Supply Chain Security Archives

SECURITYWEEK NETWORK:

ICS:

Connect with us

Hi, what are you looking for?

Malware & Threats

React Native Aria Packages Backdoored in Supply Chain Attack

A threat actor published backdoored versions of 17 NPM packages from GlueStack in a fresh supply chain attack.

Ionut ArghireJune 9, 2025

Malware & Threats

Ongoing Campaign Uses 60 NPM Packages to Steal Data

Security firm Socket warns flags a campaign targeting NPM users with tens of malicious packages that can hijack system information.

Ionut ArghireMay 27, 2025

Nation-State

Chinese Hackers Hit Drone Sector in Supply Chain Attacks

The China-linked hacking group Earth Ammit has launched multi-wave attacks in Taiwan and South Korea to disrupt the drone sector.

Ionut ArghireMay 15, 2025

Xi’s Silent Weapon: The EV Batteries That Could Shut Down America

Cyberwarfare

China’s Secret Weapon? How EV Batteries Could Be Weaponized to Disrupt America

As Xi Jinping advances his vision for China’s dominance by 2049, cybersecurity experts warn that connected technologies—like EV batteries—may quietly serve as tools of...

Kevin TownsendApril 29, 2025

Application Security

US Gov Issues Software Supply Chain Security Guidance for Customers

The Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Office of the Director of National Intelligence (ODNI) this week...

Ionut ArghireNovember 18, 2022

Application Security

Palo Alto to Acquire Israeli Software Supply Chain Startup

Cybersecurity powerhouse Palo Alto Networks on Thursday announced plans to spend $195 million in cash to acquire Israeli startup Cider Security, a deal that...

Ryan NaraineNovember 17, 2022

Application Security

OpenSSF Adopts Microsoft-Built Supply Chain Security Framework

The Open Source Security Foundation (OpenSSF) on Wednesday announced the adoption of Secure Supply Chain Consumption Framework (S2C2F), a Microsoft-built framework for consuming open...

Ionut ArghireNovember 17, 2022

Cybercrime

Hundreds Infected With ‘Wasp’ Stealer in Ongoing Supply Chain Attack

Security researchers are raising alarm on an ongoing supply chain attack that uses malicious Python packages to distribute an information stealer.

Ionut ArghireNovember 17, 2022

Application Security

Akeyless Raises $65 Million for Secrets Management Tech

Israeli early-stage startup Akeyless has banked a whopping $65 million in venture capital funding to build technology to help businesses manage credentials, certificates, keys...

Ryan NaraineNovember 16, 2022

Application Security

BoostSecurity Exits Stealth With DevSecOps Automation Platform, $12M in Seed Funding

BoostSecurity on Wednesday emerged from stealth mode with a DevSecOps automation platform and $12 million in seed funding.

Eduard KovacsNovember 16, 2022

Application Security

NSA Publishes Guidance on Mitigating Software Memory Safety Issues

The National Security Agency (NSA) has published guidance on how organizations can implement protections against common software memory safety issues.

Ionut ArghireNovember 14, 2022

Cybercrime

Canadian Meat Giant Maple Leaf Foods Disrupted by Cyberattack

Canadian meat giant Maple Leaf Foods has confirmed that it is experiencing an outage after falling victim to a cyberattack.

Ionut ArghireNovember 8, 2022

Risk Management

Video: ESG – CISO’s Guide to an Emerging Risk Cornerstone

SecurityWeek NewsNovember 4, 2022

Risk Management

Webinar Today: ESG – CISO’s Guide to an Emerging Risk Cornerstone

SecurityWeek VideoNovember 3, 2022

Supply Chain Security

Checkmk Vulnerabilities Can Be Chained for Remote Code Execution

Researchers at code security firm Sonar Source have shared details on multiple Checkmk vulnerabilities that could be chained together to execute code remotely, without...

Ionut ArghireNovember 3, 2022

Cybercrime

Over 250 US News Websites Deliver Malware via Supply Chain Attack

Hundreds of regional and national news websites in the United States are delivering malware as a result of a supply chain attack involving one...

Eduard KovacsNovember 3, 2022

Application Security

US Gov Issues Supply Chain Security Guidance for Software Suppliers

The Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Office of the Director of National Intelligence (ODNI) this week...

Ionut ArghireNovember 1, 2022

ICS/OT

Engineering Workstations Used as Initial Access Vector in Many ICS/OT Attacks: Survey

Organizations are more confident in their ability to detect an OT breach

Eduard KovacsNovember 1, 2022

Malware & Threats

Critical ConnectWise Vulnerability Affects Thousands of Internet-Exposed Servers

IT management software provider ConnectWise on Friday announced updates that patch a critical vulnerability which, according to cybersecurity professionals, exposes thousands of servers to...

Eduard KovacsOctober 31, 2022

Cybercrime

Twilio Says Employees Targeted in Separate Smishing, Vishing Attacks

Enterprise communications firm Twilio has concluded its investigation into the recent data breach and revealed on Thursday that its employees were targeted in smishing...

Eduard KovacsOctober 28, 2022

ICS/OT

DHS Develops Baseline Cybersecurity Goals for Critical Infrastructure

The DHS on Thursday announced Cybersecurity Performance Goals (CPGs) to help organizations — particularly in critical infrastructure sectors — prioritize cybersecurity investments and address...

Eduard KovacsOctober 28, 2022

Application Security

GitHub Account Renaming Could Have Led to Supply Chain Attacks

Checkmarx warns that attackers could have exploited the renaming of popular GitHub accounts to create malicious repositories using the vacated name and launch software...

Ionut ArghireOctober 27, 2022

Supply Chain Security

VMware Patches Critical Vulnerability in End-of-Life Product

VMware this week announced patches for a critical remote code execution vulnerability in VMware Cloud Foundation and NSX Data Center for vSphere (NSX-V).

Ionut ArghireOctober 26, 2022

Application Security

Arnica Raises $7 Million to Protect Software Developers, Code

Behavior-based threat detection startup Arnica has raised $7 million in a seed funding round led by Joule Ventures and First Rays Venture Partners, with...

Ionut ArghireOctober 25, 2022

Page 8 of 18« First ‹ Previous 4 5 6 789 10 11 12 Next ›Last »

Virtual Event: Threat Detection and Incident Response Summit

May 21, 2025

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Webinar: Cut Through the Noise: Why Context is a Secret Weapon in ASPM

May 29, 2025

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Coro, a provider of cybersecurity solutions for SMBs, has appointed Joe Sykora as CEO.

SonicWall has hired Rajnish Mishra as Senior Vice President and Chief Development Officer.

Kenna Security co-founder Ed Bellis has joined Empirical Security as Chief Executive Officer.

Robert Shaker II has joined application security firm ActiveState as Chief Product and Technology Officer.

MorganFranklin Cyber has promoted Nick Stallone and Ferdinand Hamada into newly created roles.

More People On The Move

SECURITYWEEK NETWORK:

ICS:

Malware & Threats

React Native Aria Packages Backdoored in Supply Chain Attack

Malware & Threats

Ongoing Campaign Uses 60 NPM Packages to Steal Data

Nation-State

Chinese Hackers Hit Drone Sector in Supply Chain Attacks

Cyberwarfare

China’s Secret Weapon? How EV Batteries Could Be Weaponized to Disrupt America

Application Security

US Gov Issues Software Supply Chain Security Guidance for Customers

Application Security

Palo Alto to Acquire Israeli Software Supply Chain Startup

Application Security

OpenSSF Adopts Microsoft-Built Supply Chain Security Framework

Cybercrime

Hundreds Infected With ‘Wasp’ Stealer in Ongoing Supply Chain Attack

Application Security

Akeyless Raises $65 Million for Secrets Management Tech

Application Security

BoostSecurity Exits Stealth With DevSecOps Automation Platform, $12M in Seed Funding

Application Security

NSA Publishes Guidance on Mitigating Software Memory Safety Issues

Cybercrime

Canadian Meat Giant Maple Leaf Foods Disrupted by Cyberattack

Risk Management

Video: ESG – CISO’s Guide to an Emerging Risk Cornerstone

Risk Management

Webinar Today: ESG – CISO’s Guide to an Emerging Risk Cornerstone

Supply Chain Security

Checkmk Vulnerabilities Can Be Chained for Remote Code Execution

Cybercrime

Over 250 US News Websites Deliver Malware via Supply Chain Attack

Application Security

US Gov Issues Supply Chain Security Guidance for Software Suppliers

ICS/OT

Engineering Workstations Used as Initial Access Vector in Many ICS/OT Attacks: Survey

Malware & Threats

Critical ConnectWise Vulnerability Affects Thousands of Internet-Exposed Servers

Cybercrime

Twilio Says Employees Targeted in Separate Smishing, Vishing Attacks

ICS/OT

DHS Develops Baseline Cybersecurity Goals for Critical Infrastructure

Application Security

GitHub Account Renaming Could Have Led to Supply Chain Attacks

Supply Chain Security

VMware Patches Critical Vulnerability in End-of-Life Product

Application Security

Arnica Raises $7 Million to Protect Software Developers, Code

Daily Briefing Newsletter

Trending

Virtual Event: Threat Detection and Incident Response Summit

Webinar: Cut Through the Noise: Why Context is a Secret Weapon in ASPM

People on the move

Expert Insights

What Can Businesses Do About Ethical Dilemmas Posed by AI?

Like Ransoming a Bike: Organizational Muscle Memory Drives the Most Effective Response

Why Sincerity Is a Strategic Asset in Cybersecurity

Identity Is the New Perimeter: Why Proofing and Verification Are Business Imperatives

Choosing a Clear Direction in the Face of Growing Cybersecurity Demands

Daily Briefing Newsletter