T1195.001Compromise Software Dependencies and Development Tools
90%
"renovate & dependabot : the new malware delivery system supply chain attacks every other morning unless you ’ ve lived under a rock for the last few months, you probably noticed that software supply chain attacks are getting trendy among threat actor groups. over the last 12 mont…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1195.001Compromise Software Dependencies and Development Tools
86%
"new severe attacks added to our dreadful collection : - trivy - action & litellm campaign by team pcp. - the most popular axios package compromise. both those attacks followed a now - classical pattern, spreading through compromised open - source dependencies to maximise the impa…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1195.001Compromise Software Dependencies and Development Tools
85%
"trivy - action compromise, automated dependency update mechanisms can act as an internal threat, forcing malicious code into your repository. another similar situation can occur in a supply chain security blind spot. an army of careless bots corporate projects are the obvious pla…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1195.001Compromise Software Dependencies and Development Tools
64%
"when used, is also an efficient way to be alerted about breaches early. let ’ s rethink the perimeter the axios 1. 14. 1 incident is a story about speed. the malicious package was live for a matter of hours, and in that window, automated systems across hundreds of repositories ha…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1195.001Compromise Software Dependencies and Development Tools
50%
"##encies they use. for that reason, the developer community invented renovate and dependabot, two systems that track and apply those updates. however, updating and installing packages is generally all that supply - chain malware needs to spread the infection. dependabot and renov…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1195.002Compromise Software Supply Chain
33%
"when used, is also an efficient way to be alerted about breaches early. let ’ s rethink the perimeter the axios 1. 14. 1 incident is a story about speed. the malicious package was live for a matter of hours, and in that window, automated systems across hundreds of repositories ha…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Recent supply chain attacks stayed live for hours. Automation tools silently merged their malware in minutes. Read how upgrade bots and AI agents became the insider threat.