https://www.europesays.com/uk/3089/ Explainer: How Trump’s Tariffs Threaten Luxury Fashion #apparel #Business #earnings #StockMarkets #SupplyChain #UK #UnitedKingdom

Compromised SpotBugs Token Led to GitHub Actions Supply Chain Hack – Source: www.securityweek.com https://ciso2ciso.com/compromised-spotbugs-token-led-to-github-actions-supply-chain-hack-source-www-securityweek-com/ #rssfeedpostgeneratorecho #ApplicationSecurity #SupplyChainSecurity #CyberSecurityNews #securityweekcom #GitHubactions #securityweek #supplychain

PoisonSeed Targets CRM and Bulk Email Providers in New Supply Chain Phishing Attack
https://gbhackers.com/poisonseed-targets-crm-and-bulk-email-providers/

A disruption in Taiwan's exports could hit US builders hard. Drywall needs 125 screws per 100 sq. ft., and most came from Taiwan last year. A business professor breaks down the impact on U.S. imports: https://theconversation.com/more-than-just-chips-chinese-threats-and-trump-tariffs-could-disrupt-lots-of-made-in-taiwan-imports-disappointing-us-builders-cyclists-and-golfers-alike-253729 #tariffs #supplychain

Typosquatted Go Packages Deliver Malware Loader Targeting Li...

A malicious campaign is targeting the Go ecosystem with typosquatted packages that install hidden loader malware on Linux and macOS systems. The threat actor has published at least seven packages impersonating popular Go libraries, using array-based string obfuscation to hide malicious commands. The packages download and execute remote scripts that install an ELF file named f0eee999, which exhibits minimal initial malicious behavior. The campaign specifically targets UNIX-like environments, placing developers at risk. Multiple domains and fallback infrastructure suggest a persistent and adaptable threat actor. Developers are advised to implement real-time scanning tools, code audits, and careful dependency management to mitigate the risk of supply chain compromises.

Pulse ID: 67efc6e6d18160ba914fc662
Pulse Link: https://otx.alienvault.com/pulse/67efc6e6d18160ba914fc662
Pulse Author: AlienVault
Created: 2025-04-04 11:47:50

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

PoisonSeed Campaign Targets CRM and Bulk Email Providers in Supply Chain Spam Operation

The PoisonSeed campaign is targeting enterprise organizations and individuals outside the cryptocurrency industry by phishing CRM and bulk email provider credentials. The attackers export email lists and send bulk spam from compromised accounts, primarily to support cryptocurrency spam operations. The campaign uses a novel cryptocurrency seed phrase poisoning attack, providing security seed phrases to trick victims into copying them into new cryptocurrency wallets for future compromise. While similarities exist with Scattered Spider and CryptoChameleon groups, PoisonSeed is currently classified separately due to unique characteristics. The campaign has targeted companies like Coinbase, Ledger, Mailchimp, SendGrid, Hubspot, Mailgun, and Zoho, using sophisticated phishing techniques and automated processes to quickly exploit compromised accounts.

Pulse ID: 67ef8546d1d9ef9cd8e91906
Pulse Link: https://otx.alienvault.com/pulse/67ef8546d1d9ef9cd8e91906
Pulse Author: AlienVault
Created: 2025-04-04 07:07:50

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

Whoa, this is wild: a supply chain attack using GitHub Actions *nearly* nailed Coinbase. Seriously intense stuff!

Turns out, all it took was a swiped Personal Access Token (PAT). If you're wondering, think of a PAT as basically the master key to GitHub... get your hands on one, and you can cause some *major* havoc.

Speaking from my pentesting experience, it's often the tiny details that lead to the biggest breaches. So, definitely double-check those GitHub Actions workflows and *please*, rotate your PATs regularly! Remember, Security by Design isn't just some fancy term – it's absolutely essential. And let's be clear: automated scans are *not* the same as a real penetration test. Sorry, not sorry.

Anyone else run into similar situations? What tools are you folks using to lock down your CI/CD pipelines? Drop your thoughts below!

Compromised SpotBugs Token Led to GitHub Actions Supply Chain Hack https://www.securityweek.com/compromised-spotbugs-token-led-to-github-actions-supply-chain-hack/ #ApplicationSecurity #SupplyChainSecurity #GitHubactions #SupplyChain

Compromised SpotBugs Token Led to GitHub Actions Supply Chain Hack https://www.securityweek.com/compromised-spotbugs-token-led-to-github-actions-supply-chain-hack/ #ApplicationSecurity #SupplyChainSecurity #GitHubactions #SupplyChain

BLOCKCHAIN
Watr Targets Tariffs with Blockchain

New Web3 startup Watr says it can pre-validate tariffs using blockchain before trades happen.
Led by ex-Shell and JPMorgan execs, platform is used by top miners & auto firms.
Now shifting focus from ESG to trade compliance, backed by Avalanche blockchain.
Could streamline $20T global commodity trade amid tariff hikes.

The EU hones in on Central Asia in race for raw materials.

The EU has raised billions for the region to diversify supply chains and reduce dependence on China.

Experts say the idea is to offer competitive deals and build local industry while encouraging sustainable mining.

https://mediafaro.org/article/20250402-the-eu-hones-in-on-central-asia-in-race-for-raw-materials?mf_channel=mastodon&action=forward

The list of tarifs announced today, for each country

Canada not listed, so likely 10%.
EDIT: Canada is exempted entirely beside what was announced already in the last few weeks

Unclear if it is the new baseline tariff or the extra on top of what exists already.

(No Alt text on the photos yet)

Export-Import Bank of Korea unveils plans to launch 40 EDCF projects worth 4 trillion won in 2025, focusing on green initiatives, digital technology, and supply chains to support Korean companies' overseas expansion.
#YonhapInfomax #ExportImportBank #EDCF #KFinance #SupplyChain #OverseasExpansion #Economics #FinancialMarkets #Banking #Securities #Bonds #StockMarket
https://en.infomaxai.com/news/articleView.html?idxno=56727

Average person will be 40% poorer if world warms by 4C
Experts say previous #economic models underestimated impact of #globalheating – as well as likely ‘cascading #supplychain disruptions’
Australian scientists study suggests average per person #GDP across the globe will be reduced by 16% even if warming is kept to 2C above pre-industrial levels. This is a much greater reduction than previous estimates, which found the reduction would be 1.4%.
https://www.theguardian.com/environment/2025/apr/01/average-person-will-be-40-poorer-if-world-warms-by-4c-new-research-shows #climate #climatechange

[#TRADESHOW] The LET-a #CeMAT #ASIA #EVENT 2025, a #flagship #exhibition for #intelligent #logistics and #automation, from May 21 to 23, 2025, at the #China #Import and #Export #Fair Complex, #Guangzhou. As a professional event in the #Guangdong-#HongKong-#Macao #GreaterBayArea and a Hannover CeMAT #brand exhibition, this expo is a must-attend for professionals in #smart logistics, #digital #manufacturing, and #SupplyChain solutions. https://cnbusinessforum.com/event/let-a-cemat-asia-event-2025/

[#TRADESHOW] 2025 #EAC New #Energy & #Autonomous #Vehicle #Trade #Show will take place from June 4–6, 2025, at the #Hangzhou Grand #Exhibition #Center, #China. #Expo #event bridges the entire #automotive #supplychain, from raw #materials and #battery #tech to #OEMs, driving advancements in #sustainability, #safety, and #connectivity. https://cnbusinessforum.com/event/2025-eac-new-energy-autonomous-vehicle-trade-show-hangzhou/

GitHub CodeQL Actions Critical Supply Chain Vulnerability (CodeQLEAKED)

https://www.praetorian.com/blog/codeqleaked-public-secrets-exposure-leads-to-supply-chain-attack-on-github-codeql/

https://www.alojapan.com/1232366/semiconductor-chip-fabrication-comes-to-hokkaido-island/ Semiconductor chip fabrication comes to Hokkaido island #hardware #Hokkaido #HokkaidoNews #innovation #news #SupplyChain #北海道 Semiconductor chip fabrication in Northern Japan.A new hands-on government approach boosts tech funding.IBM partners with local startup, backed by Sony & Toyota. The Northernmost island in the Japanese archipelago, Hokkaido, is perhaps best known for its hot springs, cold winters, spider crab delicacies, and ski-ing. B…