Supply-chain attack
-
China-linked PlushDaemon hijacks software updates with new EdgeStepper implant, ESET says
ESET researchers say a China-linked group called PlushDaemon is hijacking software-update traffic using an EdgeStepper network implant that redirects update domains to attacker servers and delivers a chain of malware including LittleDaemon, DaemonicLogistics and the SlowStepper backdoor.
-
Wealthsimple reports data breach affecting under 1% of customers; breach tied to third‑party software in suspected supply‑chain attack
Wealthsimple disclosed a data breach affecting less than 1% of its customers, with attackers accessing personal data but not funds or passwords. The breach is linked to a compromised third-party software package and is being treated as part of a broader Salesloft supply-chain attack. The firm is offering two years of free credit monitoring and…
