The Model Context Protocol has become the dominant standard for connecting AI assistants to external tools. Hundreds of third-party MCP servers are now available — running with broad permissions, making network connections, and installed with almost no vetting.
A significant and growing fraction of production code now originates from large language models. For attackers, this has created a new and largely underexplored avenue into the software supply chain — hallucinated package names, registered in advance with malicious payloads attached.
cdn.polyfill.io, a domain used by over 100,000 websites, was acquired and weaponized to serve malicious JavaScript to end users. No CVE, no exploit — just a URL that someone else now controlled.
A malicious actor spent over two years cultivating trust in the XZ Utils open source project before inserting a backdoor that would have granted unauthenticated remote code execution on millions of Linux servers. It was caught by accident.
Some time ago, our system recorded an application installer trying to communicate with fallback-url.com domain. It looks strange to say the least...
In May 2024 Rapid7 detected supply chain attack on Justice AV Solutions (JAVS) Viewer software. First mentions of JAVS official website serving malicious installer appeared a month earlier...
This time instead of reading, we invite you to do some watching. We made a short, 8-minutes long video showing why supply chain attacks and exploits are able to run for a long time before being detected and how our system can spot them as they happen.
Today, I'd like to take a break from our usual supply chain attack topics and talk about something that is covered on the internet, but only if you look long enough, combine multiple sources and engage in some educated guesswork and experimentation.
As cyber-attacks become increasingly sophisticated and frequent, the need for effective cybersecurity measures is more important than ever. We at Forelens have taken an innovative approach to cybersecurity, in which we have developed a new concept called SBOC (Software Bill of Connections), similar to SBOM (Software Bill of Materials) but focusing on applications and their network connections (domains, IP addresses).
Supply chain attacks have become a major concern for organizations around the world. These attacks involve hackers targeting a company's supply chain in order to gain access to their systems and data. Recently, a trojanized installer (Comm100 Chat Installer) by the Canadian company Comm100 Network Corporation was discovered, which affected a number of organizations globally
If your company uses computers, one of many applications you depend on might be susceptible to an unknown threat that your existing cybersecurity solutions cannot detect before it’s too late. This can be an exploit (Log4j) or an otherwise legitimate and even digitally signed software that was maliciously modified during an update (SolarWinds, Asus, Kaseya)
Zero-day exploits are a serious concern for businesses of all sizes. These exploits take advantage of vulnerabilities in software that are unknown to the manufacturer, and they can be used by attackers to gain unauthorized access to systems and data
March 18, 2026
October 8, 2025
February 12, 2025
September 30, 2024
July 24, 2024
May 29, 2024
September 12, 2023
September 5, 2023
February 21, 2023
October 5, 2022
March 6, 2022© 2026 Forelens