Application Security RevEng.ai Raises $4.15 Million to Secure Software Supply Chain RevEng.ai has raised $4.15 million in seed funding for an AI platform that automatically detects malicious code and vulnerabilities in software. Ionut ArghireJune 27, 2025
Vulnerabilities Gerrit Misconfiguration Exposed Google Projects to Malicious Code Injection Misconfigured permissions in Google’s Gerrit code collaboration platform could have led to the compromise of ChromiumOS and other Google projects. Ionut ArghireJune 18, 2025
Malware & Threats React Native Aria Packages Backdoored in Supply Chain Attack A threat actor published backdoored versions of 17 NPM packages from GlueStack in a fresh supply chain attack. Ionut ArghireJune 9, 2025
Nation-State Chinese Hackers Hit Drone Sector in Supply Chain Attacks The China-linked hacking group Earth Ammit has launched multi-wave attacks in Taiwan and South Korea to disrupt the drone sector. Ionut ArghireMay 15, 2025
Malware & Threats Popular Scraping Tool’s NPM Package Compromised in Supply Chain Attack Supply chain attack compromises the popular rand-user-agent NPM package to deploy and activate a backdoor. Ionut ArghireMay 9, 2025
Application Security Manifest Raises $15 Million for SBOM Management Platform Software and AI supply chain transparency firm Manifest has raised $15 million in a Series A funding round led by Ensemble VC. Ionut ArghireApril 25, 2025
Funding/M&A Chainguard Raises Hefty $356M Series D at $3.5 Billion Valuation The cash infusion brings Chainguard’s total funding to about $612 million since launching in 2021 and prices the company at $3.5 billion. Ryan NaraineApril 23, 2025
Supply Chain Security AI Hallucinations Create a New Software Supply Chain Threat Researchers uncover new software supply chain threat from LLM-generated package hallucinations. Ionut ArghireApril 14, 2025
Application Security Compromised SpotBugs Token Led to GitHub Actions Supply Chain Hack Evidence shows a SpotBugs token compromised in December 2024 was used in the March 2025 GitHub Actions supply chain attack. Ionut ArghireApril 4, 2025
Supply Chain Security Impact, Root Cause of GitHub Actions Supply Chain Hack Revealed More details have come to light on the recent supply chain attack targeting GitHub Actions, including its root cause. Eduard KovacsMarch 21, 2025
Malware & Threats 100 Car Dealerships Hit by Supply Chain Attack The websites of over 100 auto dealerships were found serving malicious ClickFix code in a supply chain compromise. Ionut ArghireMarch 17, 2025
Application Security Popular GitHub Action Targeted in Supply Chain Attack The tj-actions/changed-files GitHub Action, which is used in 23,000 repositories, has been targeted in a supply chain attack. Eduard KovacsMarch 17, 2025
Supply Chain Security UK Government Report Calls for Stronger Open Source Supply Chain Security Practices Report from the Department for Science, Innovation & Technology (DSIT) finds weaknesses in current practices. Kevin TownsendMarch 11, 2025
Malware & Threats China Hackers Behind US Treasury Breach Caught Targeting IT Supply Chain Silk Typhoon APT caught using IT supply chain entry points to conduct reconnaissance, siphon data, and move laterally on victim networks. Ryan NaraineMarch 5, 2025
Supply Chain Security Call for Presentations Open for SecurityWeek’s 2025 Supply Chain Security & Third-Party Risk Summit Join Us in Shaping the Future of Supply Chain Security - Don’t miss this chance to be part of the conversation addressing one of... SecurityWeek NewsJanuary 22, 2025
Malware & Threats North Korean Hackers Targeting Freelance Software Developers North Korea-linked Lazarus Group is targeting freelance software developers to compromise the supply chain. Ionut ArghireJanuary 16, 2025
Supply Chain Security Cyber Insights 2025: Open Source and Software Supply Chain Security Open source software (OSS) is a prime target for supply chain cyberattacks and protecting it remains a major challenge. Kevin TownsendJanuary 15, 2025
Funding/M&A Veracode Targets Malicious Code Threats With Phylum Acquisition The deal includes certain Phylum assets, including its malicious package analysis, detection, and mitigation technology. Ryan NaraineJanuary 7, 2025
Supply Chain Security Cyberhaven Chrome Extension Hack Linked to Widening Supply Chain Campaign The recent compromise of Cyberhaven’s Chrome extension appears to be part of a broad campaign that started over a year ago. Ionut ArghireDecember 31, 2024
Supply Chain Security Several Chrome Extensions Compromised in Supply Chain Attack Cyberhaven and other Chrome extensions were compromised in a supply chain attack targeting Facebook advertising users. Ionut ArghireDecember 30, 2024