Supply Chain Security Archives

SECURITYWEEK NETWORK:

ICS:

Connect with us

Hi, what are you looking for?

Supply Chain Security

Virtual Event Today: Supply Chain & Third-Party Risk Security Summit

Join the virtual event as we explore of the critical nature of software and vendor supply chain security issues.

SecurityWeek News13 hours ago

Malware & Threats

100 Car Dealerships Hit by Supply Chain Attack

The websites of over 100 auto dealerships were found serving malicious ClickFix code in a supply chain compromise.

Ionut Arghire3 days ago

Application Security

Popular GitHub Action Targeted in Supply Chain Attack

The tj-actions/changed-files GitHub Action, which is used in 23,000 repositories, has been targeted in a supply chain attack.

Eduard Kovacs3 days ago

Supply Chain Security

UK Government Report Calls for Stronger Open Source Supply Chain Security Practices

Report from the Department for Science, Innovation & Technology (DSIT) finds weaknesses in current practices.

Kevin TownsendMarch 11, 2025

Application Security

Endor Labs and Allies Launch Opengrep, Reviving True OSS for SAST

Opengrep is a new consortium-backed fork of Semgrep, intended to be and remain a true genuine OSS SAST tool.

Kevin TownsendJanuary 27, 2025

Supply Chain Security

Call for Presentations Open for SecurityWeek’s 2025 Supply Chain Security & Third-Party Risk Summit

Join Us in Shaping the Future of Supply Chain Security - Don’t miss this chance to be part of the conversation addressing one of...

SecurityWeek NewsJanuary 22, 2025

Supply Chain Security

Cyber Insights 2025: Open Source and Software Supply Chain Security

Open source software (OSS) is a prime target for supply chain cyberattacks and protecting it remains a major challenge.

Kevin TownsendJanuary 15, 2025

Funding/M&A

Veracode Targets Malicious Code Threats With Phylum Acquisition

The deal includes certain Phylum assets, including its malicious package analysis, detection, and mitigation technology.

Ryan NaraineJanuary 7, 2025

Supply Chain Security

Cyberhaven Chrome Extension Hack Linked to Widening Supply Chain Campaign

The recent compromise of Cyberhaven’s Chrome extension appears to be part of a broad campaign that started over a year ago.

Ionut ArghireDecember 31, 2024

Supply Chain Security

Several Chrome Extensions Compromised in Supply Chain Attack

Cyberhaven and other Chrome extensions were compromised in a supply chain attack targeting Facebook advertising users.

Ionut ArghireDecember 30, 2024

Supply Chain Security

Solana Web3.js Library Backdoored in Supply Chain Attack

Supply chain attack leads to decentralized application developers downloading backdoored versions of the Solana Web3.js library.

Ionut ArghireDecember 4, 2024

Supply Chain Security

ESET Flags Prototype UEFI Bootkit Targeting Linux

ESET warns of a new reality: “UEFI bootkits are no longer confined to Windows systems alone.”

Ryan NaraineNovember 27, 2024

Page 1 of 2912 3 4 5 Next ›Last »

SECURITYWEEK NETWORK:

ICS:

Supply Chain Security

Virtual Event Today: Supply Chain & Third-Party Risk Security Summit

Malware & Threats

100 Car Dealerships Hit by Supply Chain Attack

Application Security

Popular GitHub Action Targeted in Supply Chain Attack

Supply Chain Security

UK Government Report Calls for Stronger Open Source Supply Chain Security Practices

Application Security

Endor Labs and Allies Launch Opengrep, Reviving True OSS for SAST

Supply Chain Security

Call for Presentations Open for SecurityWeek’s 2025 Supply Chain Security & Third-Party Risk Summit

Supply Chain Security

Cyber Insights 2025: Open Source and Software Supply Chain Security

Funding/M&A

Veracode Targets Malicious Code Threats With Phylum Acquisition

Supply Chain Security

Cyberhaven Chrome Extension Hack Linked to Widening Supply Chain Campaign

Supply Chain Security

Several Chrome Extensions Compromised in Supply Chain Attack

Supply Chain Security

Solana Web3.js Library Backdoored in Supply Chain Attack

Supply Chain Security

ESET Flags Prototype UEFI Bootkit Targeting Linux

Featured

Cloud Security

What’s Behind Google’s $32 Billion Wiz Acquisition?

Phishing

Scareware Combined With Phishing in Attacks Targeting macOS Users

Funding/M&A

Google to Acquire Cloud Security Giant Wiz for $32 Billion in Cash

Artificial Intelligence

ChatGPT Tool Vulnerability Exploited Against US Government Organizations

Artificial Intelligence

Nvidia Patches Vulnerabilities That Could Let Hackers Exploit AI Services

Ransomware

Recent Fortinet Vulnerabilities Exploited in ‘SuperBlack’ Ransomware Attacks

Ransomware

Medusa Ransomware Made 300 Critical Infrastructure Victims

Latest News

Cybersecurity Funding

Orion Security Raises $6 Million to Tackle Insider Threats and Data Leaks with AI-Driven DLP

Cybercrime

March Madness Requires Vigilance on Both an Individual and Corporate Level

Data Breaches

Infosys to Pay $17.5 Million in Settlement Over 2023 Data Breach

Malware & Threats

Chinese Hacking Group MirrorFace Targeting Europe

Phishing

Scareware Combined With Phishing in Attacks Targeting macOS Users

Malware & Threats

Microsoft Warns of New StilachiRAT Malware

Data Protection

HP Launches Printers With Quantum Resilient Cryptography

Daily Briefing Newsletter