Supply Chain Security
GitLab issues an advisory for a critical-severity vulnerability that allows an attacker to trigger a pipeline as another user.
Hi, what are you looking for?
SecurityWeek
Supply Chain Security
Join the virtual event as we explore of the critical nature of software and vendor supply chain security issues.
Supply Chain Security
More details have come to light on the recent supply chain attack targeting GitHub Actions, including its root cause.
Malware & Threats
The websites of over 100 auto dealerships were found serving malicious ClickFix code in a supply chain compromise.
Application Security
The tj-actions/changed-files GitHub Action, which is used in 23,000 repositories, has been targeted in a supply chain attack.
Supply Chain Security
Report from the Department for Science, Innovation & Technology (DSIT) finds weaknesses in current practices.
Application Security
Opengrep is a new consortium-backed fork of Semgrep, intended to be and remain a true genuine OSS SAST tool.
Malware & Threats
Namecheap shut down polyfill.io amid reports of malicious activity, but the Chinese owner claims it has good intentions.
Supply Chain Security
More than 100,000 websites are affected by a supply chain attack injecting malware via a Polyfill domain.
Supply Chain Security
Five WordPress plugins were injected with malicious code that creates a new administrative account.
Supply Chain Security
Attackers are getting more sophisticated, better armed, and faster. Nothing in Rapid7's 2024 Attack Intelligence Report suggests that this will change.
Supply Chain Security
The discovery of the XZ Utils backdoor reminds an F-Droid developer of a similar incident that occurred a few years ago.
Supply Chain Security
Urgent security alerts issued as malicious code was found embedded in the XZ Utils data compression library used in many Linux distributions.
Malware & Threats
Maintainers of the Python Package Index (PyPI) repository were forced to suspend new project creation and new user registration to mitigate a malware upload...
Funding/M&A
Los Angeles firmware and software supply chain firm banks $10.5 million in seed-stage funding led by Two Bear Capital.
Supply Chain Security
Join the fully immersive virtual event us as we explore the critical nature of software and vendor supply chain security issues. (Login Now)
Artificial Intelligence
SecurityWeek talks to hundreds of industry experts from dozens of companies covering seven primary topics.
Supply Chain Security
Supply chain security insights: A successful attack against a supplier can lead to multiple opportunities against the supplier’s downstream customers.
Mobile & Wireless
Attacks involving Paragon’s Graphite spyware involved a WhatsApp zero-day that could be exploited without any user interaction.
Cloud Security
Artificial Intelligence
Artificial Intelligence
Vulnerabilities
Noteworthy stories that might have slipped under the radar: Capital One hacker’s sentence reversed, Google patches critical Chrome vulnerability, the story of an Expat...
Artificial Intelligence