Supply Chain Security Archives

SECURITYWEEK NETWORK:

ICS:

Connect with us

Hi, what are you looking for?

Supply Chain Security

NPM 12 Will Change Script Execution Behavior to Prevent Supply Chain Attacks

By default, npm install will no longer execute scripts from dependencies, unless explicitly allowed.

Ionut Arghire6 hours ago

Malware & Threats

Over 100 NPM, PyPI Packages Hit in New Shai-Hulud Supply Chain Attacks

The most recent variants of the self-propagating attacks are named Miasma and Hades.

Ionut Arghire4 days ago

Supply Chain Security

OWASP Incubator Project Helps Developers Find and Fix Vulnerable Dependencies in Seconds

CVE Lite CLI is a free, open-source command line tool that scans your projects in seconds and tells you exactly which included packages contain...

Kevin TownsendJune 5, 2026

Supply Chain Security

Supply Chain Attack Hits 32 Red Hat NPM Packages

Hackers published 96 malicious package versions, injected with a credential-stealing worm similar to Mini Shai-Hulud.

Ionut ArghireJune 2, 2026

Risk Management

Video: ESG – CISO’s Guide to an Emerging Risk Cornerstone

SecurityWeek NewsNovember 4, 2022

Risk Management

Webinar Today: ESG – CISO’s Guide to an Emerging Risk Cornerstone

SecurityWeek VideoNovember 3, 2022

Supply Chain Security

Checkmk Vulnerabilities Can Be Chained for Remote Code Execution

Researchers at code security firm Sonar Source have shared details on multiple Checkmk vulnerabilities that could be chained together to execute code remotely, without...

Ionut ArghireNovember 3, 2022

Cybercrime

Over 250 US News Websites Deliver Malware via Supply Chain Attack

Hundreds of regional and national news websites in the United States are delivering malware as a result of a supply chain attack involving one...

Eduard KovacsNovember 3, 2022

Application Security

US Gov Issues Supply Chain Security Guidance for Software Suppliers

The Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Office of the Director of National Intelligence (ODNI) this week...

Ionut ArghireNovember 1, 2022

ICS/OT

Engineering Workstations Used as Initial Access Vector in Many ICS/OT Attacks: Survey

Organizations are more confident in their ability to detect an OT breach

Eduard KovacsNovember 1, 2022

Malware & Threats

Critical ConnectWise Vulnerability Affects Thousands of Internet-Exposed Servers

IT management software provider ConnectWise on Friday announced updates that patch a critical vulnerability which, according to cybersecurity professionals, exposes thousands of servers to...

Eduard KovacsOctober 31, 2022

Cybercrime

Twilio Says Employees Targeted in Separate Smishing, Vishing Attacks

Enterprise communications firm Twilio has concluded its investigation into the recent data breach and revealed on Thursday that its employees were targeted in smishing...

Eduard KovacsOctober 28, 2022

ICS/OT

DHS Develops Baseline Cybersecurity Goals for Critical Infrastructure

The DHS on Thursday announced Cybersecurity Performance Goals (CPGs) to help organizations — particularly in critical infrastructure sectors — prioritize cybersecurity investments and address...

Eduard KovacsOctober 28, 2022

Application Security

GitHub Account Renaming Could Have Led to Supply Chain Attacks

Checkmarx warns that attackers could have exploited the renaming of popular GitHub accounts to create malicious repositories using the vacated name and launch software...

Ionut ArghireOctober 27, 2022

Supply Chain Security

VMware Patches Critical Vulnerability in End-of-Life Product

VMware this week announced patches for a critical remote code execution vulnerability in VMware Cloud Foundation and NSX Data Center for vSphere (NSX-V).

Ionut ArghireOctober 26, 2022

Application Security

Arnica Raises $7 Million to Protect Software Developers, Code

Behavior-based threat detection startup Arnica has raised $7 million in a seed funding round led by Joule Ventures and First Rays Venture Partners, with...

Ionut ArghireOctober 25, 2022

Application Security

Google’s GUAC Open Source Tool Centralizes Software Security Metadata

Google announces GUAC, an open source tool to help organizations better understand software supply chains by centralizing build, security, and dependency metadata.

Ionut ArghireOctober 20, 2022

Network Security

Cybersecurity Awareness Month: 5 Actionable Tips

Best practices for defeating against most attacks, hopefully making the need for future Cybersecurity Awareness Months obsolete

Torsten GeorgeOctober 19, 2022

Supply Chain Security

Oracle Releases 370 New Security Patches With October 2022 CPU

Oracle on Tuesday announced the release of 370 patches as part of its quarterly set of security updates. The October 2022 Critical Patch Update...

Ionut ArghireOctober 19, 2022

Application Security

Timing Attacks Can Be Used to Check for Existence of Private NPM Packages

Container and cloud-native application security provider Aqua Security warns that the existence of private NPM packages can be disclosed by performing timing attacks.

Ionut ArghireOctober 14, 2022

ICS/OT

Automotive Security Threats Are More Critical Than Ever

We’ve all marveled at the latest innovations from Tesla, the skill of Google’s self-driving cars, or, at the very least, enjoyed playing a podcast...

Marie HattarOctober 11, 2022

Cybercrime

LofyGang Cybercrime Group Used 200 Malicious NPM Packages for Supply Chain Attacks

A cybercrime group named LofyGang has distributed roughly 200 malicious NPM packages that have been downloaded thousands of times over the past year, according...

Ionut ArghireOctober 11, 2022

Application Security

Endor Labs Joins Race to Secure Software Supply Chain

It’s officially a venture capital funding frenzy in the software supply chain security space.

Ryan NaraineOctober 10, 2022

Cybercrime

Personal Information of 123K Individuals Exposed in City of Tucson Data Breach

The City of Tucson, Arizona, is notifying roughly 123,000 individuals that their personal information was compromised in a recent data breach.The incident was identified...

Ionut ArghireOctober 6, 2022

Page 11 of 20« First ‹ Previous 7 8 9 101112 13 14 15 Next ›Last »

Webinar: How Modern Breaches Bypass MFA and Evade Detection

June 17, 2026

Today’s attackers are no longer breaking in — they’re logging in. Join this live webinar as we break down the modern identity attack chain and examine how recent breaches exploited weaknesses in authentication, identity verification, and access management processes.

Webinar: Modern Exposure Validation in the AI Era

June 24, 2026

AI has accelerated both sides of the fight. Adversaries are weaponizing vulnerabilities faster, while defenders are racing to ship detections and configurations. Join this live webinar as we explore how to prove your controls actually hold against new threats, map your security maturity, and unite breach simulation with automated pentesting into a single, coordinated program.

SECURITYWEEK NETWORK:

ICS:

Supply Chain Security

NPM 12 Will Change Script Execution Behavior to Prevent Supply Chain Attacks

Malware & Threats

Over 100 NPM, PyPI Packages Hit in New Shai-Hulud Supply Chain Attacks

Supply Chain Security

OWASP Incubator Project Helps Developers Find and Fix Vulnerable Dependencies in Seconds

Supply Chain Security

Supply Chain Attack Hits 32 Red Hat NPM Packages

Risk Management

Video: ESG – CISO’s Guide to an Emerging Risk Cornerstone

Risk Management

Webinar Today: ESG – CISO’s Guide to an Emerging Risk Cornerstone

Supply Chain Security

Checkmk Vulnerabilities Can Be Chained for Remote Code Execution

Cybercrime

Over 250 US News Websites Deliver Malware via Supply Chain Attack

Application Security

US Gov Issues Supply Chain Security Guidance for Software Suppliers

ICS/OT

Engineering Workstations Used as Initial Access Vector in Many ICS/OT Attacks: Survey

Malware & Threats

Critical ConnectWise Vulnerability Affects Thousands of Internet-Exposed Servers

Cybercrime

Twilio Says Employees Targeted in Separate Smishing, Vishing Attacks

ICS/OT

DHS Develops Baseline Cybersecurity Goals for Critical Infrastructure

Application Security

GitHub Account Renaming Could Have Led to Supply Chain Attacks

Supply Chain Security

VMware Patches Critical Vulnerability in End-of-Life Product

Application Security

Arnica Raises $7 Million to Protect Software Developers, Code

Application Security

Google’s GUAC Open Source Tool Centralizes Software Security Metadata

Network Security

Cybersecurity Awareness Month: 5 Actionable Tips

Supply Chain Security

Oracle Releases 370 New Security Patches With October 2022 CPU

Application Security

Timing Attacks Can Be Used to Check for Existence of Private NPM Packages

ICS/OT

Automotive Security Threats Are More Critical Than Ever

Cybercrime

LofyGang Cybercrime Group Used 200 Malicious NPM Packages for Supply Chain Attacks

Application Security

Endor Labs Joins Race to Secure Software Supply Chain

Cybercrime

Personal Information of 123K Individuals Exposed in City of Tucson Data Breach

Daily Briefing Newsletter

Trending

Webinar: How Modern Breaches Bypass MFA and Evade Detection

Webinar: Modern Exposure Validation in the AI Era

People on the move

Expert Insights

After AI Reaches Production: 12 Ways Security Teams Can Take Control

Everybody Is Vibe Coding But Nobody Told the Security Team

The Zero-Knowledge Threat Actor and the End of Responsible Disclosure

Raising the Cybersecurity Stakes: Ante up for the Agentic Era

Caught Off Guard: Securing AI After It Hits Production

Daily Briefing Newsletter