Funding/M&A
The cash infusion brings Chainguard’s total funding to about $612 million since launching in 2021 and prices the company at $3.5 billion.
Hi, what are you looking for?
SecurityWeek
Malware & Threats
A threat actor published backdoored versions of 17 NPM packages from GlueStack in a fresh supply chain attack.
Malware & Threats
Security firm Socket warns flags a campaign targeting NPM users with tens of malicious packages that can hijack system information.
Nation-State
The China-linked hacking group Earth Ammit has launched multi-wave attacks in Taiwan and South Korea to disrupt the drone sector.
Cyberwarfare
As Xi Jinping advances his vision for China’s dominance by 2049, cybersecurity experts warn that connected technologies—like EV batteries—may quietly serve as tools of...
Cybersecurity Funding
The funding round brings the total amount raised by the NetRise to roughly $25 million.
Malware & Threats
The flaw, tagged as CVE-2025-30406, was added to CISA’s Known Exploited Vulnerabilities (KEV) catalog in early April.
Supply Chain Security
Researchers uncover new software supply chain threat from LLM-generated package hallucinations.
Cybercrime
Threat actors are publishing malicious NPM packages to steal PayPal credentials and hijack cryptocurrency transfers.
Application Security
Evidence shows a SpotBugs token compromised in December 2024 was used in the March 2025 GitHub Actions supply chain attack.
Supply Chain Security
Join the virtual event as we explore of the critical nature of software and vendor supply chain security issues.
Supply Chain Security
More details have come to light on the recent supply chain attack targeting GitHub Actions, including its root cause.
Malware & Threats
The websites of over 100 auto dealerships were found serving malicious ClickFix code in a supply chain compromise.
Application Security
The tj-actions/changed-files GitHub Action, which is used in 23,000 repositories, has been targeted in a supply chain attack.
Supply Chain Security
Report from the Department for Science, Innovation & Technology (DSIT) finds weaknesses in current practices.
Application Security
Opengrep is a new consortium-backed fork of Semgrep, intended to be and remain a true genuine OSS SAST tool.
Supply Chain Security
Join Us in Shaping the Future of Supply Chain Security - Don’t miss this chance to be part of the conversation addressing one of...
Supply Chain Security
Open source software (OSS) is a prime target for supply chain cyberattacks and protecting it remains a major challenge.
Funding/M&A
The deal includes certain Phylum assets, including its malicious package analysis, detection, and mitigation technology.
Supply Chain Security
The recent compromise of Cyberhaven’s Chrome extension appears to be part of a broad campaign that started over a year ago.
Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.
RegisterLearn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.
RegisterExpert Insights
AI-made decisions are in many ways shaping and governing human lives. Companies have a moral, social, and fiduciary duty to responsibly lead its take-up.
(Stu Sjouwerman)
Ransomware is a major threat to the enterprise. Tools and training help, but survival depends on one thing: your organization’s muscle memory to respond fast and recover stronger.
(Trevin Edgeworth)
Strong security doesn’t just rely on tools—it starts with trust, clarity, and sincerity from the top down.
(Joshua Goldfarb)
The future of secure digital engagement depends on continuous identity verification and proofing that can scale with risk.
(Torsten George)
In a rapidly changing AI environment, CISOs are worried about investing in the wrong solution or simply not investing because they can’t decide what the best option is.
(Marc Solomon)