Supply Chain Security
Urgent security alerts issued as malicious code was found embedded in the XZ Utils data compression library used in many Linux distributions.
Hi, what are you looking for?
A threat actor published backdoored versions of 17 NPM packages from GlueStack in a fresh supply chain attack.
Urgent security alerts issued as malicious code was found embedded in the XZ Utils data compression library used in many Linux distributions.
Maintainers of the Python Package Index (PyPI) repository were forced to suspend new project creation and new user registration to mitigate a malware upload...
Los Angeles firmware and software supply chain firm banks $10.5 million in seed-stage funding led by Two Bear Capital.
Join the fully immersive virtual event us as we explore the critical nature of software and vendor supply chain security issues. (Login Now)
SecurityWeek talks to hundreds of industry experts from dozens of companies covering seven primary topics.
Supply chain security insights: A successful attack against a supplier can lead to multiple opportunities against the supplier’s downstream customers.
AnyDesk is revoking certificates and passwords in response to a significant security breach impacting production systems.
Two new products aim to secure the traditional OSS supply chain, and the new AI model software supply chain.
Kusari has raised $8 million to help organizations gain visibility into and secure their software supply chain.
Quarkslab finds serious, remotely exploitable vulnerabilities in EDK II, the de-facto open source reference implementation of the UEFI spec.
Researchers detail a CI/CD attack leading to PyTorch releases compromise via GitHub Actions self-hosted runners.
Self-hosted GitHub Actions runners could allow attackers to inject malicious code into repositories, leading to supply chain attacks.
NSA has published guidance to help organizations incorporate SBOM to mitigate supply chain risks.
US, UK, and Poland warn of Russia-linked cyberespionage group’s broad exploitation of recent TeamCity vulnerability.
North Korean hackers breached a Taiwanese company and used its systems to deliver malware to the US, Canada, Japan and Taiwan in a supply...
Researchers at Aqua call urgent attention to the public exposure of Kubernetes configuration secrets, warning that hundreds of organizations are vulnerable to this “ticking...
CISA, NSA, and ODNI issue new guidance on managing open source software and SBOMs to maintain awareness on software security.
UK-based Risk Ledger has raised £6.25 million (~$7.65 million) in Series A funding to prevent supply chain attacks.
Washington startup Chainguard banks $61 million in new financing as investors make hefty wagers on software supply chain security companies.
Multiple North Korean hacking groups have exploited a recent TeamCity vulnerability and Microsoft warns of potential supply chain attacks.