Supply Chain Security Archives

SECURITYWEEK NETWORK:

ICS:

Connect with us

Hi, what are you looking for?

Malware & Threats

React Native Aria Packages Backdoored in Supply Chain Attack

A threat actor published backdoored versions of 17 NPM packages from GlueStack in a fresh supply chain attack.

Ionut ArghireJune 9, 2025

Malware & Threats

Ongoing Campaign Uses 60 NPM Packages to Steal Data

Security firm Socket warns flags a campaign targeting NPM users with tens of malicious packages that can hijack system information.

Ionut ArghireMay 27, 2025

Nation-State

Chinese Hackers Hit Drone Sector in Supply Chain Attacks

The China-linked hacking group Earth Ammit has launched multi-wave attacks in Taiwan and South Korea to disrupt the drone sector.

Ionut ArghireMay 15, 2025

Xi’s Silent Weapon: The EV Batteries That Could Shut Down America

Cyberwarfare

China’s Secret Weapon? How EV Batteries Could Be Weaponized to Disrupt America

As Xi Jinping advances his vision for China’s dominance by 2049, cybersecurity experts warn that connected technologies—like EV batteries—may quietly serve as tools of...

Kevin TownsendApril 29, 2025

Supply Chain Security

Supply Chain Attack: Major Linux Distributions Impacted by XZ Utils Backdoor

Urgent security alerts issued as malicious code was found embedded in the XZ Utils data compression library used in many Linux distributions.

Ionut ArghireApril 1, 2024

Malware & Threats

Malware Upload Attack Hits PyPI Repository

Maintainers of the Python Package Index (PyPI) repository were forced to suspend new project creation and new user registration to mitigate a malware upload...

Ryan NaraineMarch 28, 2024

Funding/M&A

Binarly Attracts $10.5M to Tackle Software Supply Chain Security

Los Angeles firmware and software supply chain firm banks $10.5 million in seed-stage funding led by Two Bear Capital.

SecurityWeek NewsMarch 26, 2024

Supply Chain Security

Watch Now: Supply Chain & Third-Party Risk Summit 2024

Join the fully immersive virtual event us as we explore the critical nature of software and vendor supply chain security issues. (Login Now)

SecurityWeek NewsMarch 21, 2024

Artificial Intelligence

SecurityWeek Cyber Insights 2024 Series

SecurityWeek talks to hundreds of industry experts from dozens of companies covering seven primary topics.

Kevin TownsendMarch 11, 2024

Supply Chain Security

Cyber Insights 2024: Supply Chain

Supply chain security insights: A successful attack against a supplier can lead to multiple opportunities against the supplier’s downstream customers.

Kevin TownsendFebruary 20, 2024

Supply Chain Security

AnyDesk Hacked: Revokes Passwords, Certificates in Response

AnyDesk is revoking certificates and passwords in response to a significant security breach impacting production systems.

Eduard KovacsFebruary 5, 2024

Supply Chain Security

New Offerings From Protect AI, Venafi Tackle Software Supply Chain Security

Two new products aim to secure the traditional OSS supply chain, and the new AI model software supply chain.

Kevin TownsendJanuary 25, 2024

Cybersecurity Funding

Software Supply Chain Security Startup Kusari Raises $8 Million

Kusari has raised $8 million to help organizations gain visibility into and secure their software supply chain.

Ionut ArghireJanuary 18, 2024

Network Security

Remotely Exploitable ‘PixieFail’ Flaws Found in Tianocore EDK II PXE Implementation

Quarkslab finds serious, remotely exploitable vulnerabilities in EDK II, the de-facto open source reference implementation of the UEFI spec.

Ryan NaraineJanuary 16, 2024

Application Security

New Class of CI/CD Attacks Could Have Led to PyTorch Supply Chain Compromise

Researchers detail a CI/CD attack leading to PyTorch releases compromise via GitHub Actions self-hosted runners.

Ionut ArghireJanuary 12, 2024

Supply Chain Security

Major IT, Crypto Firms Exposed to Supply Chain Compromise via New Class of CI/CD Attack

Self-hosted GitHub Actions runners could allow attackers to inject malicious code into repositories, leading to supply chain attacks.

Ionut ArghireJanuary 8, 2024

Application Security

NSA Issues Guidance on Incorporating SBOMs to Improve Cybersecurity

NSA has published guidance to help organizations incorporate SBOM to mitigate supply chain risks.

Ionut ArghireDecember 18, 2023

Malware & Threats

Russian Cyberspies Exploiting TeamCity Vulnerability at Scale: Government Agencies

US, UK, and Poland warn of Russia-linked cyberespionage group’s broad exploitation of recent TeamCity vulnerability.

Ionut ArghireDecember 14, 2023

Supply Chain Security

North Korean Software Supply Chain Attack Hits North America, Asia

North Korean hackers breached a Taiwanese company and used its systems to deliver malware to the US, Canada, Japan and Taiwan in a supply...

Eduard KovacsNovember 24, 2023

Cloud Security

Researchers Discover Dangerous Exposure of Sensitive Kubernetes Secrets

Researchers at Aqua call urgent attention to the public exposure of Kubernetes configuration secrets, warning that hundreds of organizations are vulnerable to this “ticking...

Ryan NaraineNovember 22, 2023

Supply Chain Security

US Government Issues Guidance on SBOM Consumption

CISA, NSA, and ODNI issue new guidance on managing open source software and SBOMs to maintain awareness on software security.

Ionut ArghireNovember 10, 2023

Cybersecurity Funding

Risk Ledger Raises £6.25 Million for Supply Chain Security Solution

UK-based Risk Ledger has raised £6.25 million (~$7.65 million) in Series A funding to prevent supply chain attacks.

Ionut ArghireNovember 9, 2023

Application Security

Supply Chain Startup Chainguard Scores $61 Million Series B

Washington startup Chainguard banks $61 million in new financing as investors make hefty wagers on software supply chain security companies.

Ryan NaraineNovember 1, 2023

Supply Chain Security

North Korean Hackers Exploiting Recent TeamCity Vulnerability

Multiple North Korean hacking groups have exploited a recent TeamCity vulnerability and Microsoft warns of potential supply chain attacks.

Ionut ArghireOctober 19, 2023

Page 3 of 18‹ Previous 1 234 5 6 7 Next ›Last »

Virtual Event: Threat Detection and Incident Response Summit

May 21, 2025

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Webinar: Cut Through the Noise: Why Context is a Secret Weapon in ASPM

May 29, 2025

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Matthew Cowell has assumed the role of VP of Strategic Alliances at Nozomi Networks. He previously served in the same role at Dragos.

Bret Arsenault is retiring from his full-time role after 35 years at Microsoft.

Social engineering defense platform Doppel has appointed Bobby Ford as Chief Strategy and Experience Officer.

Raul Villar Jr. has been named CEO of audit, compliance and risk management software provider AuditBoard.

Casie Antalis has been named program director of the Joint Cyber Coordination Group at CISA.

More People On The Move

SECURITYWEEK NETWORK:

ICS:

Malware & Threats

React Native Aria Packages Backdoored in Supply Chain Attack

Malware & Threats

Ongoing Campaign Uses 60 NPM Packages to Steal Data

Nation-State

Chinese Hackers Hit Drone Sector in Supply Chain Attacks

Cyberwarfare

China’s Secret Weapon? How EV Batteries Could Be Weaponized to Disrupt America

Supply Chain Security

Supply Chain Attack: Major Linux Distributions Impacted by XZ Utils Backdoor

Malware & Threats

Malware Upload Attack Hits PyPI Repository

Funding/M&A

Binarly Attracts $10.5M to Tackle Software Supply Chain Security

Supply Chain Security

Watch Now: Supply Chain & Third-Party Risk Summit 2024

Artificial Intelligence

SecurityWeek Cyber Insights 2024 Series

Supply Chain Security

Cyber Insights 2024: Supply Chain

Supply Chain Security

AnyDesk Hacked: Revokes Passwords, Certificates in Response

Supply Chain Security

New Offerings From Protect AI, Venafi Tackle Software Supply Chain Security

Cybersecurity Funding

Software Supply Chain Security Startup Kusari Raises $8 Million

Network Security

Remotely Exploitable ‘PixieFail’ Flaws Found in Tianocore EDK II PXE Implementation

Application Security

New Class of CI/CD Attacks Could Have Led to PyTorch Supply Chain Compromise

Supply Chain Security

Major IT, Crypto Firms Exposed to Supply Chain Compromise via New Class of CI/CD Attack

Application Security

NSA Issues Guidance on Incorporating SBOMs to Improve Cybersecurity

Malware & Threats

Russian Cyberspies Exploiting TeamCity Vulnerability at Scale: Government Agencies

Supply Chain Security

North Korean Software Supply Chain Attack Hits North America, Asia

Cloud Security

Researchers Discover Dangerous Exposure of Sensitive Kubernetes Secrets

Supply Chain Security

US Government Issues Guidance on SBOM Consumption

Cybersecurity Funding

Risk Ledger Raises £6.25 Million for Supply Chain Security Solution

Application Security

Supply Chain Startup Chainguard Scores $61 Million Series B

Supply Chain Security

North Korean Hackers Exploiting Recent TeamCity Vulnerability

Daily Briefing Newsletter

Trending

Virtual Event: Threat Detection and Incident Response Summit

Webinar: Cut Through the Noise: Why Context is a Secret Weapon in ASPM

People on the move

Expert Insights

Like Ransoming a Bike: Organizational Muscle Memory Drives the Most Effective Response

Why Sincerity Is a Strategic Asset in Cybersecurity

Identity Is the New Perimeter: Why Proofing and Verification Are Business Imperatives

Choosing a Clear Direction in the Face of Growing Cybersecurity Demands

Mitigating AI Threats: Bridging the Gap Between AI and Legacy Security

Daily Briefing Newsletter