Data Breaches Sisense Data Breach Triggers CISA Alert and Urgent Calls for Credential Resets The US government issues a red-alert for what appears to be a massive supply chain breach at Sisense, a company that sells big-data analytics... Ryan NaraineApril 11, 2024
Supply Chain Security XZ Utils Backdoor Attack Brings Another Similar Incident to Light The discovery of the XZ Utils backdoor reminds an F-Droid developer of a similar incident that occurred a few years ago. Eduard KovacsApril 3, 2024
Funding/M&A Binarly Attracts $10.5M to Tackle Software Supply Chain Security Los Angeles firmware and software supply chain firm banks $10.5 million in seed-stage funding led by Two Bear Capital. SecurityWeek NewsMarch 26, 2024
Malware & Threats Top Python Developers Hacked in Sophisticated Supply Chain Attack Multiple Python developers get infected after downloading malware-packed clone of the popular tool Colorama. Ionut ArghireMarch 25, 2024
ICS/OT Finite State Raises $20 Million to Grow Software Supply Chain Security Business Software risk management firm Finite State has raised a $20 million growth round led by Energy Impact Partners (EIP). SecurityWeek NewsMarch 22, 2024
Supply Chain Security Watch Now: Supply Chain & Third-Party Risk Summit 2024 Join the fully immersive virtual event us as we explore the critical nature of software and vendor supply chain security issues. (Login Now) SecurityWeek NewsMarch 21, 2024
Supply Chain Security Cyber Insights 2024: Supply Chain Supply chain security insights: A successful attack against a supplier can lead to multiple opportunities against the supplier’s downstream customers. Kevin TownsendFebruary 20, 2024
Supply Chain Security AnyDesk Hacked: Revokes Passwords, Certificates in Response AnyDesk is revoking certificates and passwords in response to a significant security breach impacting production systems. Eduard KovacsFebruary 5, 2024
Cybersecurity Funding Software Supply Chain Security Startup Kusari Raises $8 Million Kusari has raised $8 million to help organizations gain visibility into and secure their software supply chain. Ionut ArghireJanuary 18, 2024
Application Security New Class of CI/CD Attacks Could Have Led to PyTorch Supply Chain Compromise Researchers detail a CI/CD attack leading to PyTorch releases compromise via GitHub Actions self-hosted runners. Ionut ArghireJanuary 12, 2024
Supply Chain Security Major IT, Crypto Firms Exposed to Supply Chain Compromise via New Class of CI/CD Attack Self-hosted GitHub Actions runners could allow attackers to inject malicious code into repositories, leading to supply chain attacks. Ionut ArghireJanuary 8, 2024
Malware & Threats Russian Cyberspies Exploiting TeamCity Vulnerability at Scale: Government Agencies US, UK, and Poland warn of Russia-linked cyberespionage group’s broad exploitation of recent TeamCity vulnerability. Ionut ArghireDecember 14, 2023