Supply-Chain - 1

2025 (2)

December (1)

security: Shai-Hulud 2.0: Guidance for detecting, investigating, and defending against the supply chain attack

Microsoft Security Blog

2025-12-09

Shai‑Hulud 2.0 is a large-scale supply chain attack in which adversaries maliciously modified hundreds of public packages to compromise developer environments, CI/CD pipelines, and cloud workloads in order to harvest credentials and configuration secrets. Microsoft published guidance to detect, investigate, and defend against these compromises across development toolchains, build systems, and cloud assets.

September (1)

security: XCSSET evolves again: Analyzing the latest updates to XCSSET’s inventory

Microsoft Security Blog

2025-09-25

Microsoft Threat Intelligence has identified a new variant of the XCSSET malware that targets Xcode projects used by developers building Apple and macOS applications, detailed in a Microsoft Security Blog post.