Supply Chain Security Archives

SECURITYWEEK NETWORK:

ICS:

Connect with us

Hi, what are you looking for?

Malware & Threats

React Native Aria Packages Backdoored in Supply Chain Attack

A threat actor published backdoored versions of 17 NPM packages from GlueStack in a fresh supply chain attack.

Ionut ArghireJune 9, 2025

Malware & Threats

Ongoing Campaign Uses 60 NPM Packages to Steal Data

Security firm Socket warns flags a campaign targeting NPM users with tens of malicious packages that can hijack system information.

Ionut ArghireMay 27, 2025

Nation-State

Chinese Hackers Hit Drone Sector in Supply Chain Attacks

The China-linked hacking group Earth Ammit has launched multi-wave attacks in Taiwan and South Korea to disrupt the drone sector.

Ionut ArghireMay 15, 2025

Xi’s Silent Weapon: The EV Batteries That Could Shut Down America

Cyberwarfare

China’s Secret Weapon? How EV Batteries Could Be Weaponized to Disrupt America

As Xi Jinping advances his vision for China’s dominance by 2049, cybersecurity experts warn that connected technologies—like EV batteries—may quietly serve as tools of...

Kevin TownsendApril 29, 2025

Application Security

Google’s GUAC Open Source Tool Centralizes Software Security Metadata

Google announces GUAC, an open source tool to help organizations better understand software supply chains by centralizing build, security, and dependency metadata.

Ionut ArghireOctober 20, 2022

Network Security

Cybersecurity Awareness Month: 5 Actionable Tips

Best practices for defeating against most attacks, hopefully making the need for future Cybersecurity Awareness Months obsolete

Torsten GeorgeOctober 19, 2022

Supply Chain Security

Oracle Releases 370 New Security Patches With October 2022 CPU

Oracle on Tuesday announced the release of 370 patches as part of its quarterly set of security updates. The October 2022 Critical Patch Update...

Ionut ArghireOctober 19, 2022

Application Security

Timing Attacks Can Be Used to Check for Existence of Private NPM Packages

Container and cloud-native application security provider Aqua Security warns that the existence of private NPM packages can be disclosed by performing timing attacks.

Ionut ArghireOctober 14, 2022

ICS/OT

Automotive Security Threats Are More Critical Than Ever

We’ve all marveled at the latest innovations from Tesla, the skill of Google’s self-driving cars, or, at the very least, enjoyed playing a podcast...

Marie HattarOctober 11, 2022

Cybercrime

LofyGang Cybercrime Group Used 200 Malicious NPM Packages for Supply Chain Attacks

A cybercrime group named LofyGang has distributed roughly 200 malicious NPM packages that have been downloaded thousands of times over the past year, according...

Ionut ArghireOctober 11, 2022

Application Security

Endor Labs Joins Race to Secure Software Supply Chain

It’s officially a venture capital funding frenzy in the software supply chain security space.

Ryan NaraineOctober 10, 2022

Cybercrime

Personal Information of 123K Individuals Exposed in City of Tucson Data Breach

The City of Tucson, Arizona, is notifying roughly 123,000 individuals that their personal information was compromised in a recent data breach.The incident was identified...

Ionut ArghireOctober 6, 2022

ICS/OT

SCADA Systems Involved in Many Breaches Suffered by US Ports, Terminals

Law firm Jones Walker has published the results of a survey focusing on the cybersecurity preparedness of ports and terminals in the United States.

Eduard KovacsOctober 5, 2022

Supply Chain Security

Critical Packagist Vulnerability Opened Door for PHP Supply Chain Attack

Code security company SonarSource today published details on a severe vulnerability impacting Packagist, which could have been abused to mount supply chain attacks targeting...

Ionut ArghireOctober 4, 2022

Cybersecurity Funding

Firmware Security Company Eclypsium Raises $25 Million in Series B Funding

Firmware and hardware security company Eclypsium announced on Tuesday that it has raised $25 million in a Series B funding round, which brings the...

Eduard KovacsOctober 4, 2022

Application Security

Cybersecurity M&A Roundup: 39 Deals Announced in September 2022

Eduard KovacsOctober 4, 2022

Cyberwarfare

Supply Chain Attack Targets Customer Engagement Firm Comm100

CrowdStrike is warning of a recently identified supply chain attack involving Canada-based customer engagement software provider Comm100.

Ionut ArghireOctober 3, 2022

Application Security

Investors Bet on Ox Security to Guard Software Supply Chains

The funding frenzy in the software supply chain space now includes Ox Security, an early-stage Israeli startup that just raised a whopping $34 million...

Ryan NaraineSeptember 29, 2022

Application Security

New ‘Wolfi’ Linux Distro Focuses on Software Supply Chain Security

Chainguard this week announced Wolfi, a stripped-down Linux OS distribution designed to improve the security of the software supply chain.

Ionut ArghireSeptember 23, 2022

Supply Chain Security

New Firmware Vulnerabilities Affecting Millions of Devices Allow Persistent Access

Firmware security company Binarly has discovered another round of potentially serious firmware vulnerabilities that could allow an attacker to gain persistent access to any...

Eduard KovacsSeptember 23, 2022

Application Security

15-Year-Old Python Vulnerability Present in 350,000 Projects Resurrected

Researchers at threat detection and response company Trellix have resurrected a 15-year-old Python vulnerability, showing that it’s more serious than initially believed and that...

Eduard KovacsSeptember 22, 2022

Supply Chain Security

Vulnerability Management Fatigue Fueled by Non-Exploitable Bugs

Kevin TownsendSeptember 20, 2022

Application Security

Industry Reactions to Govt Requiring Security Guarantees From Software Vendors

The White House has announced new guidance with the aim of ensuring that federal agencies only use secure software.

Eduard KovacsSeptember 16, 2022

Application Security

Rust Gets a Dedicated Security Team

The non-profit Rust Foundation has scored funding to build a dedicated security team to proactively identify and address security defects in the popular Rust...

Ryan NaraineSeptember 15, 2022

Page 9 of 18« First ‹ Previous 5 6 7 8910 11 12 13 Next ›Last »

Virtual Event: Threat Detection and Incident Response Summit

May 21, 2025

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Webinar: Cut Through the Noise: Why Context is a Secret Weapon in ASPM

May 29, 2025

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Kenna Security co-founder Ed Bellis has joined Empirical Security as Chief Executive Officer.

Robert Shaker II has joined application security firm ActiveState as Chief Product and Technology Officer.

MorganFranklin Cyber has promoted Nick Stallone and Ferdinand Hamada into newly created roles.

Jessica Newman has joined Sophos as General Manager of Global Cyber Insurance.

Breach and attack simulation solutions provider AttackIQ has appointed Pete Luban as Field Chief Information Security Officer.

More People On The Move

SECURITYWEEK NETWORK:

ICS:

Malware & Threats

React Native Aria Packages Backdoored in Supply Chain Attack

Malware & Threats

Ongoing Campaign Uses 60 NPM Packages to Steal Data

Nation-State

Chinese Hackers Hit Drone Sector in Supply Chain Attacks

Cyberwarfare

China’s Secret Weapon? How EV Batteries Could Be Weaponized to Disrupt America

Application Security

Google’s GUAC Open Source Tool Centralizes Software Security Metadata

Network Security

Cybersecurity Awareness Month: 5 Actionable Tips

Supply Chain Security

Oracle Releases 370 New Security Patches With October 2022 CPU

Application Security

Timing Attacks Can Be Used to Check for Existence of Private NPM Packages

ICS/OT

Automotive Security Threats Are More Critical Than Ever

Cybercrime

LofyGang Cybercrime Group Used 200 Malicious NPM Packages for Supply Chain Attacks

Application Security

Endor Labs Joins Race to Secure Software Supply Chain

Cybercrime

Personal Information of 123K Individuals Exposed in City of Tucson Data Breach

ICS/OT

SCADA Systems Involved in Many Breaches Suffered by US Ports, Terminals

Supply Chain Security

Critical Packagist Vulnerability Opened Door for PHP Supply Chain Attack

Cybersecurity Funding

Firmware Security Company Eclypsium Raises $25 Million in Series B Funding

Application Security

Cybersecurity M&A Roundup: 39 Deals Announced in September 2022

Cyberwarfare

Supply Chain Attack Targets Customer Engagement Firm Comm100

Application Security

Investors Bet on Ox Security to Guard Software Supply Chains

Application Security

New ‘Wolfi’ Linux Distro Focuses on Software Supply Chain Security

Supply Chain Security

New Firmware Vulnerabilities Affecting Millions of Devices Allow Persistent Access

Application Security

15-Year-Old Python Vulnerability Present in 350,000 Projects Resurrected

Supply Chain Security

Vulnerability Management Fatigue Fueled by Non-Exploitable Bugs

Application Security

Industry Reactions to Govt Requiring Security Guarantees From Software Vendors

Application Security

Rust Gets a Dedicated Security Team

Daily Briefing Newsletter

Trending

Virtual Event: Threat Detection and Incident Response Summit

Webinar: Cut Through the Noise: Why Context is a Secret Weapon in ASPM

People on the move

Expert Insights

What Can Businesses Do About Ethical Dilemmas Posed by AI?

Like Ransoming a Bike: Organizational Muscle Memory Drives the Most Effective Response

Why Sincerity Is a Strategic Asset in Cybersecurity

Identity Is the New Perimeter: Why Proofing and Verification Are Business Imperatives

Choosing a Clear Direction in the Face of Growing Cybersecurity Demands

Daily Briefing Newsletter