HackingPassion.com
👻 home posts ethical hacking course newsletter shop whoami github youtube
HackingPassion.com

Supply Chain Attack

12 posts

/optinmonster-supply-chain-backdoor/optinmonster-supply-chain-backdoor.png
OptinMonster Supply Chain Attack Hits 1.2 Million WordPress Sites

June 16, 2026

1.2 million WordPress sites were caught in a supply chain attack last week, where the admin’s own login quietly created a secret account and planted a …

/atomic-arch-aur-malware/atomic-arch-aur-malware.png
Hackers Hijacked 400 Arch Linux AUR Packages to Install Malware

June 13, 2026

More than 400 packages in the Arch User Repository (AUR) were hijacked this week, and the attacker never broke into a single system to do it. They took over …

/gtig-ai-zero-day/featured-image.png
Google Catches the First AI Built Zero-Day and Stops a Mass Attack Before It Starts

May 17, 2026

Google caught a criminal group that used AI to find a zero-day in a popular web admin tool and had a working exploit ready for a mass attack against thousands …

/pypi-supply-chain-attack-xinference-teampcp/featured-image.png
How TeamPCP Poisoned Six Python Packages and Breached Over 1000 Organizations in Five Weeks

April 23, 2026

A group of attackers has been quietly poisoning Python packages for five weeks straight. They have exfiltrated data from over 500,000 infected machines, hit …

/nginx-hijacking-no-malware/featured-image.png
Hackers Are Hijacking NGINX Servers Without Installing Malware

February 5, 2026

Hackers are hijacking NGINX web servers and rerouting live traffic through their own infrastructure. No malware installed, no vulnerability exploited. Just a …

/escan-antivirus-breach-2026-technical-analysis/featured-image.png
How eScan Antivirus Delivered Malware Instead of Protection

February 3, 2026

eScan antivirus got hacked. Again. Same company, same update infrastructure exploited, two years apart. This time: hundreds of machines infected in a 2-hour …

/notepad-plus-plus-supply-chain-attack/featured-image.png
Notepad++ Supply Chain Attack Full Story

February 2, 2026

Notepad++ delivered malware for six months. From June to December 2025, the update system was compromised. Millions of people use this software. Some of them …

/openclaw-moltbot-clawdbot-security-nightmare/featured-image.png
Three Names in Four Days and 1,800 Servers Leaking Credentials

January 31, 2026

Three names in four days! This AI assistant was Clawdbot, then Moltbot, and now OpenClaw. 1,800 exposed instances leaking API keys, passwords, and private …

/snap-store-domain-hijacking/featured-image.png
Snap Store Domain Hijacking Lets Attackers Push Malware Through Trusted Linux Apps

January 23, 2026

Attackers found a way to hijack legitimate apps in the Snap Store. 7000 packages. Millions of Linux users. One victim already lost 9 Bitcoin. That was $490,000. …

/aws-supply-chain-vulnerability/featured-image.png
Two Missing Characters Nearly Compromised the AWS Supply Chain

January 17, 2026

Netflix. Twitch. iCloud. The servers of the CIA and NSA. 30% of all cloud infrastructure worldwide runs on Amazon Web Services. Two missing characters in a …

/esa-breach-200gb-data-stolen/featured-image.jpg
European Space Agency Hacked: 200GB Stolen in 7 Days, Data Sold on FBI Honeypot

January 5, 2026

€7.68 billion budget. 3,000 staff. A brand new Cyber Security Operations Centre opened. A hacker spent 7 days inside their systems downloading 200GB of data. …

/lotusbail-npm-whatsapp-credential-theft/featured-image.jpg
Malicious npm Package Stole WhatsApp Messages for 6 Months: 56,000 Downloads

December 24, 2025

56,000 downloads. 6 months online. A WhatsApp library on npm was stealing credentials, messages, and contacts. Nobody noticed. 🤔 The package is called …