited for large-scale cyberattacks, potentially enabling SolarWinds-like supply chain compromises. The study found approximately 150 deserted buckets previously used by major organizations receiving millions of file requests.