ICS/OT
Flaw poses a direct threat to the SOCKS5 proxy handshake process in cURL and can be exploited remotely in some non-standard configurations.
Hi, what are you looking for?
A threat actor published backdoored versions of 17 NPM packages from GlueStack in a fresh supply chain attack.
Flaw poses a direct threat to the SOCKS5 proxy handshake process in cURL and can be exploited remotely in some non-standard configurations.
CISA, FBI, NSA, and US Treasury published new guidance on improving the security of open source software in OT and ICS.
Taiwan authorities are investigating four Taiwan-based companies suspected of helping China’s Huawei Technologies to build semiconductor facilities.
GitHub beefs up its secret scanning feature, now allowing users to check the validity of exposed credentials for major cloud services.
The Linux Foundation has announced OpenPubkey, an open source cryptographic protocol that should help boost supply chain security.
CISA unveils a new Hardware Bill of Materials (HBOM) framework for buyers and sellers to communicate about components in physical products.
Exposed data includes backup of employees workstations, secrets, private keys, passwords, and over 30,000 internal Microsoft Teams messages.
Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.
A new APT group called Carderbee has been observed deploying the PlugX backdoor via a supply chain attack targeting organizations in Hong Kong.
Google sprinkles magic of generative-AI into its open source fuzz testing infrastructure and finds immediate success with code coverage.
The US government's cybersecurity agency describes UEFI as "critical attack surface" that requires urgent security attention.
Endor Labs has closed a massive $70 million Series A round of financing to fuel ambitious plans to build a dependency lifecycle management platform.
San Francisco startup Socket raises $20 million as investors continue to bet on companies in the open source software security category.
Signing code is very important to defend against supply chain attacks, but it’s also one of the most cumbersome to implement for internal development.
Infisical banks $2.8 million in seed funding as investors continue to bet on companies in the software supply chain security space.
Rapid7 analyzes the Japan threat landscape and warns that attacks against the third-largest economy in the world have global consequences.
HashiCorp acquires BluBracket secrets-scanning technology to help businesses block accidental leaks and fight secret sprawl.
By having a golden image you will put a process in place that allows you to quickly take action when a vulnerability is found...
If after eighteen months, meaningful use of SBOMs is unachievable, we need to ask what needs to be done to fulfill Biden’s executive order.
A backdoor feature found in hundreds of Gigabyte motherboard models can pose a significant supply chain risk to organizations.