Supply-Chain on it-learn.io | IT, Networking & Cybersecurity Bloghttps://blog.it-learn.io/tags/supply-chain/Recent content in Supply-Chain on it-learn.io | IT, Networking & Cybersecurity BlogHugoen-usWed, 15 Apr 2026 00:00:00 +0000Microsoft April 2026 Patch Tuesday: 167 Fixes, Exploited SharePoint Zero-Day CVE-2026-32201, and n8n Phishing Abusehttps://blog.it-learn.io/posts/2026-04-15-microsoft-april-2026-patch-tuesday-167-fixes-exploited-share/Wed, 15 Apr 2026 00:00:00 +0000https://blog.it-learn.io/posts/2026-04-15-microsoft-april-2026-patch-tuesday-167-fixes-exploited-share/April 2026&rsquo;s record Patch Tuesday, Cisco Talos research on n8n workflow abuse for phishing, a fake Ledger Live app that drained $9.5M through Apple&rsquo;s App Store, and an Android RAT turning 220K devices into proxy nodes.SAP Critical ABAP Patch, FortiClient EMS CVE-2026-21643, W3LL Phishing Takedown — 2026-04-14https://blog.it-learn.io/posts/2026-04-14-sap-critical-abap-patch-forticlient-ems-cve-2026-21643-w3ll/Tue, 14 Apr 2026 00:00:00 +0000https://blog.it-learn.io/posts/2026-04-14-sap-critical-abap-patch-forticlient-ems-cve-2026-21643-w3ll/SAP&rsquo;s April 2026 patch cycle includes a critical ABAP vulnerability affecting 13+ products. CISA adds FortiClient EMS SQL injection CVE-2026-21643 to KEV with confirmed exploitation. FBI and Indonesia dismantle the W3LL phishing kit behind $20M in fraud. wolfSSL ECDSA flaw breaks certificate trust for embedded devices.Adobe Reader Zero-Day CVE-2026-34621 Exploited for Months — CPUID Supply Chain Compromise and OpenAI Certificate Revocationhttps://blog.it-learn.io/posts/2026-04-13-adobe-reader-zero-day-cve-2026-34621-exploited-for-months-cp/Mon, 13 Apr 2026 00:00:00 +0000https://blog.it-learn.io/posts/2026-04-13-adobe-reader-zero-day-cve-2026-34621-exploited-for-months-cp/Adobe Reader&rsquo;s CVE-2026-34621 was actively exploited for months before the April 12 patch. CPUID&rsquo;s site was compromised to serve trojanized CPU-Z and HWMonitor. OpenAI revokes its macOS signing certificate after the Axios supply chain incident cascades. APT37 shifts to Facebook for initial access.Adobe Reader Zero-Day Exploited for Months Before Emergency Patchhttps://blog.it-learn.io/posts/2026-04-12-adobe-reader-zero-day-exploited-for-months-before-emergency-patch/Sun, 12 Apr 2026 00:00:00 +0000https://blog.it-learn.io/posts/2026-04-12-adobe-reader-zero-day-exploited-for-months-before-emergency-patch/An Adobe Reader RCE exploited in the wild for months, a 19-hour supply chain compromise at CPUID, and active exploitation of a Marimo notebook flaw — plus detection guidance for trojanized utility installers.Supply Chain Attack: How SolarWinds Compromised 18,000 Organizations with One Updatehttps://blog.it-learn.io/posts/2026-04-08-supply-chain-attack-solarwinds-explained/Wed, 08 Apr 2026 00:00:00 +0000https://blog.it-learn.io/posts/2026-04-08-supply-chain-attack-solarwinds-explained/<p>The SolarWinds attack did not begin with a phishing email or a misconfigured firewall. It began inside a build server — the trusted forge where software is assembled, signed, and shipped. By the time 18,000 organizations downloaded the trojaned Orion update in the spring of 2020, the attackers had already achieved something far more dangerous than a network intrusion: they had weaponized trust itself.</p> <p>This post dissects the technical mechanics of the SUNBURST backdoor, the Orion build pipeline compromise, DGA-based command and control, and the detection and defense strategies that can limit your exposure to this class of attack.</p>