ICS/OT
Flaw poses a direct threat to the SOCKS5 proxy handshake process in cURL and can be exploited remotely in some non-standard configurations.
Hi, what are you looking for?
SecurityWeek
Malware & Threats
A threat actor published backdoored versions of 17 NPM packages from GlueStack in a fresh supply chain attack.
Malware & Threats
Security firm Socket warns flags a campaign targeting NPM users with tens of malicious packages that can hijack system information.
Nation-State
The China-linked hacking group Earth Ammit has launched multi-wave attacks in Taiwan and South Korea to disrupt the drone sector.
Cyberwarfare
As Xi Jinping advances his vision for China’s dominance by 2049, cybersecurity experts warn that connected technologies—like EV batteries—may quietly serve as tools of...
Government
CISA, FBI, NSA, and US Treasury published new guidance on improving the security of open source software in OT and ICS.
Supply Chain Security
Taiwan authorities are investigating four Taiwan-based companies suspected of helping China’s Huawei Technologies to build semiconductor facilities.
Cloud Security
GitHub beefs up its secret scanning feature, now allowing users to check the validity of exposed credentials for major cloud services.
Identity & Access
The Linux Foundation has announced OpenPubkey, an open source cryptographic protocol that should help boost supply chain security.
Government
CISA unveils a new Hardware Bill of Materials (HBOM) framework for buyers and sellers to communicate about components in physical products.
Artificial Intelligence
Exposed data includes backup of employees workstations, secrets, private keys, passwords, and over 30,000 internal Microsoft Teams messages.
Supply Chain Security
Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.
Malware & Threats
A new APT group called Carderbee has been observed deploying the PlugX backdoor via a supply chain attack targeting organizations in Hong Kong.
Application Security
Google sprinkles magic of generative-AI into its open source fuzz testing infrastructure and finds immediate success with code coverage.
Government
The US government's cybersecurity agency describes UEFI as "critical attack surface" that requires urgent security attention.
Funding/M&A
Endor Labs has closed a massive $70 million Series A round of financing to fuel ambitious plans to build a dependency lifecycle management platform.
Funding/M&A
San Francisco startup Socket raises $20 million as investors continue to bet on companies in the open source software security category.
Supply Chain Security
Signing code is very important to defend against supply chain attacks, but it’s also one of the most cumbersome to implement for internal development.
Funding/M&A
Infisical banks $2.8 million in seed funding as investors continue to bet on companies in the software supply chain security space.
Cyberwarfare
Rapid7 analyzes the Japan threat landscape and warns that attacks against the third-largest economy in the world have global consequences.
Funding/M&A
HashiCorp acquires BluBracket secrets-scanning technology to help businesses block accidental leaks and fight secret sprawl.
Supply Chain Security
By having a golden image you will put a process in place that allows you to quickly take action when a vulnerability is found...
Supply Chain Security
If after eighteen months, meaningful use of SBOMs is unachievable, we need to ask what needs to be done to fulfill Biden’s executive order.
Endpoint Security
A backdoor feature found in hundreds of Gigabyte motherboard models can pose a significant supply chain risk to organizations.
Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.
RegisterLearn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.
RegisterExpert Insights
AI-made decisions are in many ways shaping and governing human lives. Companies have a moral, social, and fiduciary duty to responsibly lead its take-up.
(Stu Sjouwerman)
Ransomware is a major threat to the enterprise. Tools and training help, but survival depends on one thing: your organization’s muscle memory to respond fast and recover stronger.
(Trevin Edgeworth)
Strong security doesn’t just rely on tools—it starts with trust, clarity, and sincerity from the top down.
(Joshua Goldfarb)
The future of secure digital engagement depends on continuous identity verification and proofing that can scale with risk.
(Torsten George)
In a rapidly changing AI environment, CISOs are worried about investing in the wrong solution or simply not investing because they can’t decide what the best option is.
(Marc Solomon)