supply_chain

Supply Chain Risk: Exploiting Abandoned Domains of Linux Package Maintainers

06 September 2025 - Posted in Other by Jok3r

Background: In my recent articles, we discussed a lot various supply chain attack scenarios. This led me to think about a new type of supply chain attack, specifically targeting Linux package [...] Read more

Infinity War: Threat in the Docker Images

14 July 2025 - Posted in Other by Jok3r

Background: In one of our previous articles, we discussed analyzing Docker images for vulnerabilities at the operating system level. In this article, we will explore another attack pattern related to [...] Read more

Case Study: Tackling Extension Infections with a Budget-Friendly Scratch Project

01 January 2025 - Posted in Threat Analyze by Jok3r

Backgound: Following a notification from a company that fell victim to a supply chain attack, where attackers compromised their Chrome extension, I realized the importance of addressing this issue. [...] Read more

Securing the Software Supply Chain: Detecting and Responding to Compromised Packages Due to Maintainer Account Compromises

03 August 2024 - Posted in Other by Jok3r

Background: Today, we heavily rely on open-source developed packages and solutions. Previous lessons have shown that compromises in these solutions can pose critical threats. These solutions serve as [...] Read more

Understanding Supply Chain Attacks: The Case of Polyfill CDN

29 June 2024 - Posted in Incident Response by Jok3r

Background: A supply chain attack involving a popular JavaScript library being served over a dedicated content delivery network (CDN) could result in the injection of harmful code into web pages that [...] Read more