Cloud Security GitHub Improves Secret Scanning Feature With Expanded Token Validity Checks GitHub beefs up its secret scanning feature, now allowing users to check the validity of exposed credentials for major cloud services. Ionut ArghireOctober 5, 2023
Identity & Access Linux Foundation Announces OpenPubkey Open Source Cryptographic Protocol The Linux Foundation has announced OpenPubkey, an open source cryptographic protocol that should help boost supply chain security. Eduard KovacsOctober 5, 2023
Government CISA Unveils New HBOM Framework to Track Hardware Components CISA unveils a new Hardware Bill of Materials (HBOM) framework for buyers and sellers to communicate about components in physical products. Ryan NaraineSeptember 27, 2023
Artificial Intelligence Microsoft AI Researchers Expose 38TB of Data, Including Keys, Passwords and Internal Messages Exposed data includes backup of employees workstations, secrets, private keys, passwords, and over 30,000 internal Microsoft Teams messages. Ryan NaraineSeptember 18, 2023
Supply Chain Security Webinar Today: Scaling Software Supply Chain Security Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain. SecurityWeek NewsSeptember 7, 2023
Malware & Threats New ‘Carderbee’ APT Targeted Chinese Security Software in Supply Chain Attack A new APT group called Carderbee has been observed deploying the PlugX backdoor via a supply chain attack targeting organizations in Hong Kong. Ionut ArghireAugust 22, 2023
Application Security Google Brings AI Magic to Fuzz Testing With Eye-Opening Results Google sprinkles magic of generative-AI into its open source fuzz testing infrastructure and finds immediate success with code coverage. Ryan NaraineAugust 17, 2023
Government CISA Calls Urgent Attention to UEFI Attack Surfaces The US government's cybersecurity agency describes UEFI as "critical attack surface" that requires urgent security attention. Ryan NaraineAugust 3, 2023
Funding/M&A Software Supply Chain Startup Endor Labs Scores Massive $70M Series A Round Endor Labs has closed a massive $70 million Series A round of financing to fuel ambitious plans to build a dependency lifecycle management platform. Ryan NaraineAugust 3, 2023
Funding/M&A Socket Scores $20M as Investors Bet on Software Supply Chain Security Startups San Francisco startup Socket raises $20 million as investors continue to bet on companies in the open source software security category. Ryan NaraineAugust 1, 2023
Supply Chain Security Verifying Software Integrity With Sigstore Signing code is very important to defend against supply chain attacks, but it’s also one of the most cumbersome to implement for internal development. Matt HoneaJuly 11, 2023
Funding/M&A Infisical Banks $2.8M Seed Funding for Secrets Sprawl Security Tech Infisical banks $2.8 million in seed funding as investors continue to bet on companies in the software supply chain security space. Ryan NaraineJuly 5, 2023