BBLabs NewsBBLabs News
NewsAll articlesTopics
ES
  1. Home
  2. ›
  3. Glossary
  4. ›
  5. Supply Chain Attack
Ciberataques

Supply Chain Attack

Definition

Attack that compromises a software supply-chain component (dependency, build pipeline, vendor) to infect all of its consumers with a single intrusion.

Canonical cases: SolarWinds (build server compromised → 18k customers injected, including US govs), Kaseya (RMM software → ransomware in thousands of SMBs), MOVEit (file-transfer vulnerability → Cl0p exfiltrates from hundreds of customers), event-stream / Ledger BTC (npm packages compromised by maintainers or takeover).

Typical vectors: dependency confusion (publish a package with a private name in a public registry), typosquatting (request vs reqests), maintainer takeover (accounts with leaked or reused creds), build pipeline injection (compromised GitHub Action, open CI runner), repo jacking (GitHub user renamed/deleted, attacker claims the handle).

Defence: SBOM (Software Bill of Materials), version pinning + integrity hashes, automated dependency review, runner hardening (no secrets in public jobs), build/deploy separation, artefact signing (Sigstore).

Related terms

  • Ransomware
  • APT
  • Phishing

Latest articles on Ciberataques

  • →Megalodon malware hits 5,500+ GitHub repos in 6 hours
  • →JINX-0164 hits crypto firms with fake recruiter macOS malware
  • →Dutch police arrest admins of bulletproof hosting used by Russian hackers

Interested in Ciberataques?

Get one technical story a day on ciberataques — curated, summarised, actionable.

Subscribe
BBLabs NewsBBLabs News

BBLabs News

Una historia al día. Cero ruido.

Newsletter técnica de ciberseguridad. Una historia al día sobre CVEs críticos, brechas, bug bounty e IA. Filtrado por IA, escrito para humanos.

Producto

  • Hemeroteca
  • Ediciones
  • Temas
  • Glosario
  • RSS
  • Atom
  • JSON Feed

Editorial

  • Acerca de
  • Suscribirse
  • Cuenta
  • English

Legal

  • Privacidad
  • Términos
  • Contacto: team@bblabs.es

Conectar

  • YouTube · @0xGorka
  • Instagram · @bblabs.es
  • Discord BBLabs
  • Discord Bug Bounty ES
31 artículos·10 ediciones·Desde 2026·Hecho en España
© 2026 BBLabs News·Por Gorka El Bochi