Threat Intelligence for Supply Chain Security

Found something interesting and it is Open Source!! A public, structured threat feed for software supply chain security. Yes, including malware and vulnerabilities. One of the most common struggles I hear from engineering teams is: “Where do we get reliable, real-time visibility into open source vulnerabilities and malware?” Aikido decided to solve that with intel.aikido.dev/ Here’s how they built it: They’re pulling in raw data from public changelogs, diffs, advisories, release notes, registries… and running it through an LLM pipeline that: ↳ Normalizes inconsistent formats ↳ Extracts package, version, CVE, severity, exploitability ↳ Classifies by ecosystem and vulnerability type (XSS, prototype pollution, etc.) Then a human security engineer reviews each finding and assigns an Intel ID + severity. The result? Near real-time updates on intel.aikido.dev ✅ Open-source ✅ No paywall ✅ API-first ✅ Forkable + community contributions welcome (AGPL) Unlike most commercial feeds. It is built with developers in mind. Looking at the stats since Jan 2025: → 1,136 OSS vulnerabilities surfaced → 21,741 malware packages caught → 67% had no CVE → CVE delay averaged 27 days (some up to 9 months) If you're securing your CI/CD pipeline or need fresher intel for your alerts—this is worth checking out. https://intel.aikido.dev/

I spent over two decades years chasing threats most people never see coming. Russian state hackers just made your supply chain their playground. Amazon's threat intel team confirmed APT29, Russia's elite cyber unit, and more commonly known as COZY BEAR, has been weaponizing cloud infrastructure to target Western critical infrastructure for years. Not theoretical. Not someday. Right now. Here's what should be keeping Logistics decision makers up at night: They're using AWS, Azure, and Google Cloud as command-and-control hubs. Your logistics systems, vendor portals, and supply chain software all run on these platforms. The lesson? Nation-state actors don't care about your firewall. They're already inside the infrastructure you trust. Three actions for logistics leaders today: 1. Audit your cloud security posture across all providers 2. Implement zero-trust architecture for supply chain access 3. Train your team to recognize sophisticated phishing—APT29 is patient and convincing This isn't an IT problem. It's a business continuity crisis waiting to happen. When your distribution network goes dark because of a nation-state attack, your customers won't care about the technical details. They'll remember you weren't prepared. What's your organization doing to harden supply chain infrastructure against state-sponsored threats? https://lnkd.in/ec65efzP

Third-Party Risk: The Hidden Cybersecurity Battlefield in Modern Supply Chains In our interconnected digital ecosystem, your security posture is only as strong as your weakest vendor. Modern enterprises rely on 100s of third-party vendors, creating an exponentially expanding attack surface. Supply chain attacks have become the preferred vector for sophisticated threat actors. Instead of targeting well-defended enterprises directly, attackers exploit vulnerabilities in trusted vendors to simultaneously breach hundreds of downstream organizations. Game-Changing Examples SolarWinds (2020): Compromised software updates affected 18,000+ customers including Fortune 500 companies and government agencies, demonstrating how a single vendor breach cascades across entire sectors. MOVEit (2023): A single vulnerability led to data breaches affecting over 600 organizations globally, showcasing the massive scale of modern supply chain impacts. Why Third-Party Risk Monitoring is Critical Continuous Visibility: Traditional annual assessments are insufficient. Organizations need real-time monitoring of vendor security posture, breach notifications, and compliance status changes. Risk Amplification: When attackers target managed service providers or software vendors, the impact multiplies across all their clients. One compromised vendor can expose thousands of organizations simultaneously. Regulatory Liability: With GDPR, CCPA, and emerging supply chain regulations, organizations face increasing liability for third-party security failures. Proactive monitoring demonstrates due diligence. Building Effective Defense Continuous Assessment: Implement real-time vendor risk scoring across your entire ecosystem Zero Trust Extension: Apply least-privilege access controls to all third-party connections Incident Response Integration: Ensure your IR plans account for vendor breaches with clear communication protocols Contractual Protection: Update vendor agreements with security requirements and liability provisions The Bottom Line Organizations can no longer treat vendor risk as procurement afterthought. The question isn't whether your supply chain will be targeted — it's whether you'll detect and respond effectively when it happens. The strongest security programs extend beyond organizational boundaries to create defensible ecosystems, not just defensible enterprises. #ThirdPartyRisk #TRPM #SupplyChainAttack #CyberSecurity

Introducing SITF: The First Threat Framework for SDLC Infrastructure by Wiz Open-source framework mapping 70+ attacks. Attack Flow Visualizer for drag-and-drop threat modeling. Shay Berkovich describes how SITF (SDLC Infrastructure Threat Framework) can help organizations harden their SDLC. ⛓️ Model recent supply chain attacks. 🛡️ See a prioritized list of security controls you should implement. 🗡️ Review attack techniques and learn from them. --- SITF maps 70+ attack techniques across five SDLC pillars: 1. Endpoint/IDE 2. VCS 3. CI/CD 4. Registry 5. Production The framework includes an Attack Flow Visualizer for drag-and-drop threat modeling that auto-generates prioritized defense matrices. So given threats or attacks you want to protect against → here are the top controls you should implement first. The post also walks through modeling Shai-Hulud 2.0 using SITF, giving a nice overview of the attack, and the controls that would have prevented each step. The framework runs entirely client-side with no data leaving your machine. 📎 Blog: https://lnkd.in/gBRdx76q 🌐 Live site: https://lnkd.in/gHKdncH4 ⭐ GitHub: https://lnkd.in/gnmexd49 #cybersecurity #supplychain

THREAT PROFILE: PYROXENE — EMERGING OT THREAT GROUP ℹ️ PYROXENE is an active threat group identified by Dragos in 2025 for conducting supply-chain-focused cyber operations against defense, aviation, maritime, and critical infrastructure sectors across the Middle East, North America, and Western Europe. ℹ️ The group primarily operates in Stage 2 (Develop) of the ICS Cyber Kill Chain, performing reconnaissance and establishing pathways from IT networks toward OT environments, likely for future disruptive or destructive operations. ℹ️ PYROXENE collaborates with the initial access broker PARISITE, which provides compromised infrastructure access later leveraged for internal reconnaissance and persistence. ℹ️ The group employs recruitment-themed social engineering and customized malware delivered through long-term persona building, using victim-specific Azure-based command-and-control infrastructure to maintain stealth. ℹ️ Its activity overlaps with UNC1549, an espionage cluster linked to Iran’s IRGC-CEC, indicating a strategic focus on prepositioning within critical infrastructure ecosystems through indirect supply-chain entry points rather than direct targeting. 📍 INFRASTRUCTURE ■ Spoofed domains of legitimate entities. ■ Azure and Cloudflare for C2. ■ Compromised websites and email accounts. ■ LIS for malware hosting. ■ Bulletproof hosting providers. ■ Controls privately owned VPSs and VPNs. 📍 ADVERSARY ■ Overlaps with APT35 cluster, associated with entities and operators sanctioned by US Government. ■ Disruptive operations align with geopolitical tensions. ■ Focus on strategic supply chain compromises. ■ Employs misattribution tactics. 📍 VICTIMOLOGY ■ Confirmed critical infrastructure victims in USA, Europe, and Middle East. ■ Focus on transportation and logistics, defense, government, technology, aerospace, and aviation. 📍 CAPABILITIES ■ Custom-developed malware and tooling. ■ Obfuscates C2 using email, LIS, and Cloud hosting. ■ Engages in long-term social engineering campaigns. ■ Manages multiple campaigns concurrently. ■ Strategic Website Compromises (SWC). ■ Creates destructive wiper malware. 📌 Source: Dragos 🔗 https://lnkd.in/dBSj5k38 #pyroxene #ics #operationaltechnology #otsecurity #industrialcybersecurity #icssecurity #threathunting #threatdetection #threatanalysis #threatintelligence #cyberthreatintelligence #cyberintelligence #cybersecurity #cyberprotection #cyberdefense

One compromised vendor can expose hundreds of companies. Do you know every domain and IP your stack actually touches? In Check Point Research’s latest 24th November Threat Intelligence Report (https://lnkd.in/gfiA8TyK), the “Scattered LAPSUS$ Hunters” group claims a supply-chain attack via Salesforce-integrated platform Gainsight, saying data from 300 organizations, including Verizon, GitLab, and Atlassian, was exposed. Salesforce reports unusual activity on Gainsight integrations and revoked all active access tokens as a precaution, emphasizing no vulnerability in its core platform. The same report describes Google’s analysis of a nearly three-year APT24 campaign built around the BadAudio downloader, which ultimately delivered payloads across more than 1,000 domains by repeatedly abusing marketing infrastructure and supply-chain paths. This is why I keep coming back to domain-centric intelligence. If you’re not continuously enriching your vendor list with WHOIS changes, DNS history, and IP netblocks, you’re blind to many of the relationships attackers are happy to exploit. At WhoisXML API, our Cyber Threat Intelligence Enrichment solution is built to show you that bigger picture — mapping your supply chain’s internet footprint so you can spot risky vendor assets early, not after they’re in an incident report. 👉 More here: https://lnkd.in/gYgW3WiY

Cyber Intel Brief: Insightsoftware Supply Chain Risk Dataminr has detected threat actor 888 advertising the alleged exfiltration of Atlas source code and sensitive credentials from Insightsoftware. This is a significant supply chain threat for organizations relying on Atlas for financial reporting. Why this matters: ➤ Source Code Exposure: Attackers can hunt for zero-day vulnerabilities to bypass security in any organization using Atlas. ➤ Weaponized Trust: Stolen keys could allow for the injection of malicious code into legitimate software updates. ➤ High-Value Targets: 888 (previous member of the group led by IntelBroker) has a history of targeting global leaders like Samsung and LG via cloud misconfigurations. Early detection gives you a critical window to rotate secrets and audit your infrastructure before this data is weaponized. Read the full brief for proactive mitigation steps: https://okt.to/xLU157 #CyberIntelBrief #Dataminr #AI #SupplyChainRisk

The ENISA Threat Landscape 2025 report provides critical insight into the evolving threat environment—and the findings demand immediate attention. The data reveals a fundamental shift in both attack methodology and target selection: → Operational technology and supply chain attacks now account for nearly 30% of reported incidents, demonstrating that adversaries have moved beyond traditional IT perimeters to target the systems underpinning critical infrastructure and essential services. → AI-driven phishing now powers over 80% of social engineering attacks globally, representing an industrialization of tactics that previously required significant manual effort and expertise. What this means for defense: Phishing campaigns are no longer handcrafted—they are algorithmically optimized and deployed at scale. Voice, video, and email authentication mechanisms that once served as trust signals are now systematically exploited through generative AI and deepfake technology. Our traditional detection architectures were not designed for this threat landscape. The gap between attack velocity and defensive capability continues to widen. The path forward requires: • Advanced behavioral analytics and real-time data correlation • AI-informed detection models capable of countering AI-generated threats • Intelligence fusion across organizational boundaries • Automation that matches the speed and scale of modern threat actors Most critically: this is no longer solely a technical challenge. When 30% of incidents impact operational technology and supply chains, cybersecurity becomes a matter of business continuity and systemic resilience. Boards must treat cyber risk with the same rigor applied to financial, operational, and reputational risk. Resilience cannot be delegated—it must be embedded in strategy, governance, and operational design. I recommend reviewing the full ENISA report. The question for every organization is clear: are your defenses aligned with the threat reality of 2025?

The recent Blue Yonder ransomware incident is another wake-up call for our industry. As a major supply chain technology provider serving over 3,000 companies across 76 countries, their disruption has created ripple effects, impacting everything from retail operations to manufacturing. This isn’t just another cyber incident. It’s a clear reminder that supply chain resilience must be a cornerstone of any cybersecurity strategy. The timing of this attack, during peak holiday season, shows how threat actors are targeting our most critical periods! Three lessons stand out: 1. 𝐕𝐢𝐬𝐢𝐛𝐢𝐥𝐢𝐭𝐲 𝐛𝐞𝐲𝐨𝐧𝐝 𝐝𝐢𝐫𝐞𝐜𝐭 𝐬𝐮𝐩𝐩𝐥𝐢𝐞𝐫𝐬 𝐢𝐬 𝐞𝐬𝐬𝐞𝐧𝐭𝐢𝐚𝐥: Blue Yonder’s platforms handle critical functions like inventory management and workforce scheduling. The widespread impact, such as Starbucks facing payroll issues and major retailers relying on emergency measures, shows why we need a complete view of our supply chain networks, not just direct suppliers. 2. 𝐓𝐫𝐚𝐝𝐢𝐭𝐢𝐨𝐧𝐚𝐥 𝐬𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐦𝐞𝐚𝐬𝐮𝐫𝐞𝐬 𝐚𝐫𝐞 𝐧𝐨 𝐥𝐨𝐧𝐠𝐞𝐫 𝐞𝐧𝐨𝐮𝐠𝐡: The convergence of AI, cloud services, and complex partnerships demands real-time intelligence and automated monitoring. Periodic assessments simply won’t cut it anymore when facing modern threats!! 3. 𝐃𝐲𝐧𝐚𝐦𝐢𝐜 𝐫𝐢𝐬𝐤 𝐩𝐫𝐢𝐨𝐫𝐢𝐭𝐢𝐳𝐚𝐭𝐢𝐨𝐧 𝐦𝐚𝐭𝐭𝐞𝐫𝐬: Supply chain security isn’t just about managing risks, it’s about ensuring trust through proactive, transparent partnerships. When critical technology providers face disruptions, having tools in place to detect patterns and act swiftly can mean the difference between a manageable incident and widespread failure. This incident reinforces the urgency of integrating advanced technologies with collaborative vendor relationships. The question isn’t whether we should invest in these capabilities, it’s whether we can afford not to.

🚨 The recent npm supply chain attack is a wake-up call for all of us Yesterday's npm attack perfectly illustrates why supply chain security can't be an afterthought. When threat actors successfully compromise widely-used packages through phishing campaigns targeting maintainers, they instantly gain access to millions of downstream projects and applications. Key takeaways from this incident: ✅ Attackers used sophisticated phishing to compromise maintainer accounts ✅ Malicious code was designed to steal cryptocurrency transactions ✅ The rapid community response limited damage, but the potential impact was massive ✅ This follows the recent Nx package attacks in August - supply chain threats are accelerating As Orca Security highlighted in their recent blog posts on the s1ngularity attack and SBOM security, we need comprehensive visibility into our cloud-native supply chains. Our 2025 State of Cloud Security Report shows that 62% of organizations have severe vulnerabilities in code repositories that could lead to supply chain attacks - making this a critical risk alongside other growing cloud security challenges The reality is that every dependency in our codebase represents potential risk. We need: 🔒 Better authentication and access controls for package maintainers 🔍 Continuous monitoring of our software bill of materials (SBOM) 🛡️ Runtime protection that can detect and prevent malicious code execution 📊 Visibility into the full dependency tree of our applications Supply chain security isn't just a developer problem - it's a business-critical issue that requires organization-wide attention and investment. What security measures is your team implementing to protect against supply chain attacks? Drop your thoughts below 👇 https://lnkd.in/ecK9sc-T https://lnkd.in/e4PJwdFb #SupplyChainSecurity #CyberSecurity #npm #OpenSource #DevSecOps #CloudSecurity