FILTERING BY: CLEAR FILTER

IBM and Red Hat Launch Project Lightwell to Mitigate Miasma-Style Supply Chain Worms

The Miasma supply chain campaign compromised the @redhat-cloud-services npm namespace by utilizing compromised GitHub accounts to push orphaned commits, effectively bypassing code review. Attackers exploited GitHub Actions OIDC identity tokens to publish malicious packages with valid SLSA provenance attestations, deploying a derivative of the Mini Shai-Hulud worm. This 4.2 MB obfuscated payload targets credentials for AWS, GCP, Azure, Kubernetes, and HashiCorp Vault while self-propagating via stolen npm tokens. In response, IBM and Red Hat launched Project Lightwell, a $5 billion AI-driven security clearinghouse designed to automate the validation and backporting of security fixes across the open-source ecosystem.

IBM and AT&T Accused of Suppressing Foreign Cyber Espionage Data in Federal Lawsuit

A whistleblower lawsuit alleges IBM and AT&T concealed over 56,000 intrusions by Chinese state-sponsored actor APT 10 between 2013 and 2016. The attackers exploited a "flat" network architecture within IBM's cloud infrastructure, operated by AT&T, which lacked critical network segmentation and comprehensive access logging for VPN connections. This architectural failure enabled APT 10 to compromise approximately 400 accounts and 200 systems across 18 countries. The lawsuit claims IBM and AT&T suppressed these findings and provided fraudulent security attestations to maintain multi-billion dollar federal contracts, potentially exposing U.S. military and government records to long-term foreign intelligence exploitation.


LINK COPIED TO CLIPBOARD