Government, Scientific Entities Hit via Daemon Tools Supply Chain Attack
While trojanized Daemon Tools versions were installed worldwide, a sophisticated backdoor was dropped only on a dozen systems. The post Government, Scientific Entities Hit via Daemon Tools Supply Chain Attack appeared first on SecurityWeek.
Government, scientific, manufacturing, and retail organizations have been targeted with a sophisticated backdoor in an ongoing supply chain attack involving the Daemon Tools disk imaging software, Kaspersky reports.
As part of the attack, Chinese-speaking attackers apparently injected malicious code into multiple Daemon Tools iterations that have been available for download via the software’s legitimate website.
Daemon Tools versions 12.5.0.2421 to 12.5.0.2434, released since April 8, have been found to contain injected code, and the attack remains active, Kaspersky says. AVB Disc Soft, the company behind Daemon Tools, has been notified.
Related breach coverage
- Vendor Says Daemon Tools Supply Chain Attack Contained2026-05-07
The software developer has identified the impacted systems, removed potentially compromised files, and validated installation packages. The post Vendor Says Daemon Tools Supply Chain Attack Contained appeared first on SecurityWeek.
- Gemini CLI Vulnerability Could Have Led to Code Execution, Supply Chain Attack2026-05-07
Attackers could inject prompts into a GitHub issue and take over the AI agent designed to automatically triage the issue. The post Gemini CLI Vulnerability Could Have Led to Code Execution, Supply Chain Attack appeared first on SecurityWeek.
- AI Coding Agents Could Fuel Next Supply Chain Crisis2026-05-07
“TrustFall” attack shows how AI coding agents can be manipulated into launching stealthy supply chain compromises. The post AI Coding Agents Could Fuel Next Supply Chain Crisis appeared first on SecurityWeek.
- In Other News: Train Hacker Arrested, PamDOORa Linux Backdoor, New CISA Director Frontrunner2026-05-08
Other noteworthy stories that might have slipped under the radar: US gov targets 72-hour patch cycles, malware uses Windows Phone Link to steal OTPs, spy operation targets Eurasian drone industry. The post In Other News: Train Hacker Arrested, PamDOORa Linux Backdoor, New CISA Director Frontrunner appeared first on SecurityWeek.