Weekly Threat Intel: Linux Rootkit, macOS Crypto‑Stealer, and WebSocket Skimmers Reveal Ongoing Supply‑Chain Gaps
What Happened — A weekly security roundup from The Hacker News highlighted a newly‑observed Linux rootkit distributed via a compromised software repository, a macOS cryptocurrency‑stealing malware delivered through a malicious update, and WebSocket‑based skimmers targeting e‑commerce checkout pages. Additional reports described cloud‑server misconfigurations that exposed public‑facing services and legacy vulnerabilities still being exploited.
Why It Matters for TPRM —
- Persistent supply‑chain compromises show that third‑party code can become a conduit for malware.
- Cloud‑infrastructure misconfigurations increase the attack surface of hosted services you may rely on.
- Legacy bugs in widely‑used components indicate inadequate patch management among vendors.
Who Is Affected — SaaS providers, cloud hosting MSPs, software distributors, and any organization that integrates Linux‑based services, macOS client software, or WebSocket payment flows.
Recommended Actions — Conduct a vendor‑risk review of any third‑party components referenced in the affected categories, verify that suppliers enforce strict code‑signing and supply‑chain hygiene, and audit cloud configurations for unintended public exposure.
Technical Notes —
- Linux rootkit leveraged a compromised tarball in a popular package manager; infection required root privileges after a user executed the malicious binary.
- macOS stealer used a signed installer that bundled a hidden crypto‑miner, evading Gatekeeper.
- WebSocket skimmers injected malicious JavaScript via compromised CDN assets, capturing payment‑card data in transit.
- Cloud‑server exposure stemmed from default‑open security groups and missing firewall rules.