Popular Software Downloads Hijacked: Two Major Supply Chain Attacks This Week
This week brought two stark reminders that downloading software from the internet carries real risk. Attackers compromised legitimate websites and replaced trusted downloads with malicious versions, potentially affecting thousands of users who thought they were installing normal tools.
CPUID Breach Delivers Malware Through CPU-Z Downloads
Hackers broke into cpuid.com for about 19 hours and swapped out legitimate download links for CPU-Z and HWMonitor with malicious versions. Anyone who downloaded these system utilities during that window got a nasty surprise: the installers included hidden malware that gave attackers remote access to infected computers. Security researchers found at least 150 victims across Brazil, Russia, and China, and the actual number could be much higher since many people may not realize they're infected. The malware used clever tricks to hide from antivirus software and can steal sensitive information from affected machines.
Basic-Fit Gym Chain Exposes Hundreds of Thousands of Member Data
Basic-Fit, Europe's largest fitness chain, discovered attackers accessed its membership database covering seven countries. Around 200,000 Dutch members had their names, contact details, birth dates, and even bank account numbers exposed in the breach. While the attackers didn't get passwords or ID documents, the stolen banking information puts victims at serious risk for fraud and targeted phishing attacks. The company has notified regulators, but affected members face months of potential vulnerability.
Stay ahead of threats with GOCO Security at gocosecurity.com
.jpg)
Comments
Post a Comment