Funding/M&A
The cash infusion brings Chainguard’s total funding to about $612 million since launching in 2021 and prices the company at $3.5 billion.
Hi, what are you looking for?
A threat actor published backdoored versions of 17 NPM packages from GlueStack in a fresh supply chain attack.
The cash infusion brings Chainguard’s total funding to about $612 million since launching in 2021 and prices the company at $3.5 billion.
The funding round brings the total amount raised by the NetRise to roughly $25 million.
The flaw, tagged as CVE-2025-30406, was added to CISA’s Known Exploited Vulnerabilities (KEV) catalog in early April.
Researchers uncover new software supply chain threat from LLM-generated package hallucinations.
Threat actors are publishing malicious NPM packages to steal PayPal credentials and hijack cryptocurrency transfers.
Evidence shows a SpotBugs token compromised in December 2024 was used in the March 2025 GitHub Actions supply chain attack.
Join the virtual event as we explore of the critical nature of software and vendor supply chain security issues.
More details have come to light on the recent supply chain attack targeting GitHub Actions, including its root cause.
The websites of over 100 auto dealerships were found serving malicious ClickFix code in a supply chain compromise.
The tj-actions/changed-files GitHub Action, which is used in 23,000 repositories, has been targeted in a supply chain attack.
Report from the Department for Science, Innovation & Technology (DSIT) finds weaknesses in current practices.
Opengrep is a new consortium-backed fork of Semgrep, intended to be and remain a true genuine OSS SAST tool.
Join Us in Shaping the Future of Supply Chain Security - Don’t miss this chance to be part of the conversation addressing one of...
Open source software (OSS) is a prime target for supply chain cyberattacks and protecting it remains a major challenge.
The deal includes certain Phylum assets, including its malicious package analysis, detection, and mitigation technology.
The recent compromise of Cyberhaven’s Chrome extension appears to be part of a broad campaign that started over a year ago.