Insider‑Threat Platform Hijacked via Update Supply‑Chain Attack

A threat‑actor group compromised a leading insider‑threat detection solution by injecting malicious code into a routine software update. The hidden payload disabled the platform’s alerting and telemetry functions, effectively turning the security tool into a blind spot while preserving a backdoor for ongoing access.

The backdoor let attackers move laterally and exfiltrate sensitive data from dozens of victim organizations without triggering any internal alerts. Defenders must treat vendor‑supplied updates as a high‑risk vector, enforce strict code‑signing verification, and implement independent monitoring of critical security controls to detect when a protective solution is being subverted.

Categories: Data Breaches, Vulnerabilities & Exploits

Source: Read original article