Supply Chain Security Archives

SECURITYWEEK NETWORK:

ICS:

Connect with us

Hi, what are you looking for?

Malware & Threats

React Native Aria Packages Backdoored in Supply Chain Attack

A threat actor published backdoored versions of 17 NPM packages from GlueStack in a fresh supply chain attack.

Ionut ArghireJune 9, 2025

Malware & Threats

Ongoing Campaign Uses 60 NPM Packages to Steal Data

Security firm Socket warns flags a campaign targeting NPM users with tens of malicious packages that can hijack system information.

Ionut ArghireMay 27, 2025

Nation-State

Chinese Hackers Hit Drone Sector in Supply Chain Attacks

The China-linked hacking group Earth Ammit has launched multi-wave attacks in Taiwan and South Korea to disrupt the drone sector.

Ionut ArghireMay 15, 2025

Xi’s Silent Weapon: The EV Batteries That Could Shut Down America

Cyberwarfare

China’s Secret Weapon? How EV Batteries Could Be Weaponized to Disrupt America

As Xi Jinping advances his vision for China’s dominance by 2049, cybersecurity experts warn that connected technologies—like EV batteries—may quietly serve as tools of...

Kevin TownsendApril 29, 2025

Nation-State

Researchers Spot APTs Targeting Small Business MSPs

Proofpoint warns that APT actors linked to Russia, Iran and North Korea are increasingly targeting small- and medium-sized businesses.

Ryan NaraineMay 24, 2023

Application Security

Red Hat Pushes New Tools to Secure Software Supply Chain

Red Hat rolls out a new suite of tools and services to help mitigate vulnerabilities across every stage of the modern software supply chain.

Ryan NaraineMay 23, 2023

Supply Chain Security

China Tells Tech Manufacturers to Stop Using Micron Chips, Stepping Up Feud With United States

China’s government told users of computer equipment deemed sensitive to stop buying products from the biggest U.S. memory chipmaker, Micron.

Associated PressMay 22, 2023

Supply Chain Security

Pimcore Platform Flaws Exposed Users to Code Execution

Security researchers are warning that newly patched vulnerabilities in the Pimcore platform bring code execution risks.

Ionut ArghireMay 19, 2023

Funding/M&A

Investors Make $6M Bet on Manifest for SBOM Management Technology

Manifest raises $6 million in seed funding to help businesses generate, collect, and manage software bill of materials (SBOMs).

Ryan NaraineMay 18, 2023

Funding/M&A

Entro Raises $6M to Tackle Secrets Sprawl

Israeli startup Entro launches with $6 million in seed-stage funding and a product to help manage secrets sprawl in the enterprise.

Ryan NaraineMay 17, 2023

Supply Chain Security

The SBOM Bombshell

SBOMs can be used for managing risk and determining vulnerability impact, but it’s very hard to build holistic risk models when the data is...

Matt HoneaMay 9, 2023

Risk Management

Critical Infrastructure Organizations Urged to Identify Risky Communications Equipment

CISA urges organizations to review FCC’s Covered List of risky communications equipment and incorporate it in their supply chain risk management efforts.

Ionut ArghireMay 2, 2023

Risk Management

Phylum Adds Open Policy Agent to Open Source Analysis Engine

The software supply chain security firm adds the Open Policy Agent to its risk analysis engine, increasing flexibility for the creation and enforcement of...

Kevin TownsendApril 20, 2023

Supply Chain Security

Cascading Supply Chain Attack: 3CX Hacked After Employee Downloaded Trojanized App

3CX hack is the first known cascading supply chain attack, with the breach starting after an employee downloaded compromised software from a different firm.

Eduard KovacsApril 20, 2023

Government

CISA Introduces Secure-by-design and Secure-by-default Development Principles

CISA has described and published a set of principles for the development of security-by-design and security-by-default cybersecurity products.

Kevin TownsendApril 14, 2023

Malware & Threats

Mandiant Also Links 3CX Supply Chain Attack to North Korean Hackers

3CX has confirmed previous reports that the recently disclosed supply chain attack was likely conducted by North Korean hackers.

Eduard KovacsApril 12, 2023

Cybercrime

3CX Supply Chain Attack: North Korean Hackers Likely Targeted Cryptocurrency Firms

3CX supply chain attack appears to have been conducted by North Korean hackers with the goal of targeting cryptocurrency firms.

Eduard KovacsApril 4, 2023

Supply Chain Security

Europe, North America Most Impacted by 3CX Supply Chain Hack

Europe, the United States and Australia seem to be the most impacted by the 3CX supply chain hack, according to data from two cybersecurity...

Eduard KovacsApril 3, 2023

Malware & Threats

3CX Confirms Supply Chain Attack as Researchers Uncover Mac Component

3CX confirms investigating a security breach as the cybersecurity community is sharing more information on what appears to be a sophisticated supply chain attack.

Eduard KovacsMarch 30, 2023

Supply Chain Security

Malware Hunters Spot Supply Chain Attack Hitting 3CX Desktop App

CrowdStrike threat intelligence team warns about unexpected malicious activity from a legitimate, signed version of the 3CXDesktopApp.

Ryan NaraineMarch 29, 2023

Cyber Insurance

SecurityScorecard Guarantees Accuracy of Its Security Ratings

SecurityScorecard is offering free digital forensics and incident response (DFIR) services to customers that have scored an ‘A’ rating if they have been breached.

Kevin TownsendMarch 28, 2023

Supply Chain Security

Watch on Demand: Supply Chain & Third-Party Risk Summit Sessions

Join us for the virtual experience as we bring together security experts to discuss the complex nature of the supply chain problem, best practices for...

Mike LennonMarch 24, 2023

Endpoint Security

Intel Boasts Attack Surface Reduction With New 13th Gen Core vPro Platform

Intel’s newest vPro platform brings threat prevention features with dozens of security capabilities built into the silicon.

Eduard KovacsMarch 23, 2023

Supply Chain Security

Virtual Event Today: Supply Chain & Third-Party Risk Summit

Join us for the virtual experience as we bring together security experts to discuss the complex nature of the supply chain problem, best practices for...

Mike LennonMarch 22, 2023

Page 5 of 18‹ Previous 1 2 3 456 7 8 9 Next ›Last »

Virtual Event: Threat Detection and Incident Response Summit

May 21, 2025

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Webinar: Cut Through the Noise: Why Context is a Secret Weapon in ASPM

May 29, 2025

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Jessica Newman has joined Sophos as General Manager of Global Cyber Insurance.

Breach and attack simulation solutions provider AttackIQ has appointed Pete Luban as Field Chief Information Security Officer.

Matthew Cowell has assumed the role of VP of Strategic Alliances at Nozomi Networks. He previously served in the same role at Dragos.

Bret Arsenault is retiring from his full-time role after 35 years at Microsoft.

Social engineering defense platform Doppel has appointed Bobby Ford as Chief Strategy and Experience Officer.

More People On The Move

SECURITYWEEK NETWORK:

ICS:

Malware & Threats

React Native Aria Packages Backdoored in Supply Chain Attack

Malware & Threats

Ongoing Campaign Uses 60 NPM Packages to Steal Data

Nation-State

Chinese Hackers Hit Drone Sector in Supply Chain Attacks

Cyberwarfare

China’s Secret Weapon? How EV Batteries Could Be Weaponized to Disrupt America

Nation-State

Researchers Spot APTs Targeting Small Business MSPs

Application Security

Red Hat Pushes New Tools to Secure Software Supply Chain

Supply Chain Security

China Tells Tech Manufacturers to Stop Using Micron Chips, Stepping Up Feud With United States

Supply Chain Security

Pimcore Platform Flaws Exposed Users to Code Execution

Funding/M&A

Investors Make $6M Bet on Manifest for SBOM Management Technology

Funding/M&A

Entro Raises $6M to Tackle Secrets Sprawl

Supply Chain Security

The SBOM Bombshell

Risk Management

Critical Infrastructure Organizations Urged to Identify Risky Communications Equipment

Risk Management

Phylum Adds Open Policy Agent to Open Source Analysis Engine

Supply Chain Security

Cascading Supply Chain Attack: 3CX Hacked After Employee Downloaded Trojanized App

Government

CISA Introduces Secure-by-design and Secure-by-default Development Principles

Malware & Threats

Mandiant Also Links 3CX Supply Chain Attack to North Korean Hackers

Cybercrime

3CX Supply Chain Attack: North Korean Hackers Likely Targeted Cryptocurrency Firms

Supply Chain Security

Europe, North America Most Impacted by 3CX Supply Chain Hack

Malware & Threats

3CX Confirms Supply Chain Attack as Researchers Uncover Mac Component

Supply Chain Security

Malware Hunters Spot Supply Chain Attack Hitting 3CX Desktop App

Cyber Insurance

SecurityScorecard Guarantees Accuracy of Its Security Ratings

Supply Chain Security

Watch on Demand: Supply Chain & Third-Party Risk Summit Sessions

Endpoint Security

Intel Boasts Attack Surface Reduction With New 13th Gen Core vPro Platform

Supply Chain Security

Virtual Event Today: Supply Chain & Third-Party Risk Summit

Daily Briefing Newsletter

Trending

Virtual Event: Threat Detection and Incident Response Summit

Webinar: Cut Through the Noise: Why Context is a Secret Weapon in ASPM

People on the move

Expert Insights

What Can Businesses Do About Ethical Dilemmas Posed by AI?

Like Ransoming a Bike: Organizational Muscle Memory Drives the Most Effective Response

Why Sincerity Is a Strategic Asset in Cybersecurity

Identity Is the New Perimeter: Why Proofing and Verification Are Business Imperatives

Choosing a Clear Direction in the Face of Growing Cybersecurity Demands

Daily Briefing Newsletter