Supply chain attack via manipulated CDN conceals admin accounts and web shells on over 1.2 million WordPress websites; infections are not detectable through the standard dashboard.
A self-replicating worm compromises 73 Microsoft repositories through stolen administrative credentials, exploiting the trust model of GitHub and npm without leveraging software vulnerabilities.
Two years after a supply-chain attack on polyfill.io, the compromised domain caused fake login prompts on websites of major brands through leftover code.
