Supply Chain Security Archives

SECURITYWEEK NETWORK:

ICS:

Connect with us

Hi, what are you looking for?

Malware & Threats

React Native Aria Packages Backdoored in Supply Chain Attack

A threat actor published backdoored versions of 17 NPM packages from GlueStack in a fresh supply chain attack.

Ionut ArghireJune 9, 2025

Malware & Threats

Ongoing Campaign Uses 60 NPM Packages to Steal Data

Security firm Socket warns flags a campaign targeting NPM users with tens of malicious packages that can hijack system information.

Ionut ArghireMay 27, 2025

Nation-State

Chinese Hackers Hit Drone Sector in Supply Chain Attacks

The China-linked hacking group Earth Ammit has launched multi-wave attacks in Taiwan and South Korea to disrupt the drone sector.

Ionut ArghireMay 15, 2025

Xi’s Silent Weapon: The EV Batteries That Could Shut Down America

Cyberwarfare

China’s Secret Weapon? How EV Batteries Could Be Weaponized to Disrupt America

As Xi Jinping advances his vision for China’s dominance by 2049, cybersecurity experts warn that connected technologies—like EV batteries—may quietly serve as tools of...

Kevin TownsendApril 29, 2025

Supply Chain Security

Huawei Has Replaced Thousands of US-Banned Parts With Chinese Versions: Founder

Huawei has replaced thousands of product components banned by the US with homegrown versions, its founder has said.

AFPMarch 18, 2023

Government

White House Cybersecurity Strategy Stresses Software Safety

Some say the White House cybersecurity strategy is largely aspirational. Its boldest initiatives — including stricter rules on breach reporting and software liability —...

AFPMarch 3, 2023

Supply Chain Security

Top 10 Security, Operational Risks From Open Source Code

Endor Labs has introduced an OWASP-style listing of the most important or impactful risks inherent in the use of open source software (OSS).

Kevin TownsendMarch 1, 2023

Cybersecurity Funding

Software Supply Chain Security Firm Lineaje Raises $7 Million

Software supply chain security management startup Lineaje raises $7 million in a seed funding round led by Tenable Ventures.

Ionut ArghireFebruary 7, 2023

Risk Management

Cyber Insights 2023 | Supply Chain Security

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Kevin TownsendFebruary 2, 2023

Supply Chain Security

98% of Firms Have a Supply Chain Relationship That Has Been Breached: Analysis

A new report found that 98% of organizations have a relationship with a third party that has been breached, while more than 50% have...

Kevin TownsendFebruary 1, 2023

ICS/OT

Cyber Insights 2023 | ICS and Operational Technology

The overall effect of current global geopolitical conditions is that nation states have a greater incentive to target the ICS/OT of critical industries, while...

Kevin TownsendFebruary 1, 2023

Supply Chain Security

OpenVEX Spec Adds Clarity to Supply Chain Vulnerability Warnings

Chainguard OpenVEX Spec adds clarity to Supply Chain Vulnerability warnings specifications to help software vendors and maintainers communicate precise metadata about the vulnerability status...

Ryan NaraineJanuary 31, 2023

Application Security

Chainguard Trains Spotlight on SBOM Quality Problem

A new report finds that barely 1% of all SBOMs being generated today meets the “minimum elements” defined by the U.S. government.

Ryan NaraineJanuary 19, 2023

Malware & Threats

Ransomware Attack on DNV Ship Management Software Impacts 1,000 Vessels

Norway‎-based DNV said a ransomware attack on its ship management software impacted 1,000 vessels.

Eduard KovacsJanuary 18, 2023

Supply Chain Security

Critical Git Vulnerabilities Discovered in Source Code Security Audit

A source code security audit led to the discovery of several vulnerabilities in Git, the widely used distributed version control system.

Eduard KovacsJanuary 18, 2023

Data Breaches

25k Nissan Customers Affected by Data Breach at Third-Party Software Developer

Nissan North America told roughly 25,000 customers that their personal information was exposed in a data breach via a third-party provider.

Ionut ArghireJanuary 18, 2023

Supply Chain Security

Oracle’s First Security Update for 2023 Includes 327 New Patches

Oracle's Critical Patch Update for January 2023 includes 327 patches, with more than 70 that address critical-severity vulnerabilities.

Ionut ArghireJanuary 18, 2023

Malware & Threats

PyPI Users Targeted With ‘Wacatac’ Trojan in New Supply Chain Attack

Fortinet warned of three malicious PyPI packages containing code that fetches the Wacatac trojan and information stealer.

Ionut ArghireJanuary 17, 2023

Malware & Threats

Attackers Can Abuse GitHub Codespaces for Malware Delivery

A GitHub Codespaces feature meant to help with code development and collaboration can be abused for malware delivery.

Ionut ArghireJanuary 17, 2023

Cybercrime

PyPI Users Targeted With PoweRAT Malware

Software supply chain security firm Phylum has identified a malicious attack targeting Python Package Index (PyPI) users with the PoweRAT backdoor and information stealer.

Ionut ArghireJanuary 10, 2023

Application Security

Microsoft Flags Ransomware Problems on Apple’s macOS Platform

Security researchers at Microsoft are flagging ransomware attacks on Apple’s flagship macOS operating system, warning that financially motivated cybercriminals are abusing legitimate macOS functionalities...

Ryan NaraineJanuary 9, 2023

Cybercrime

Many of 13 New Mac Malware Families Discovered in 2022 Linked to China

More than a dozen new Mac malware families were discovered in 2022, including information stealers, cryptocurrency miners, loaders, and backdoors, and many of them...

Eduard KovacsJanuary 6, 2023

Application Security

Slack Says Hackers Stole Private Source Code Repositories

Enterprise communication and collaboration platform Slack has informed customers that hackers have stolen some of its private source code repositories, but claims impact is...

Eduard KovacsJanuary 5, 2023

Application Security

Malware Delivered to PyTorch Users in Supply Chain Attack

Last week’s nightly builds of the open source machine learning framework PyTorch were injected with malware following a supply chain attack.Now part of the...

Ionut ArghireJanuary 3, 2023

Page 6 of 18« First ‹ Previous 2 3 4 567 8 9 10 Next ›Last »

Virtual Event: Threat Detection and Incident Response Summit

May 21, 2025

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Webinar: Cut Through the Noise: Why Context is a Secret Weapon in ASPM

May 29, 2025

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Jessica Newman has joined Sophos as General Manager of Global Cyber Insurance.

Breach and attack simulation solutions provider AttackIQ has appointed Pete Luban as Field Chief Information Security Officer.

Matthew Cowell has assumed the role of VP of Strategic Alliances at Nozomi Networks. He previously served in the same role at Dragos.

Bret Arsenault is retiring from his full-time role after 35 years at Microsoft.

Social engineering defense platform Doppel has appointed Bobby Ford as Chief Strategy and Experience Officer.

More People On The Move

SECURITYWEEK NETWORK:

ICS:

Malware & Threats

React Native Aria Packages Backdoored in Supply Chain Attack

Malware & Threats

Ongoing Campaign Uses 60 NPM Packages to Steal Data

Nation-State

Chinese Hackers Hit Drone Sector in Supply Chain Attacks

Cyberwarfare

China’s Secret Weapon? How EV Batteries Could Be Weaponized to Disrupt America

Supply Chain Security

Huawei Has Replaced Thousands of US-Banned Parts With Chinese Versions: Founder

Government

White House Cybersecurity Strategy Stresses Software Safety

Supply Chain Security

Top 10 Security, Operational Risks From Open Source Code

Cybersecurity Funding

Software Supply Chain Security Firm Lineaje Raises $7 Million

Risk Management

Cyber Insights 2023 | Supply Chain Security

Supply Chain Security

98% of Firms Have a Supply Chain Relationship That Has Been Breached: Analysis

ICS/OT

Cyber Insights 2023 | ICS and Operational Technology

Supply Chain Security

OpenVEX Spec Adds Clarity to Supply Chain Vulnerability Warnings

Application Security

Chainguard Trains Spotlight on SBOM Quality Problem

Malware & Threats

Ransomware Attack on DNV Ship Management Software Impacts 1,000 Vessels

Supply Chain Security

Critical Git Vulnerabilities Discovered in Source Code Security Audit

Data Breaches

25k Nissan Customers Affected by Data Breach at Third-Party Software Developer

Supply Chain Security

Oracle’s First Security Update for 2023 Includes 327 New Patches

Malware & Threats

PyPI Users Targeted With ‘Wacatac’ Trojan in New Supply Chain Attack

Malware & Threats

Attackers Can Abuse GitHub Codespaces for Malware Delivery

Cybercrime

PyPI Users Targeted With PoweRAT Malware

Application Security

Microsoft Flags Ransomware Problems on Apple’s macOS Platform

Cybercrime

Many of 13 New Mac Malware Families Discovered in 2022 Linked to China

Application Security

Slack Says Hackers Stole Private Source Code Repositories

Application Security

Malware Delivered to PyTorch Users in Supply Chain Attack

Daily Briefing Newsletter

Trending

Virtual Event: Threat Detection and Incident Response Summit

Webinar: Cut Through the Noise: Why Context is a Secret Weapon in ASPM

People on the move

Expert Insights

What Can Businesses Do About Ethical Dilemmas Posed by AI?

Like Ransoming a Bike: Organizational Muscle Memory Drives the Most Effective Response

Why Sincerity Is a Strategic Asset in Cybersecurity

Identity Is the New Perimeter: Why Proofing and Verification Are Business Imperatives

Choosing a Clear Direction in the Face of Growing Cybersecurity Demands

Daily Briefing Newsletter