BBLabs NewsBBLabs News
NewsAll articlesTopics
ES
  1. Home
  2. ›
  3. Glossary
  4. ›
  5. Supply Chain Attack
Ciberataques

Supply Chain Attack

Definition

Attack that compromises a software supply-chain component (dependency, build pipeline, vendor) to infect all of its consumers with a single intrusion.

Canonical cases: SolarWinds (build server compromised → 18k customers injected, including US govs), Kaseya (RMM software → ransomware in thousands of SMBs), MOVEit (file-transfer vulnerability → Cl0p exfiltrates from hundreds of customers), event-stream / Ledger BTC (npm packages compromised by maintainers or takeover).

Typical vectors: dependency confusion (publish a package with a private name in a public registry), typosquatting (request vs reqests), maintainer takeover (accounts with leaked or reused creds), build pipeline injection (compromised GitHub Action, open CI runner), repo jacking (GitHub user renamed/deleted, attacker claims the handle).

Defence: SBOM (Software Bill of Materials), version pinning + integrity hashes, automated dependency review, runner hardening (no secrets in public jobs), build/deploy separation, artefact signing (Sigstore).

Related terms

  • Ransomware
  • APT
  • Phishing

Latest articles on Ciberataques

  • →China's Webworm hits EU govs via Discord and Microsoft Graph
  • →Linux rootkits, router 0-day, AI intrusions: 25 attacks
  • →Megalodon: 5,561 GitHub repos hit with malicious CI/CD workflows

Interested in Ciberataques?

Get one technical story a day on ciberataques — curated, summarised, actionable.

Subscribe
BBLabs NewsBBLabs News

Una historia al día. Cero ruido.

Newsletter técnica de ciberseguridad, vulnerabilidades, IA y bug bounty. Para gente que se toma en serio no perder el tiempo.

Conecta

Comunidad

  • Discord BBLabsÚnete a la comunidad
  • Discord Bug Bounty EspañaComunidad BB Es

Síguenos

  • YouTube · 0xGorkaCyber, hacking y bug bounty
  • Instagram · @bblabs.esLo último del proyecto

Contacto

team@bblabs.esEscríbenos para lo que sea

Para feedback, partnerships o reportar un bug en la web. Respondemos rápido.

Acerca de·Temas·Glosario·RSS·Privacidad·Términos
© 2026 BBLabs News·Por Gorka El Bochi
Hecho en España