globe icon

Resources




Our team of supply chain experts and researchers is dedicated to maintaining an up-to-date and valuable resource on supply chain attacks and exploits. While not exhaustive, this list offers a broad overview of the diverse attack vectors that impact the global ICT supply chain. We aim to provide insights that help you better understand the evolving landscape of cyber threats and vulnerabilities.



Please note that all information published here is derived from publicly available sources, including security research and investigative journalism. None of the content is classified or commercially sensitive; it remains entirely within the public domain.



PDFs have been captured and are periodically updated to provide a record in the event that the original source is removed.




  1. Undocumented commands found in Bluetooth chip used by a billion devices

    Original Source: bleepingcomputer.com

  2. Backdoor found in two healthcare patient monitors, linked to IP in China

    Original Source: bleepingcomputer.com

  3. Inside Israel's plot to deliver explosive pagers to Hezbollah terrorists

    Original Source: cbs.com

  4. Mind the (air) gap: GoldenJackal gooses government guardrails

    Original Source: eset.com

  5. Israel’s Pager Attacks Have Changed the World

    Original Source: nytimes.com

  6. “BadAlloc” – Memory allocation vulnerability

    Original Source: blackberry.com

  7. Hundreds of PC models vulnerable to boot-level attacks after vendors copypaste “secret” keys

    Original Source: cybernews.com

  8. Phoenix UEFI vulnerability impacts hundreds of Intel PC models

    Original Source: bleepingcomputer.com

  9. The risks associated with Industrial IoT (Internet of Things)

    Original Source: archonsecure.com

  10. Ecuadorian TV presenter wounded by bomb disguised as USB stick

    Original Source: theguardian.com

  11. QCT Servers Affected by ‘Pantsdown’ BMC Vulnerability

    Original Source: securityweek.com

  12. Takeover risk to hundreds of IoT devices

    Original Source: portswigger.net

  13. Toyota production to resume after supply chain attack

    Original Source: computerweekly.com

    745 KB
  14. Russian State-Sponsored Cyber Actors Target Cleared Defense Contractor Networks to Obtain Sensitive U.S. Defense Information and Technology

    Original Source: cisa.gov

  15. Supply chain attacks are on the rise

    Original Source: cpomagazine.com

  16. Jumping the air gap: 15 years of nation-state effort

    Original Source: eset.com

    2.2 MB
  17. Supply chain attacks are the hacker’s new favorite weapon. And the threat is getting bigger.

    Original Source: zdnet.com

  18. Decade-long vulnerability in multiple routers could allow network compromise

    Original Source: medium.com/tenable-techblog

  19. Realtek flaw exposes dozens of brands to supply chain attacks

    Original Source: zdnet.com

  20. INFRA:HALT 14 New Security Vulnerabilities Found in NicheStack

    Original Source: jfrog.com/

  21. Ransomware attacks on shipping, logistics organizations rising as coronavirus vaccine supply chain targeted

    Original Source: portswigger.net

  22. The Long Hack: How China Exploited a U.S. Tech Supplier

    Original Source: bloomberg.com

  23. BBC NEWS Eric Schmidt: Huawei has engaged in unacceptable practices

    Original Source: bbc.com

  24. MITRE ATT&CK: Supply chain compromise

    Original Source: infosecinstitute.com

  25. The White House Decree: Executive Order on Securing the Information and Communications Technology and Services Supply Chain

    Original Source: federalregister.gov

    242 KB
  26. Every Part of the Supply Chain Can Be Attacked

    Original Source: nytimes.com

  27. Hackers Hijacked ASUS Software Updates to Install Backdoors on Thousands of Computers

    Original Source: vice.com

  28. Everybody Does It: The Messy Truth About Infiltrating Computer Supply Chains

    Original Source: theintercept.com

  29. Protecting Against National Security Threats to the Communications Supply Chain Through FCC Programs, FCC 19-121

    Original Source: csrc.nist.gov

    1.5 MB
  30. The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies

    Original Source: bloomberg.com

  31. On DoD warning about Lenovo

    Original Source: executivegov.com

  32. Researchers crack open unusually advanced malware that hid for 5 years

    Original Source: arstechnica.com

  33. Hackers Remotely Kill a Jeep on the Highway—With Me in It

    Original Source: wired.com

  34. Building reliable SMM backdoor for UEFI based platforms

    Original Source: blog.cr4.sh

  35. How “omnipotent” hackers tied to NSA hid for 14 years—and were found at last

    Original Source: arstechnica.com

  36. A undetectable Hardware Trojan is reality

    Original Source: securityaffairs.co

  37. Spy agencies ban on Lenovo PCs due to backdoor vulnerabilities

    Original Source: securityaffairs.co

  38. The ISA Guidelines For Securing The Electronics Supply Chain

    Original Source: isalliance.org

    280 KB
  39. Rakshasa: The hardware backdoor that China could embed in every computer

    Original Source: extremetech.com

  40. Intellipedia - Air Gapped Network Threats

    Original Source: theintercept.com

    950 KB
  41. NSA/CSS target exploitation (TAREX) classification guide

    Original Source: theintercept.com

    950 KB
  42. Senate Armed Services Committee Hearing on Counterfeit Electronic Parts in the DOD Supply Chain

    Original Source: tmcnet.com

  43. Can DARPA Fix the Cybersecurity ‘Problem From Hell?’

    Original Source: wired.com

    83 KB
  44. DHS: Imported Consumer Tech Contains Hidden Hacker Attack Tools

    Original Source: fastcompany.com

  45. Stealthy Techniques Can Crack Some of SIGINT’S Hardest Targets

    Original Source: theintercept.com

    1.2 MB
  46. Capability of the People’s Republic of China to Conduct Cyber Warfare and Computer Network Exploitation

    Original Source: theintercept.com

    913 KB
  47. Hardware Trojan: Threats and Emerging Solutions

    Original Source: swarup.ece.ufl.edu

    1.2 MB
  48. National Intelligence Estimate: The Global Cyber Threat to the US Information Infrastructure

    Original Source: theintercept.com

    283 KB
  49. U.S. Military Secrets for Sale at Afghan Bazaar

    Original Source: latimes.com

    72 KB
  50. Mission Impossible at the Sumitomo Bank

    Original Source: theregister.com

    78 KB
  51. NSA’s SENTRY EAGLE program

    Original Source: theintercept.com

    1.3 MB