Supply Chain Security Archives

SECURITYWEEK NETWORK:

ICS:

Connect with us

Hi, what are you looking for?

Supply Chain Security

NPM 12 Will Change Script Execution Behavior to Prevent Supply Chain Attacks

By default, npm install will no longer execute scripts from dependencies, unless explicitly allowed.

Ionut Arghire14 hours ago

Malware & Threats

Over 100 NPM, PyPI Packages Hit in New Shai-Hulud Supply Chain Attacks

The most recent variants of the self-propagating attacks are named Miasma and Hades.

Ionut Arghire5 days ago

Supply Chain Security

OWASP Incubator Project Helps Developers Find and Fix Vulnerable Dependencies in Seconds

CVE Lite CLI is a free, open-source command line tool that scans your projects in seconds and tells you exactly which included packages contain...

Kevin TownsendJune 5, 2026

Supply Chain Security

Supply Chain Attack Hits 32 Red Hat NPM Packages

Hackers published 96 malicious package versions, injected with a credential-stealing worm similar to Mini Shai-Hulud.

Ionut ArghireJune 2, 2026

ICS/OT

SCADA Systems Involved in Many Breaches Suffered by US Ports, Terminals

Law firm Jones Walker has published the results of a survey focusing on the cybersecurity preparedness of ports and terminals in the United States.

Eduard KovacsOctober 5, 2022

Supply Chain Security

Critical Packagist Vulnerability Opened Door for PHP Supply Chain Attack

Code security company SonarSource today published details on a severe vulnerability impacting Packagist, which could have been abused to mount supply chain attacks targeting...

Ionut ArghireOctober 4, 2022

Cybersecurity Funding

Firmware Security Company Eclypsium Raises $25 Million in Series B Funding

Firmware and hardware security company Eclypsium announced on Tuesday that it has raised $25 million in a Series B funding round, which brings the...

Eduard KovacsOctober 4, 2022

Application Security

Cybersecurity M&A Roundup: 39 Deals Announced in September 2022

Eduard KovacsOctober 4, 2022

Cyberwarfare

Supply Chain Attack Targets Customer Engagement Firm Comm100

CrowdStrike is warning of a recently identified supply chain attack involving Canada-based customer engagement software provider Comm100.

Ionut ArghireOctober 3, 2022

Application Security

Investors Bet on Ox Security to Guard Software Supply Chains

The funding frenzy in the software supply chain space now includes Ox Security, an early-stage Israeli startup that just raised a whopping $34 million...

Ryan NaraineSeptember 29, 2022

Application Security

New ‘Wolfi’ Linux Distro Focuses on Software Supply Chain Security

Chainguard this week announced Wolfi, a stripped-down Linux OS distribution designed to improve the security of the software supply chain.

Ionut ArghireSeptember 23, 2022

Supply Chain Security

New Firmware Vulnerabilities Affecting Millions of Devices Allow Persistent Access

Firmware security company Binarly has discovered another round of potentially serious firmware vulnerabilities that could allow an attacker to gain persistent access to any...

Eduard KovacsSeptember 23, 2022

Application Security

15-Year-Old Python Vulnerability Present in 350,000 Projects Resurrected

Researchers at threat detection and response company Trellix have resurrected a 15-year-old Python vulnerability, showing that it’s more serious than initially believed and that...

Eduard KovacsSeptember 22, 2022

Supply Chain Security

Vulnerability Management Fatigue Fueled by Non-Exploitable Bugs

Kevin TownsendSeptember 20, 2022

Application Security

Industry Reactions to Govt Requiring Security Guarantees From Software Vendors

The White House has announced new guidance with the aim of ensuring that federal agencies only use secure software.

Eduard KovacsSeptember 16, 2022

Application Security

Rust Gets a Dedicated Security Team

The non-profit Rust Foundation has scored funding to build a dedicated security team to proactively identify and address security defects in the popular Rust...

Ryan NaraineSeptember 15, 2022

IoT Security

EU Wants to Toughen Cybersecurity Rules for Smart Devices

The European Union’s executive arm proposed new legislation Thursday that would force manufacturers to ensure that devices connected to the internet meet cybersecurity standards,...

Associated PressSeptember 15, 2022

Cybercrime

FBI Warns of Cyberattacks Targeting Healthcare Payment Processors

The FBI has observed an increase in attacks targeting healthcare payment processors in an effort to divert significant amounts of money to accounts controlled...

Ionut ArghireSeptember 15, 2022

Application Security

US Government Wants Security Guarantees From Software Vendors

Eduard KovacsSeptember 15, 2022

Cloud Security

Bishop Fox Releases Open Source Cloud Hacking Tool ‘CloudFox’

Cybersecurity firm Bishop Fox has announced the release of CloudFox, an open source tool designed to help find exploitable attack paths in cloud infrastructure.The...

Eduard KovacsSeptember 14, 2022

Malware & Threats

Malware Infects Magento-Powered Stores via FishPig Distribution Server

For the past several weeks, Magento stores have been injected with malware via a supply chain attack that targeted the FishPig distribution server.Specialized in...

Ionut ArghireSeptember 14, 2022

Cyberwarfare

New Cyberespionage Group ‘Worok’ Targeting Entities in Asia

Cybersecurity firm ESET has detailed a new cyberespionage group targeting high-profile private and public entities in Asia and Africa since 2020.

Ionut ArghireSeptember 12, 2022

Cybercrime

Ransomware Group Leaks Files Stolen From Cisco

A cybercrime group has leaked files stolen earlier this year from Cisco, but the networking giant stands by its initial assessment of the incident...

Eduard KovacsSeptember 12, 2022

Application Security

US Gov Issues Guidance for Developers to Secure Software Supply Chain

Three U.S. government agencies -- Cybersecurity and Information Security Agency (CISA), the National Security Agency (NSA) and the Office of the Director of National...

Ionut ArghireSeptember 8, 2022

Page 12 of 20« First ‹ Previous 8 9 10 111213 14 15 16 Next ›Last »

Webinar: How Modern Breaches Bypass MFA and Evade Detection

June 17, 2026

Today’s attackers are no longer breaking in — they’re logging in. Join this live webinar as we break down the modern identity attack chain and examine how recent breaches exploited weaknesses in authentication, identity verification, and access management processes.

Webinar: Modern Exposure Validation in the AI Era

June 24, 2026

AI has accelerated both sides of the fight. Adversaries are weaponizing vulnerabilities faster, while defenders are racing to ship detections and configurations. Join this live webinar as we explore how to prove your controls actually hold against new threats, map your security maturity, and unite breach simulation with automated pentesting into a single, coordinated program.

SECURITYWEEK NETWORK:

ICS:

Supply Chain Security

NPM 12 Will Change Script Execution Behavior to Prevent Supply Chain Attacks

Malware & Threats

Over 100 NPM, PyPI Packages Hit in New Shai-Hulud Supply Chain Attacks

Supply Chain Security

OWASP Incubator Project Helps Developers Find and Fix Vulnerable Dependencies in Seconds

Supply Chain Security

Supply Chain Attack Hits 32 Red Hat NPM Packages

ICS/OT

SCADA Systems Involved in Many Breaches Suffered by US Ports, Terminals

Supply Chain Security

Critical Packagist Vulnerability Opened Door for PHP Supply Chain Attack

Cybersecurity Funding

Firmware Security Company Eclypsium Raises $25 Million in Series B Funding

Application Security

Cybersecurity M&A Roundup: 39 Deals Announced in September 2022

Cyberwarfare

Supply Chain Attack Targets Customer Engagement Firm Comm100

Application Security

Investors Bet on Ox Security to Guard Software Supply Chains

Application Security

New ‘Wolfi’ Linux Distro Focuses on Software Supply Chain Security

Supply Chain Security

New Firmware Vulnerabilities Affecting Millions of Devices Allow Persistent Access

Application Security

15-Year-Old Python Vulnerability Present in 350,000 Projects Resurrected

Supply Chain Security

Vulnerability Management Fatigue Fueled by Non-Exploitable Bugs

Application Security

Industry Reactions to Govt Requiring Security Guarantees From Software Vendors

Application Security

Rust Gets a Dedicated Security Team

IoT Security

EU Wants to Toughen Cybersecurity Rules for Smart Devices

Cybercrime

FBI Warns of Cyberattacks Targeting Healthcare Payment Processors

Application Security

US Government Wants Security Guarantees From Software Vendors

Cloud Security

Bishop Fox Releases Open Source Cloud Hacking Tool ‘CloudFox’

Malware & Threats

Malware Infects Magento-Powered Stores via FishPig Distribution Server

Cyberwarfare

New Cyberespionage Group ‘Worok’ Targeting Entities in Asia

Cybercrime

Ransomware Group Leaks Files Stolen From Cisco

Application Security

US Gov Issues Guidance for Developers to Secure Software Supply Chain

Daily Briefing Newsletter

Trending

Webinar: How Modern Breaches Bypass MFA and Evade Detection

Webinar: Modern Exposure Validation in the AI Era

People on the move

Expert Insights

After AI Reaches Production: 12 Ways Security Teams Can Take Control

Everybody Is Vibe Coding But Nobody Told the Security Team

The Zero-Knowledge Threat Actor and the End of Responsible Disclosure

Raising the Cybersecurity Stakes: Ante up for the Agentic Era

Caught Off Guard: Securing AI After It Hits Production

Daily Briefing Newsletter