Supply Chain Security Archives

SECURITYWEEK NETWORK:

ICS:

Connect with us

Hi, what are you looking for?

Cybersecurity Funding

NetRise Raises $10 Million to Grow Software Supply Chain Security Platform

The funding round brings the total amount raised by the NetRise to roughly $25 million.

Ionut Arghire3 days ago

Malware & Threats

Huntress Documents In-The-Wild Exploitation of Critical Gladinet Vulnerabilities

The flaw, tagged as CVE-2025-30406, was added to CISA’s Known Exploited Vulnerabilities (KEV) catalog in early April.

Ryan Naraine4 days ago

Supply Chain Security

AI Hallucinations Create a New Software Supply Chain Threat

Researchers uncover new software supply chain threat from LLM-generated package hallucinations.

Ionut Arghire4 days ago

Cybercrime

Malicious NPM Packages Target Cryptocurrency, PayPal Users

Threat actors are publishing malicious NPM packages to steal PayPal credentials and hijack cryptocurrency transfers.

Ionut Arghire4 days ago

Application Security

Compromised SpotBugs Token Led to GitHub Actions Supply Chain Hack

Evidence shows a SpotBugs token compromised in December 2024 was used in the March 2025 GitHub Actions supply chain attack.

Ionut ArghireApril 4, 2025

Supply Chain Security

Watch on Demand: Supply Chain & Third-Party Risk Security Summit

Join the virtual event as we explore of the critical nature of software and vendor supply chain security issues.

SecurityWeek NewsMarch 21, 2025

Cybercrime

Russia-Linked SolarWinds Hackers Continue Supply Chain Attack Rampage

The Russia-linked cyberespionage group that hacked IT management solutions provider SolarWinds continues to launch supply chain attacks, Microsoft warned on Monday.

Eduard KovacsOctober 25, 2021

Incident Response

Microsoft, Intel and Goldman Sachs Lead New Supply Chain Security Initiative

Microsoft, Intel and Goldman Sachs will lead a new work group focusing on supply chain security at the Trusted Computing Group (TCG).

Eduard KovacsOctober 19, 2021

Application Security

CISO Forum Panel: Navigating SBOMs and Supply Chain Security Transparency

At SecurityWeek's 2021 CISO Forum, a high-powered panel of experts discussed specific ways an SBOM can improve supply chain security and where expectations may be overblown. ...

SecurityWeek NewsOctober 12, 2021

Malware & Threats

FinSpy Surveillance Spyware Fitted With UEFI Bootkit

Security researchers at Kaspersky have spotted signs of the notorious FinSpy surveillance spyware hijacking -- and replacing -- the Windows UEFI bootloader to perform...

Ryan NaraineSeptember 28, 2021

Cybercrime

FBI Warns Ransomware Attack Could Disrupt Food Supply Chain

Ransomware attack on U.S. farm incurred $9 million in losses

Ionut ArghireSeptember 6, 2021

Cybercrime

IT Software Firm Kaseya Hit By Supply Chain Ransomware Attack

Supply chain cyberattack could have wide blast radius through compromised MSPs

Eduard KovacsJuly 3, 2021

Supply Chain Security

Cybersecurity Leaders Scramble to Decipher SBOM Mandate

The U.S. government’s push for mandatory SBOMs has sent cybersecurity buyers and sellers scrambling to understand the ramifications and prepare for downstream side-effects.

Ryan NaraineJune 28, 2021

Cloud Security

Attacks Against Container Infrastructures Increasing, Including Supply Chain Attacks

Research finds that adversaries could detect a new misconfigured container within an average of five hours

Kevin TownsendJune 21, 2021

Application Security

Google Intros SLSA Framework to Enforce Supply Chain Integrity

Google wants to bring “salsa” to drive enforcement at the software supply chain security party.

Ryan NaraineJune 17, 2021

Application Security

CodeCov Kills Off Bash Uploader Blamed for Supply Chain Hack

Following a major software supply chain compromise that exposed data for several major companies, developer tools startup CodeCov plans to kill off the Bash...

Ryan NaraineJune 14, 2021

Incident Response

Rapid7 Source Code Exposed in Codecov Supply Chain Attack

Rapid7 says unauthorized third-party accessed source code, customer data during Codecov supply chain breach

Ryan NaraineMay 13, 2021

Application Security

Twilio, HashiCorp Among Codecov Supply Chain Hack Victims

The massive blast radius from the Codecov supply chain attack remains shrouded in mystery as security teams continue to assess the fallout from the...

Ryan NaraineMay 10, 2021