Supply Chain Archives

Supply Chain Security

AI Hallucinations Create a New Software Supply Chain Threat

Researchers uncover new software supply chain threat from LLM-generated package hallucinations.

Ionut ArghireApril 14, 2025

Application Security

Compromised SpotBugs Token Led to GitHub Actions Supply Chain Hack

Evidence shows a SpotBugs token compromised in December 2024 was used in the March 2025 GitHub Actions supply chain attack.

Ionut ArghireApril 4, 2025

Supply Chain Security

Impact, Root Cause of GitHub Actions Supply Chain Hack Revealed

More details have come to light on the recent supply chain attack targeting GitHub Actions, including its root cause.

Eduard KovacsMarch 21, 2025

Malware & Threats

100 Car Dealerships Hit by Supply Chain Attack

The websites of over 100 auto dealerships were found serving malicious ClickFix code in a supply chain compromise.

Ionut ArghireMarch 17, 2025

Application Security

Popular GitHub Action Targeted in Supply Chain Attack

The tj-actions/changed-files GitHub Action, which is used in 23,000 repositories, has been targeted in a supply chain attack.

Eduard KovacsMarch 17, 2025

Supply Chain Security

UK Government Report Calls for Stronger Open Source Supply Chain Security Practices

Report from the Department for Science, Innovation & Technology (DSIT) finds weaknesses in current practices.

Kevin TownsendMarch 11, 2025

China's Salt Typhoon hacks US telecoms firms

Malware & Threats

China Hackers Behind US Treasury Breach Caught Targeting IT Supply Chain

Silk Typhoon APT caught using IT supply chain entry points to conduct reconnaissance, siphon data, and move laterally on victim networks.

Ryan NaraineMarch 5, 2025

Supply Chain Security

Call for Presentations Open for SecurityWeek’s 2025 Supply Chain Security & Third-Party Risk Summit

Join Us in Shaping the Future of Supply Chain Security - Don’t miss this chance to be part of the conversation addressing one of...

SecurityWeek NewsJanuary 22, 2025

Malware & Threats

North Korean Hackers Targeting Freelance Software Developers

North Korea-linked Lazarus Group is targeting freelance software developers to compromise the supply chain.

Ionut ArghireJanuary 16, 2025

Supply Chain Security

Cyber Insights 2025: Open Source and Software Supply Chain Security

Open source software (OSS) is a prime target for supply chain cyberattacks and protecting it remains a major challenge.

Kevin TownsendJanuary 15, 2025

Funding/M&A

Veracode Targets Malicious Code Threats With Phylum Acquisition

The deal includes certain Phylum assets, including its malicious package analysis, detection, and mitigation technology.

Ryan NaraineJanuary 7, 2025

Supply Chain Security

Cyberhaven Chrome Extension Hack Linked to Widening Supply Chain Campaign

The recent compromise of Cyberhaven’s Chrome extension appears to be part of a broad campaign that started over a year ago.

Ionut ArghireDecember 31, 2024

SECURITYWEEK NETWORK:

ICS:

All posts tagged "Supply Chain"

Supply Chain Security

AI Hallucinations Create a New Software Supply Chain Threat

Application Security

Compromised SpotBugs Token Led to GitHub Actions Supply Chain Hack

Supply Chain Security

Impact, Root Cause of GitHub Actions Supply Chain Hack Revealed

Malware & Threats

100 Car Dealerships Hit by Supply Chain Attack

Application Security

Popular GitHub Action Targeted in Supply Chain Attack

Supply Chain Security

UK Government Report Calls for Stronger Open Source Supply Chain Security Practices

Malware & Threats

China Hackers Behind US Treasury Breach Caught Targeting IT Supply Chain

Supply Chain Security

Call for Presentations Open for SecurityWeek’s 2025 Supply Chain Security & Third-Party Risk Summit

Malware & Threats

North Korean Hackers Targeting Freelance Software Developers

Supply Chain Security

Cyber Insights 2025: Open Source and Software Supply Chain Security

Funding/M&A

Veracode Targets Malicious Code Threats With Phylum Acquisition

Supply Chain Security

Cyberhaven Chrome Extension Hack Linked to Widening Supply Chain Campaign

Featured

Data Breaches

Microsoft Purges Dormant Azure Tenants, Rotates Keys to Prevent Repeat Nation-State Hack

Artificial Intelligence

The Shadow AI Surge: Study Finds 50% of Workers Use Unapproved AI Tools

Vulnerabilities

Fresh Windows NTLM Vulnerability Exploited in Attacks

Vulnerabilities

SonicWall Flags Old Vulnerability as Actively Exploited

Malware & Threats

Apple Quashes Two Zero-Days With iOS, MacOS Patches

Government

MITRE CVE Program Gets Last-Hour Funding Reprieve

Nation-State

China Pursuing 3 Alleged US Operatives Over Cyberattacks During Asian Games

Latest News

Artificial Intelligence

Cloud Data Security Play Sentra Raises $50 Million Series B

Artificial Intelligence

DataKrypto Launches Homomorphic Encryption Framework to Secure Enterprise AI Models

Cybercrime

Cyberattack Knocks Texas City’s Systems Offline

Vulnerabilities

SSL.com Scrambles to Patch Certificate Issuance Vulnerability

Application Security

Open Source Security Firm Hopper Emerges From Stealth With $7.6M in Funding

Malware & Threats

Many Malware Campaigns Linked to Proton66 Network

Email Security

Legacy Google Service Abused in Phishing Attacks

Daily Briefing Newsletter