{"id":50261,"date":"2023-01-25T00:00:00","date_gmt":"2023-01-25T00:00:00","guid":{"rendered":"urn:uuid:97e65c0c-c5bd-5d34-48ab-f26f3dda1b77"},"modified":"2023-01-25T00:00:00","modified_gmt":"2023-01-25T00:00:00","slug":"attacking-the-supply-chain-developer","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/attacking-the-supply-chain-developer\/","title":{"rendered":"Attacking The Supply Chain: Developer"},"content":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/thumbnails\/23\/Cover-attacking-the-supply-chain-developer.jpg\"><\/p>\n<div><img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/thumbnails\/23\/Cover-attacking-the-supply-chain-developer.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<p>In 2021, we published an entry identifying the <a href=\"https:\/\/www.trendmicro.com\/vinfo\/tmr\/?\/us\/security\/news\/vulnerabilities-and-exploits\/identifying-weak-parts-of-a-supply-chain\">weak parts of the supply chain security<\/a>. In the face of the <a href=\"https:\/\/github.com\/cncf\/tag-security\/tree\/main\/supply-chain-security\/compromises\">surge in documented attacks<\/a>, the entry gave a summarized overview of how malicious actors found gaps to abuse and take advantage of for possible gains and disruptions.<\/p>\n<p>In this entry, we focus on one specific part of the supply chain: the developers themselves. To find a suitable attack model focusing on the developer, we must first understand who is considered the developer (and therefore the target), their workflow, and their daily tools. We also set the focus on how developers and their respective tools can be abused to compromise the supply chain, and how understanding these threat scenarios allows developers and the organizations to decide which tradeoffs to make to protect their projects and themselves.<\/p>\n<p><span class=\"body-subhead-title\">Who is \u201cThe Developer\u201d?<\/span><\/p>\n<p>We can use a dictionary definition, stating a developer is a person that develops computer software. In our understanding, a person who writes code. This includes popular programming or scripting languages like Java, JavaScript, TypeScript, Go, Python, C\/C++, and many other languages, including infrastructure or container deployment definitions such as Dockerfiles, Kubernetes, Terraform HCLs, and many others. From that description alone, the definition covers various parts of the IT industry, including every person writing code and security researchers, among many others.<\/p>\n<p>Although the workflow itself may vary from developer to developer and from company to company, it will most likely fall into one of the following categories depending on how the developer is using the integrated developer environments (IDE):<\/p>\n<ul>\n<li><span class=\"rte-red-bullet\"><b>Local IDE<\/b>: The developer has the IDE installed in his own machine locally. In this case, the developer can<\/span>\n<ul>\n<li><span class=\"rte-circle-bullet\">Pull or push code to the remote repository, and execute the build and debug it locally, or<\/span><\/li>\n<li><span class=\"rte-circle-bullet\">Commits changes to the remote repository, triggering the continuous integration\/continuous delivery (CI\/CD) event, and lead to the quality assurance (QA) assessment or even a deployment into the production environment.<\/span><\/li>\n<\/ul>\n<\/li>\n<li><span class=\"rte-red-bullet\"><b>Cloud IDE<\/b>: The developer uses cloud services-hosted IDE, such as AWS Cloud9, Visual Studio Online, GitHub Codespaces, and many other platforms available today. In this case, the developer machine works just as a gateway, usually via browser to the IDE, and the main code executions are performed in the cloud IDE\u2019s remote hosts inside the cloud service provider.<\/span><\/li>\n<\/ul>\n<p>As the developer definition covers multiple professions, some workflows could exclude some items from the list. For example, research purpose proof of concept would more likely not set up a whole CI\/CD pipeline. However, most workflows will include usage of an IDE for the development. In this entry, we focus on local IDEs, as we also discussed specific platforms in our previous entries on the <a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/20\/c\/security-risks-in-online-coding-platforms.html\">security risks of online coding platforms<\/a>.<\/p>\n<p><span class=\"body-subhead-title\">A Use Case of a Local IDE<\/span><\/p>\n<p>When using the local IDE, one of the use cases is when the developer pulls the code to their local computer. This code is further compiled into binary format for it to be executed. There is an implicit trust in the code written by previous contributors because most developers assume that the codebase is likely not \u201cdirty\u201d since it works as intended. This trust is not only carried to and in the source code itself, but also in the build scripts, libraries, dependencies, and other project files when included. That brings us to the first threat scenario: injecting malicious actions into the project files or build scripts.<\/p>\n<p>As developers, do we read the build scripts after pulling remote code prior to their execution?<\/p>\n<p>We tested various popular IDEs and programming languages by injecting malicious build commands to the build scripts or project files if and when applicable. These are the results of version of IDEs we tested:<\/p>\n<ul>\n<li><span class=\"rte-red-bullet\">Eclipse 2022-09<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Apache NetBeans 16<\/span><\/li>\n<li><span class=\"rte-red-bullet\">PyCharm 2022.2.4<\/span><\/li>\n<li><span class=\"rte-red-bullet\">IntelliJ IDEA 2022.03<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Visual Studio 2022<\/span><\/li>\n<li><span class=\"rte-red-bullet\"><a href=\"https:\/\/code.visualstudio.com\/docs\/editor\/workspace-trust\">Visual Studio Code<\/a> 1.73.1<\/span><\/li>\n<\/ul>\n<p>When we consider the generic threat model, we also must include every non-controlled input. This includes the source code, its files, and including its pre- and post-build scripts and IDE extensions, if applicable. We previously wrote about <a href=\"https:\/\/www.trendmicro.com\/de_de\/research\/20\/c\/security-risks-in-online-coding-platforms.html\">the danger of possible malicious IDE extensions<\/a> in one of our 2020 articles.<\/p>\n<p> Read More <a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/23\/a\/attacking-the-supply-chain-developer.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>In this proof of concept, we look into one of several attack vectors that can be abused to attack the supply chain: targeting the developer. With a focus on the local integrated developer environment (IDE), this proof considers the execution of malicious build scripts via injecting commands when the project or build is incorrectly \u201ctrusted\u201d. Read More HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":50262,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[61],"tags":[9546,9510,9520,9538,9511,9508,9555,9581],"class_list":["post-50261","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-trendmicro","tag-trend-micro-research-apttargeted-attacks","tag-trend-micro-research-articles-news-reports","tag-trend-micro-research-cloud","tag-trend-micro-research-compliancerisks","tag-trend-micro-research-cyber-threats","tag-trend-micro-research-endpoints","tag-trend-micro-research-exploitsvulnerabilities","tag-trend-micro-research-mobile"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Attacking The Supply Chain: Developer 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/attacking-the-supply-chain-developer\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Attacking The Supply Chain: Developer 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/attacking-the-supply-chain-developer\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2023-01-25T00:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/thumbnails\/23\/Cover-attacking-the-supply-chain-developer.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/attacking-the-supply-chain-developer\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/attacking-the-supply-chain-developer\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Attacking The Supply Chain: Developer\",\"datePublished\":\"2023-01-25T00:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/attacking-the-supply-chain-developer\\\/\"},\"wordCount\":689,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/attacking-the-supply-chain-developer\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/01\\\/attacking-the-supply-chain-developer.jpg\",\"keywords\":[\"Trend Micro Research : APT&amp;Targeted Attacks\",\"Trend Micro Research : Articles, News, Reports\",\"Trend Micro Research : Cloud\",\"Trend Micro Research : Compliance&amp;Risks\",\"Trend Micro Research : Cyber Threats\",\"Trend Micro Research : Endpoints\",\"Trend Micro Research : Exploits&amp;Vulnerabilities\",\"Trend Micro Research : Mobile\"],\"articleSection\":[\"TrendMicro\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/attacking-the-supply-chain-developer\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/attacking-the-supply-chain-developer\\\/\",\"name\":\"Attacking The Supply Chain: Developer 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/attacking-the-supply-chain-developer\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/attacking-the-supply-chain-developer\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/01\\\/attacking-the-supply-chain-developer.jpg\",\"datePublished\":\"2023-01-25T00:00:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/attacking-the-supply-chain-developer\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/attacking-the-supply-chain-developer\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/attacking-the-supply-chain-developer\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/01\\\/attacking-the-supply-chain-developer.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/01\\\/attacking-the-supply-chain-developer.jpg\",\"width\":641,\"height\":350},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/attacking-the-supply-chain-developer\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Trend Micro Research : APT&amp;Targeted Attacks\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/trend-micro-research-apttargeted-attacks\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Attacking The Supply Chain: Developer\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Attacking The Supply Chain: Developer 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/attacking-the-supply-chain-developer\/","og_locale":"en_US","og_type":"article","og_title":"Attacking The Supply Chain: Developer 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/attacking-the-supply-chain-developer\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2023-01-25T00:00:00+00:00","og_image":[{"url":"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/thumbnails\/23\/Cover-attacking-the-supply-chain-developer.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/attacking-the-supply-chain-developer\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/attacking-the-supply-chain-developer\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Attacking The Supply Chain: Developer","datePublished":"2023-01-25T00:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/attacking-the-supply-chain-developer\/"},"wordCount":689,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/attacking-the-supply-chain-developer\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/01\/attacking-the-supply-chain-developer.jpg","keywords":["Trend Micro Research : APT&amp;Targeted Attacks","Trend Micro Research : Articles, News, Reports","Trend Micro Research : Cloud","Trend Micro Research : Compliance&amp;Risks","Trend Micro Research : Cyber Threats","Trend Micro Research : Endpoints","Trend Micro Research : Exploits&amp;Vulnerabilities","Trend Micro Research : Mobile"],"articleSection":["TrendMicro"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/attacking-the-supply-chain-developer\/","url":"https:\/\/www.threatshub.org\/blog\/attacking-the-supply-chain-developer\/","name":"Attacking The Supply Chain: Developer 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/attacking-the-supply-chain-developer\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/attacking-the-supply-chain-developer\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/01\/attacking-the-supply-chain-developer.jpg","datePublished":"2023-01-25T00:00:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/attacking-the-supply-chain-developer\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/attacking-the-supply-chain-developer\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/attacking-the-supply-chain-developer\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/01\/attacking-the-supply-chain-developer.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/01\/attacking-the-supply-chain-developer.jpg","width":641,"height":350},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/attacking-the-supply-chain-developer\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Trend Micro Research : APT&amp;Targeted Attacks","item":"https:\/\/www.threatshub.org\/blog\/tag\/trend-micro-research-apttargeted-attacks\/"},{"@type":"ListItem","position":3,"name":"Attacking The Supply Chain: Developer"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/50261","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=50261"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/50261\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/50262"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=50261"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=50261"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=50261"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}