{"id":106334,"date":"2026-06-08T20:44:27","date_gmt":"2026-06-08T20:44:27","guid":{"rendered":"https:\/\/mybusinessfuture.com\/?p=106334"},"modified":"2026-06-17T15:22:05","modified_gmt":"2026-06-17T15:22:05","slug":"when-the-update-itself-becomes-an-entry-point","status":"publish","type":"post","link":"https:\/\/mybusinessfuture.com\/en\/when-the-update-itself-becomes-an-entry-point\/","title":{"rendered":"When the update itself becomes an entry point"},"content":{"rendered":"<p style=\"display:inline-block;background:#c0392b;color:#fff;padding:4px 14px;border-radius:20px;font-size:0.85em;margin-bottom:18px;\">6 Min. read time<\/p>\n<p style=\"line-height:1.8;margin-bottom:20px;\"><strong>On May 11, six minutes were all it took. In that window, attackers slipped 84 tampered versions into 42 widely used developer packages-each carrying a credential-stealing payload. Anyone using these packages unknowingly downloaded the malware with their next update. Three such cases landed in the U.S. agency CISA\u2019s warning catalog in May alone.<\/strong><\/p>\n<div style=\"background:#202528;color:#fff;padding:32px 36px;margin:32px 0;border-radius:8px;\">\n<p style=\"margin:0 0 18px 0;font-size:0.95em;font-weight:800;text-transform:uppercase;letter-spacing:0.2em;color:#c0392b;border-bottom:2px solid rgba(192,57,43,0.25);padding-bottom:12px;\">Key Takeaways<\/p>\n<ul style=\"margin:0;padding-left:22px;color:rgba(255,255,255,0.92);line-height:1.6;\">\n<li style=\"margin-bottom:12px;color:rgba(255,255,255,0.92);\"><strong style=\"color:#c0392b;\">Trusted tools became attack vectors.<\/strong> TanStack, Daemon Tools, and Nx Console distributed malicious code via routine updates in May. CISA flagged all three as actively exploited.<\/li>\n<li style=\"margin-bottom:12px;color:rgba(255,255,255,0.92);\"><strong style=\"color:#c0392b;\">Even non-developers are at risk.<\/strong> Nearly every business application is built on third-party components. The threat enters through the supply chain-not your front door.<\/li>\n<li style=\"color:rgba(255,255,255,0.92);\"><strong style=\"color:#c0392b;\">NIS2 turns supply chain security into an executive priority.<\/strong> Companies covered by the directive must integrate supplier and software-component security into risk management. An inventory is the first-and cheapest-step.<\/li>\n<\/ul>\n<\/div>\n<p style=\"font-size:0.88em;color:#666;margin:20px 0 32px 0;border-top:1px solid #e5e5e5;border-bottom:1px solid #e5e5e5;padding:10px 0;\"><span style=\"color:#202528;font-weight:700;text-transform:uppercase;font-size:0.72em;letter-spacing:0.14em;margin-right:14px;\">Related:<\/span><a href=\"https:\/\/mybusinessfuture.com\/en\/nis2-implementation-mid-sized-companies-obligations-fines-2026\/\" style=\"color:#333;text-decoration:underline;\">NIS2 Implementation: Checklist for SMEs<\/a>&nbsp;&nbsp;<span style=\"color:#ccc;\">\/<\/span>&nbsp;&nbsp;<a href=\"https:\/\/mybusinessfuture.com\/en\/dora-ai-act-mica-all-at-once-why-regtech-becomes-a-mandatory-investment-in-2026\/\" style=\"color:#333;text-decoration:underline;\">RegTech: Mastering Compliance Risks<\/a><\/p>\n<h2 style=\"padding-top:64px;margin-bottom:20px;\">How Familiar Tools Became a Gateway for Attacks<\/h2>\n<p style=\"line-height:1.8;margin-bottom:20px;\"><strong>What is a supply chain attack?<\/strong> In a supply chain attack, perpetrators don\u2019t target the company directly-instead, they manipulate a piece of software or a tool that the company trusts. The malicious code slips in unnoticed via the next routine update, infiltrating countless systems at once. A single compromised update channel can reach thousands of businesses in one go.<\/p>\n<p style=\"line-height:1.8;margin-bottom:20px;\">The three incidents in May illustrate this pattern in its purest form. At TanStack, a widely used collection of web development components, attackers hijacked the automated GitHub publishing workflow and released dozens of poisoned versions within minutes. For Daemon Tools Lite, the official installers were tampered with for weeks, disguised with a valid code-signing certificate. And with Nx Console, a plugin for development environments, a malicious version briefly appeared in the official marketplace.<\/p>\n<p style=\"line-height:1.8;margin-bottom:20px;\">The insidious part is the disguise. Each of these vectors looked like business as usual: a signed installer, a marketplace listing, a version update. Anyone who\u2019s ever managed a software environment knows these updates typically sail through without a second glance. Here\u2019s the sobering timeline:<\/p>\n<div class=\"evm-timeline\" style=\"margin:28px 0;border:1px solid #e5e5e5;border-radius:6px;overflow:hidden;\">\n<div style=\"background:#202528;color:#fff;padding:12px 18px;font-size:0.78em;font-weight:700;text-transform:uppercase;letter-spacing:0.14em;\">The Supply Chain Surge in May<\/div>\n<div style=\"padding:8px 0;\">\n<div style=\"display:flex;gap:18px;padding:12px 20px;border-bottom:1px solid #f0f0f0;\">\n<div style=\"min-width:140px;font-weight:700;color:#c0392b;\">May 11<\/div>\n<div style=\"color:#333;line-height:1.55;\">TanStack: 84 tampered versions across 42 npm packages, published via a hijacked automated workflow. Included a credential stealer.<\/div>\n<\/div>\n<div style=\"display:flex;gap:18px;padding:12px 20px;border-bottom:1px solid #f0f0f0;\">\n<div style=\"min-width:140px;font-weight:700;color:#c0392b;\">May 18\/19<\/div>\n<div style=\"color:#333;line-height:1.55;\">Nx Console: a malicious version of the developer plugin briefly appeared in the official marketplace and on OpenVSX.<\/div>\n<\/div>\n<div style=\"display:flex;gap:18px;padding:12px 20px;border-bottom:1px solid #f0f0f0;\">\n<div style=\"min-width:140px;font-weight:700;color:#c0392b;\">April\u2013May<\/div>\n<div style=\"color:#333;line-height:1.55;\">Daemon Tools Lite: official installers were tampered with for weeks, disguised with a valid code-signing certificate.<\/div>\n<\/div>\n<div style=\"display:flex;gap:18px;padding:12px 20px;\">\n<div style=\"min-width:140px;font-weight:700;color:#c0392b;\">May 27<\/div>\n<div style=\"color:#333;line-height:1.55;\">CISA adds all three incidents to its catalog of known exploited vulnerabilities and sets a deadline for U.S. agencies to take action.<\/div>\n<\/div>\n<\/div>\n<\/div>\n<h2 style=\"padding-top:64px;margin-bottom:20px;\">Why This Affects Mid-Sized Companies That Don\u2019t Develop Software Themselves<\/h2>\n<p style=\"line-height:1.8;margin-bottom:20px;\">The most common knee-jerk reaction among mid-sized businesses is: &#8220;We don\u2019t write code, so this doesn\u2019t concern us.&#8221; That assumption is misleading. Inventory management, customer portals, accounting integrations-nearly every modern business software is pieced together from third-party components. If you had a web application built by an agency, chances are your systems already contain packages from the same ecosystem that spawned the compromised TanStack versions.<\/p>\n<p style=\"line-height:1.8;margin-bottom:20px;\">The attack infiltrates your company through suppliers and their software, often long before anyone considers a direct breach. This supply chain is rarely documented in mid-sized firms. No one keeps a list of which third-party software runs in which system. Attackers exploit this blind spot, as a tainted library can remain invisible until someone actively hunts for it.<\/p>\n<div class=\"evm-stat-highlight\" style=\"background:#202528;color:#fff;text-align:center;padding:40px 24px;margin:32px 0;border-radius:8px;\">\n<div style=\"font-size:3.4em;font-weight:800;color:#c0392b;letter-spacing:-0.03em;line-height:1;\">84<\/div>\n<div style=\"font-size:1em;color:rgba(255,255,255,0.88);margin-top:12px;max-width:520px;margin-left:auto;margin-right:auto;line-height:1.5;\">malicious package versions were injected by attackers into 42 widely used developer packages in just six minutes on May 11.<\/div>\n<div style=\"font-size:0.78em;color:rgba(255,255,255,0.5);margin-top:12px;\">Source: TanStack post-mortem, Snyk analysis<\/div>\n<\/div>\n<p style=\"line-height:1.8;margin-bottom:20px;\">Regulatory pressure adds another layer. The NIS2 Directive now subjects a large portion of mid-sized businesses to mandatory cybersecurity obligations-and explicitly targets the supply chain. Companies must account for the security of their software components and service providers, not just their own firewalls. An incident like the TanStack breach is no longer just an IT headache; it\u2019s a question of due diligence, with executive leadership ultimately held accountable.<\/p>\n<h2 style=\"padding-top:64px;margin-bottom:20px;\">What Mid-Sized Companies Can Do Now<\/h2>\n<p style=\"line-height:1.8;margin-bottom:20px;\">The good news: You don\u2019t need a corporate-level security team to reduce your core risk. Four steps-feasible even for businesses with tight resources-cover the bulk of what matters.<\/p>\n<div class=\"evm-timeline\" style=\"margin:28px 0;border:1px solid #e5e5e5;border-radius:6px;overflow:hidden;\">\n<div style=\"background:#202528;color:#fff;padding:12px 18px;font-size:0.78em;font-weight:700;text-transform:uppercase;letter-spacing:0.14em;\">Four Steps Without a Corporate Budget<\/div>\n<div style=\"padding:8px 0;\">\n<div style=\"display:flex;gap:18px;padding:12px 20px;border-bottom:1px solid #f0f0f0;\">\n<div style=\"min-width:150px;font-weight:700;color:#c0392b;\">Create an Inventory<\/div>\n<div style=\"color:#333;line-height:1.55;\">Document all third-party software, libraries, and developer tools in use. Without this list, you can\u2019t contain or report an incident.<\/div>\n<\/div>\n<div style=\"display:flex;gap:18px;padding:12px 20px;border-bottom:1px solid #f0f0f0;\">\n<div style=\"min-width:150px;font-weight:700;color:#c0392b;\">Slow Down Updates<\/div>\n<div style=\"color:#333;line-height:1.55;\">Don\u2019t blindly adopt the latest version. Waiting one or two days and reviewing release notes blocks most malicious releases.<\/div>\n<\/div>\n<div style=\"display:flex;gap:18px;padding:12px 20px;border-bottom:1px solid #f0f0f0;\">\n<div style=\"min-width:150px;font-weight:700;color:#c0392b;\">Harden Access<\/div>\n<div style=\"color:#333;line-height:1.55;\">Attackers targeted credentials and automated publishing keys. Enforce two-factor authentication, restrict publishing rights, and rotate keys regularly to close the main entry point.<\/div>\n<\/div>\n<div style=\"display:flex;gap:18px;padding:12px 20px;\">\n<div style=\"min-width:150px;font-weight:700;color:#c0392b;\">Question Vendors<\/div>\n<div style=\"color:#333;line-height:1.55;\">When purchasing or commissioning software, ask about the origin of components and the update process. NIS2 mandates this exact due diligence with suppliers.<\/div>\n<\/div>\n<\/div>\n<\/div>\n<p style=\"line-height:1.8;margin-bottom:20px;\">None of these steps are expensive, and none require specialized knowledge. The real effort lies in taking a close look where no one was previously responsible. That\u2019s the difference between a company that detects a supply chain attack and one that only learns about it from the news.<\/p>\n<figure class=\"evm-inline-figure inarticle-visual\" style=\"display:block;max-width:100%;width:100%;margin:28px auto;border-radius:8px;overflow:hidden;border:1px solid #c0392b33;\"><img decoding=\"async\" src=\"https:\/\/mybusinessfuture.com\/wp-content\/uploads\/2026\/06\/post-iav0-hero-7.jpg\" alt=\"Four steps to reduce risk: Inventory, Update Pause, Review, Reporting \u2013 illustrated as an infographic with icons and short labels.\" style=\"width:100%;height:auto;display:block;\" loading=\"lazy\"\/><figcaption style=\"font-size:.85em;color:#667;margin-top:.5em;font-style:italic;line-height:1.45;\">Mid-sized companies secure their IT with clear steps against software risks.<\/figcaption><\/figure>\n<p style=\"line-height:1.8;margin-bottom:20px;\">The May wave is unlikely to be the last. Attacks on the software supply chain are cheap, scale to thousands of victims at once, and hit both prepared and unprepared businesses. The difference only emerges afterward-when the question becomes whether anyone knows their own inventory.<\/p>\n<h2 style=\"padding-top:64px;margin-bottom:20px;\">Frequently Asked Questions<\/h2>\n<details style=\"border:1px solid #e9ecef;border-radius:6px;margin-bottom:8px;background:#f8f9fa;\">\n<summary style=\"padding:14px 18px;cursor:pointer;font-weight:600;text-align:left;\"><strong>What happened in the attacks on TanStack, Daemon Tools, and Nx Console?<\/strong><\/summary>\n<p style=\"padding:14px 20px 18px;color:#495057;line-height:1.7;\">In all three cases, attackers injected malicious code through legitimate distribution channels: hijacked release workflows at TanStack, tampered signed installers for Daemon Tools, and a malicious extension on the official marketplace for Nx Console. CISA listed all three as actively exploited vulnerabilities at the end of May.<\/p>\n<\/details>\n<details style=\"border:1px solid #e9ecef;border-radius:6px;margin-bottom:8px;background:#f8f9fa;\">\n<summary style=\"padding:14px 18px;cursor:pointer;font-weight:600;text-align:left;\"><strong>Does this affect SMEs that don\u2019t develop software in-house?<\/strong><\/summary>\n<p style=\"padding:14px 20px 18px;color:#495057;line-height:1.7;\">Yes. Nearly every business application contains third-party components, and purchased or agency-built software uses the same packages that were compromised here. The risk enters through the supply chain, regardless of whether your company does its own development.<\/p>\n<\/details>\n<details style=\"border:1px solid #e9ecef;border-radius:6px;margin-bottom:8px;background:#f8f9fa;\">\n<summary style=\"padding:14px 18px;cursor:pointer;font-weight:600;text-align:left;\"><strong>What does NIS2 have to do with software supply chains?<\/strong><\/summary>\n<p style=\"padding:14px 20px 18px;color:#495057;line-height:1.7;\">NIS2 explicitly requires affected companies to include the security of their supply chain and direct service providers in their risk management. This means knowing the software components you use and being able to assess their origin. Violations can hold management liable, so the issue doesn\u2019t stop at the IT department.<\/p>\n<\/details>\n<details style=\"border:1px solid #e9ecef;border-radius:6px;margin-bottom:8px;background:#f8f9fa;\">\n<summary style=\"padding:14px 18px;cursor:pointer;font-weight:600;text-align:left;\"><strong>How can I tell if my company is affected?<\/strong><\/summary>\n<p style=\"padding:14px 20px 18px;color:#495057;line-height:1.7;\">The first step is creating an inventory of the software and libraries you use. This lets you check whether affected versions are in use. If you work with an external agency, ask them specifically about the packages they use and the installed versions.<\/p>\n<\/details>\n<details style=\"border:1px solid #e9ecef;border-radius:6px;margin-bottom:8px;background:#f8f9fa;\">\n<summary style=\"padding:14px 18px;cursor:pointer;font-weight:600;text-align:left;\"><strong>How much does securing the supply chain cost an SME without a large security team?<\/strong><\/summary>\n<p style=\"padding:14px 20px 18px;color:#495057;line-height:1.7;\">The most effective steps are affordable: a software inventory, a disciplined approach to updates, and hardened access with mandatory two-factor authentication. The real cost isn\u2019t the measures-it\u2019s the incident nobody noticed.<\/p>\n<\/details>\n<h2 style=\"padding-top:64px;margin-bottom:20px;\">Editor&#8217;s Picks<\/h2>\n<ul>\n<li><a href=\"https:\/\/mybusinessfuture.com\/en\/cybersecurity-boom-why-nis2-is-turning-germanys-security-industry-into-a-growth\/\">Cybersecurity Boom: How NIS2 is Driving Germany\u2019s Security Sector<\/a><\/li>\n<li><a href=\"https:\/\/mybusinessfuture.com\/en\/stanford-ai-index-2026-inaccuracy-cybersecurity-mittelstand\/\">Stanford AI Index 2026: What SMEs Must Rethink About Risk Measurement<\/a><\/li>\n<li><a href=\"https:\/\/mybusinessfuture.com\/en\/cloud-or-on-prem-what-matters-economically\/\">Cloud vs. On-Prem: The Bottom Line<\/a><\/li>\n<\/ul>\n<div style=\"margin:40px 0 24px 0;\">\n<p style=\"margin:0 0 12px 0;font-size:0.78em;font-weight:700;text-transform:uppercase;letter-spacing:0.18em;color:#666;\">More from the MBF Media Network<\/p>\n<div style=\"padding:14px 18px;border-left:3px solid #0bb7fd;background:#fafafa;margin-bottom:6px;\">\n<div style=\"font-size:0.7em;font-weight:700;color:#0bb7fd;text-transform:uppercase;letter-spacing:0.12em;margin-bottom:4px;\">cloudmagazin<\/div>\n<p><a href=\"https:\/\/www.cloudmagazin.com\/2026\/03\/25\/container-supply-chain-security-wie-it-teams-lieferketten-software-absichern\/\" style=\"font-weight:600;line-height:1.4;color:#1a1a1a;text-decoration:none;\">Container Supply Chain Security: Securing IT Supply Chains<\/a><\/p>\n<\/div>\n<div style=\"padding:14px 18px;border-left:3px solid #d65663;background:#fafafa;margin-bottom:6px;\">\n<div style=\"font-size:0.7em;font-weight:700;color:#d65663;text-transform:uppercase;letter-spacing:0.12em;margin-bottom:4px;\">digital-chiefs<\/div>\n<p><a href=\"https:\/\/www.digital-chiefs.de\/tech-mandate-aufsichtsrat-nis2-eu-ai-act-governance-2026\/\" style=\"font-weight:600;line-height:1.4;color:#1a1a1a;text-decoration:none;\">NIS2 and the EU AI Act Reveal the Skills Gap<\/a><\/p>\n<\/div>\n<div style=\"padding:14px 18px;border-left:3px solid #69d8ed;background:#fafafa;\">\n<div style=\"font-size:0.7em;font-weight:700;color:#69d8ed;text-transform:uppercase;letter-spacing:0.12em;margin-bottom:4px;\">securitytoday<\/div>\n<p><a href=\"https:\/\/www.securitytoday.de\/2026\/05\/16\/nis2-technische-mindestanforderungen-mittelstand-2026\/\" style=\"font-weight:600;line-height:1.4;color:#1a1a1a;text-decoration:none;\">Where SMEs Still Lag Behind on NIS2 Technical Requirements<\/a><\/p>\n<\/div>\n<\/div>\n<p style=\"text-align:right;color:#868e96;font-size:0.85em;margin-top:48px;\"><em>Image source: Cover and article images AI-generated (May 2026), C2PA certificate embedded in images<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Software supply chain as an entry point: What the attacks on TanStack, Daemon Tools, and Nx Console mean for SMEs and their NIS2 obligations.<\/p>\n","protected":false},"author":151,"featured_media":106248,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_yoast_wpseo_focuskw":"Software supply chain","_yoast_wpseo_title":"When the update itself becomes an entry point","_yoast_wpseo_metadesc":"Supply chain attack via TanStack, Daemon Tools, and Nx Console: What it means for mid-sized companies and their NIS2 obligations.","_yoast_wpseo_meta-robots-noindex":"","_yoast_wpseo_meta-robots-nofollow":"","_yoast_wpseo_meta-robots-adv":"","_yoast_wpseo_canonical":"","_yoast_wpseo_opengraph-title":"","_yoast_wpseo_opengraph-description":"","_yoast_wpseo_opengraph-image":"","_yoast_wpseo_opengraph-image-id":0,"_yoast_wpseo_twitter-title":"","_yoast_wpseo_twitter-description":"","_yoast_wpseo_twitter-image":"","_yoast_wpseo_twitter-image-id":0,"featured_post_sortierung":0,"featured_post":0,"pre_headline":"","bildquelle":"","teasertext":"","language":"de","_evm_translation_lang":"","_wp_old_slug":[],"footnotes":""},"categories":[1156,1152],"tags":[],"class_list":["post-106334","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-digital-business-future","category-it-tech","entry"],"evm_reading_time_minutes":7,"wpml_language":"en","wpml_translation_of":106244,"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.9 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>When the update itself becomes an entry point<\/title>\n<meta name=\"description\" content=\"Supply chain attack via TanStack, Daemon Tools, and Nx Console: What it means for mid-sized companies and their NIS2 obligations.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/mybusinessfuture.com\/en\/when-the-update-itself-becomes-an-entry-point\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"When the update itself becomes an entry point\" \/>\n<meta property=\"og:description\" content=\"Supply chain attack via TanStack, Daemon Tools, and Nx Console: What it means for mid-sized companies and their NIS2 obligations.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/mybusinessfuture.com\/en\/when-the-update-itself-becomes-an-entry-point\/\" \/>\n<meta property=\"og:site_name\" content=\"MyBusinessFuture\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/MyBusinessFuture\" \/>\n<meta property=\"article:published_time\" content=\"2026-06-08T20:44:27+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-06-17T15:22:05+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/mybusinessfuture.com\/wp-content\/uploads\/2026\/06\/lieferkettenangriff-software-mittelstand-nis2-cover-hero.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1792\" \/>\n\t<meta property=\"og:image:height\" content=\"1024\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Bernhard Liebl\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@mbusinessfuture\" \/>\n<meta name=\"twitter:site\" content=\"@mbusinessfuture\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Bernhard Liebl\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"NewsArticle\",\"@id\":\"https:\/\/mybusinessfuture.com\/en\/when-the-update-itself-becomes-an-entry-point\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/mybusinessfuture.com\/en\/when-the-update-itself-becomes-an-entry-point\/\"},\"author\":{\"name\":\"Bernhard Liebl\",\"@id\":\"https:\/\/mybusinessfuture.com\/#\/schema\/person\/01e9535223e8d95e19dc965936237c64\"},\"headline\":\"When the update itself becomes an entry point\",\"datePublished\":\"2026-06-08T20:44:27+00:00\",\"dateModified\":\"2026-06-17T15:22:05+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/mybusinessfuture.com\/en\/when-the-update-itself-becomes-an-entry-point\/\"},\"wordCount\":1250,\"publisher\":{\"@id\":\"https:\/\/mybusinessfuture.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/mybusinessfuture.com\/en\/when-the-update-itself-becomes-an-entry-point\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/mybusinessfuture.com\/wp-content\/uploads\/2026\/06\/lieferkettenangriff-software-mittelstand-nis2-cover-hero.jpg\",\"articleSection\":[\"Digital Business &amp; Future\",\"IT &amp; Tech\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/mybusinessfuture.com\/en\/when-the-update-itself-becomes-an-entry-point\/\",\"url\":\"https:\/\/mybusinessfuture.com\/en\/when-the-update-itself-becomes-an-entry-point\/\",\"name\":\"When the update itself becomes an entry point\",\"isPartOf\":{\"@id\":\"https:\/\/mybusinessfuture.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/mybusinessfuture.com\/en\/when-the-update-itself-becomes-an-entry-point\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/mybusinessfuture.com\/en\/when-the-update-itself-becomes-an-entry-point\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/mybusinessfuture.com\/wp-content\/uploads\/2026\/06\/lieferkettenangriff-software-mittelstand-nis2-cover-hero.jpg\",\"datePublished\":\"2026-06-08T20:44:27+00:00\",\"dateModified\":\"2026-06-17T15:22:05+00:00\",\"description\":\"Supply chain attack via TanStack, Daemon Tools, and Nx Console: What it means for mid-sized companies and their NIS2 obligations.\",\"breadcrumb\":{\"@id\":\"https:\/\/mybusinessfuture.com\/en\/when-the-update-itself-becomes-an-entry-point\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/mybusinessfuture.com\/en\/when-the-update-itself-becomes-an-entry-point\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/mybusinessfuture.com\/en\/when-the-update-itself-becomes-an-entry-point\/#primaryimage\",\"url\":\"https:\/\/mybusinessfuture.com\/wp-content\/uploads\/2026\/06\/lieferkettenangriff-software-mittelstand-nis2-cover-hero.jpg\",\"contentUrl\":\"https:\/\/mybusinessfuture.com\/wp-content\/uploads\/2026\/06\/lieferkettenangriff-software-mittelstand-nis2-cover-hero.jpg\",\"width\":1792,\"height\":1024,\"caption\":\"Wenn Softwarepflege zur Frage der Detailkontrolle wird.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/mybusinessfuture.com\/en\/when-the-update-itself-becomes-an-entry-point\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Startseite\",\"item\":\"https:\/\/mybusinessfuture.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"When the update itself becomes an entry point\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/mybusinessfuture.com\/#website\",\"url\":\"https:\/\/mybusinessfuture.com\/\",\"name\":\"MyBusinessFuture\",\"description\":\"B2B-Magazin f\u00fcr Digitalisierung, KI und Business-Innovation \u2014 Fachartikel f\u00fcr IT-Entscheider im DACH-Raum\",\"publisher\":{\"@id\":\"https:\/\/mybusinessfuture.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/mybusinessfuture.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/mybusinessfuture.com\/#organization\",\"name\":\"MyBusinessFuture\",\"url\":\"https:\/\/mybusinessfuture.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/mybusinessfuture.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/mybusinessfuture.com\/wp-content\/uploads\/2020\/10\/MBF-logo-schwarz.png\",\"contentUrl\":\"https:\/\/mybusinessfuture.com\/wp-content\/uploads\/2020\/10\/MBF-logo-schwarz.png\",\"width\":398,\"height\":241,\"caption\":\"MyBusinessFuture\"},\"image\":{\"@id\":\"https:\/\/mybusinessfuture.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/MyBusinessFuture\",\"https:\/\/x.com\/mbusinessfuture\",\"https:\/\/www.linkedin.com\/showcase\/mybusinessfuture\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/mybusinessfuture.com\/#\/schema\/person\/01e9535223e8d95e19dc965936237c64\",\"name\":\"Bernhard Liebl\",\"description\":\"Bernhard Liebl ist Senior Campaigns & Performance Manager bei Evernine und Co-Founder der CSR- und Nachhaltigkeitsplattform planeed. Er f\u00fchrt B2B-Kampagnen mit Account-based-Marketing-Logik und KI-Integration und schreibt \u00fcber Performance-Marketing-Handwerk, CSR ohne Greenwashing und Founder-Lessons aus der Praxis eines kleinen Players. Neben Digital Chiefs und MyBusinessFuture besch\u00e4ftigt er sich operativ mit der Frage, wie sich Reichweite in messbare Wirkung \u00fcbersetzen l\u00e4sst.\",\"url\":\"https:\/\/mybusinessfuture.com\/en\/experte\/bernhard-liebl\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"When the update itself becomes an entry point","description":"Supply chain attack via TanStack, Daemon Tools, and Nx Console: What it means for mid-sized companies and their NIS2 obligations.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/mybusinessfuture.com\/en\/when-the-update-itself-becomes-an-entry-point\/","og_locale":"en_US","og_type":"article","og_title":"When the update itself becomes an entry point","og_description":"Supply chain attack via TanStack, Daemon Tools, and Nx Console: What it means for mid-sized companies and their NIS2 obligations.","og_url":"https:\/\/mybusinessfuture.com\/en\/when-the-update-itself-becomes-an-entry-point\/","og_site_name":"MyBusinessFuture","article_publisher":"https:\/\/www.facebook.com\/MyBusinessFuture","article_published_time":"2026-06-08T20:44:27+00:00","article_modified_time":"2026-06-17T15:22:05+00:00","og_image":[{"width":1792,"height":1024,"url":"https:\/\/mybusinessfuture.com\/wp-content\/uploads\/2026\/06\/lieferkettenangriff-software-mittelstand-nis2-cover-hero.jpg","type":"image\/jpeg"}],"author":"Bernhard Liebl","twitter_card":"summary_large_image","twitter_creator":"@mbusinessfuture","twitter_site":"@mbusinessfuture","twitter_misc":{"Written by":"Bernhard Liebl","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"NewsArticle","@id":"https:\/\/mybusinessfuture.com\/en\/when-the-update-itself-becomes-an-entry-point\/#article","isPartOf":{"@id":"https:\/\/mybusinessfuture.com\/en\/when-the-update-itself-becomes-an-entry-point\/"},"author":{"name":"Bernhard Liebl","@id":"https:\/\/mybusinessfuture.com\/#\/schema\/person\/01e9535223e8d95e19dc965936237c64"},"headline":"When the update itself becomes an entry point","datePublished":"2026-06-08T20:44:27+00:00","dateModified":"2026-06-17T15:22:05+00:00","mainEntityOfPage":{"@id":"https:\/\/mybusinessfuture.com\/en\/when-the-update-itself-becomes-an-entry-point\/"},"wordCount":1250,"publisher":{"@id":"https:\/\/mybusinessfuture.com\/#organization"},"image":{"@id":"https:\/\/mybusinessfuture.com\/en\/when-the-update-itself-becomes-an-entry-point\/#primaryimage"},"thumbnailUrl":"https:\/\/mybusinessfuture.com\/wp-content\/uploads\/2026\/06\/lieferkettenangriff-software-mittelstand-nis2-cover-hero.jpg","articleSection":["Digital Business &amp; Future","IT &amp; Tech"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/mybusinessfuture.com\/en\/when-the-update-itself-becomes-an-entry-point\/","url":"https:\/\/mybusinessfuture.com\/en\/when-the-update-itself-becomes-an-entry-point\/","name":"When the update itself becomes an entry point","isPartOf":{"@id":"https:\/\/mybusinessfuture.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/mybusinessfuture.com\/en\/when-the-update-itself-becomes-an-entry-point\/#primaryimage"},"image":{"@id":"https:\/\/mybusinessfuture.com\/en\/when-the-update-itself-becomes-an-entry-point\/#primaryimage"},"thumbnailUrl":"https:\/\/mybusinessfuture.com\/wp-content\/uploads\/2026\/06\/lieferkettenangriff-software-mittelstand-nis2-cover-hero.jpg","datePublished":"2026-06-08T20:44:27+00:00","dateModified":"2026-06-17T15:22:05+00:00","description":"Supply chain attack via TanStack, Daemon Tools, and Nx Console: What it means for mid-sized companies and their NIS2 obligations.","breadcrumb":{"@id":"https:\/\/mybusinessfuture.com\/en\/when-the-update-itself-becomes-an-entry-point\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/mybusinessfuture.com\/en\/when-the-update-itself-becomes-an-entry-point\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/mybusinessfuture.com\/en\/when-the-update-itself-becomes-an-entry-point\/#primaryimage","url":"https:\/\/mybusinessfuture.com\/wp-content\/uploads\/2026\/06\/lieferkettenangriff-software-mittelstand-nis2-cover-hero.jpg","contentUrl":"https:\/\/mybusinessfuture.com\/wp-content\/uploads\/2026\/06\/lieferkettenangriff-software-mittelstand-nis2-cover-hero.jpg","width":1792,"height":1024,"caption":"Wenn Softwarepflege zur Frage der Detailkontrolle wird."},{"@type":"BreadcrumbList","@id":"https:\/\/mybusinessfuture.com\/en\/when-the-update-itself-becomes-an-entry-point\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Startseite","item":"https:\/\/mybusinessfuture.com\/"},{"@type":"ListItem","position":2,"name":"When the update itself becomes an entry point"}]},{"@type":"WebSite","@id":"https:\/\/mybusinessfuture.com\/#website","url":"https:\/\/mybusinessfuture.com\/","name":"MyBusinessFuture","description":"B2B-Magazin f\u00fcr Digitalisierung, KI und Business-Innovation \u2014 Fachartikel f\u00fcr IT-Entscheider im DACH-Raum","publisher":{"@id":"https:\/\/mybusinessfuture.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/mybusinessfuture.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/mybusinessfuture.com\/#organization","name":"MyBusinessFuture","url":"https:\/\/mybusinessfuture.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/mybusinessfuture.com\/#\/schema\/logo\/image\/","url":"https:\/\/mybusinessfuture.com\/wp-content\/uploads\/2020\/10\/MBF-logo-schwarz.png","contentUrl":"https:\/\/mybusinessfuture.com\/wp-content\/uploads\/2020\/10\/MBF-logo-schwarz.png","width":398,"height":241,"caption":"MyBusinessFuture"},"image":{"@id":"https:\/\/mybusinessfuture.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/MyBusinessFuture","https:\/\/x.com\/mbusinessfuture","https:\/\/www.linkedin.com\/showcase\/mybusinessfuture\/"]},{"@type":"Person","@id":"https:\/\/mybusinessfuture.com\/#\/schema\/person\/01e9535223e8d95e19dc965936237c64","name":"Bernhard Liebl","description":"Bernhard Liebl ist Senior Campaigns & Performance Manager bei Evernine und Co-Founder der CSR- und Nachhaltigkeitsplattform planeed. Er f\u00fchrt B2B-Kampagnen mit Account-based-Marketing-Logik und KI-Integration und schreibt \u00fcber Performance-Marketing-Handwerk, CSR ohne Greenwashing und Founder-Lessons aus der Praxis eines kleinen Players. Neben Digital Chiefs und MyBusinessFuture besch\u00e4ftigt er sich operativ mit der Frage, wie sich Reichweite in messbare Wirkung \u00fcbersetzen l\u00e4sst.","url":"https:\/\/mybusinessfuture.com\/en\/experte\/bernhard-liebl\/"}]}},"_links":{"self":[{"href":"https:\/\/mybusinessfuture.com\/en\/wp-json\/wp\/v2\/posts\/106334","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mybusinessfuture.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mybusinessfuture.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mybusinessfuture.com\/en\/wp-json\/wp\/v2\/users\/151"}],"replies":[{"embeddable":true,"href":"https:\/\/mybusinessfuture.com\/en\/wp-json\/wp\/v2\/comments?post=106334"}],"version-history":[{"count":3,"href":"https:\/\/mybusinessfuture.com\/en\/wp-json\/wp\/v2\/posts\/106334\/revisions"}],"predecessor-version":[{"id":107472,"href":"https:\/\/mybusinessfuture.com\/en\/wp-json\/wp\/v2\/posts\/106334\/revisions\/107472"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mybusinessfuture.com\/en\/wp-json\/wp\/v2\/media\/106248"}],"wp:attachment":[{"href":"https:\/\/mybusinessfuture.com\/en\/wp-json\/wp\/v2\/media?parent=106334"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mybusinessfuture.com\/en\/wp-json\/wp\/v2\/categories?post=106334"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mybusinessfuture.com\/en\/wp-json\/wp\/v2\/tags?post=106334"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}