Supply Chain Archives

Application Security

RevEng.ai Raises $4.15 Million to Secure Software Supply Chain

RevEng.ai has raised $4.15 million in seed funding for an AI platform that automatically detects malicious code and vulnerabilities in software.

Ionut ArghireJune 27, 2025

Vulnerabilities

Gerrit Misconfiguration Exposed Google Projects to Malicious Code Injection

Misconfigured permissions in Google’s Gerrit code collaboration platform could have led to the compromise of ChromiumOS and other Google projects.

Ionut ArghireJune 18, 2025

Malware & Threats

React Native Aria Packages Backdoored in Supply Chain Attack

A threat actor published backdoored versions of 17 NPM packages from GlueStack in a fresh supply chain attack.

Ionut ArghireJune 9, 2025

Nation-State

Chinese Hackers Hit Drone Sector in Supply Chain Attacks

The China-linked hacking group Earth Ammit has launched multi-wave attacks in Taiwan and South Korea to disrupt the drone sector.

Ionut ArghireMay 15, 2025

Malware & Threats

Popular Scraping Tool’s NPM Package Compromised in Supply Chain Attack

Supply chain attack compromises the popular rand-user-agent NPM package to deploy and activate a backdoor.

Ionut ArghireMay 9, 2025

Application Security

Manifest Raises $15 Million for SBOM Management Platform

Software and AI supply chain transparency firm Manifest has raised $15 million in a Series A funding round led by Ensemble VC.

Ionut ArghireApril 25, 2025

Funding/M&A

Chainguard Raises Hefty $356M Series D at $3.5 Billion Valuation

The cash infusion brings Chainguard’s total funding to about $612 million since launching in 2021 and prices the company at $3.5 billion.

Ryan NaraineApril 23, 2025

Supply Chain Security

AI Hallucinations Create a New Software Supply Chain Threat

Researchers uncover new software supply chain threat from LLM-generated package hallucinations.

Ionut ArghireApril 14, 2025

Application Security

Compromised SpotBugs Token Led to GitHub Actions Supply Chain Hack

Evidence shows a SpotBugs token compromised in December 2024 was used in the March 2025 GitHub Actions supply chain attack.

Ionut ArghireApril 4, 2025

Supply Chain Security

Impact, Root Cause of GitHub Actions Supply Chain Hack Revealed

More details have come to light on the recent supply chain attack targeting GitHub Actions, including its root cause.

Eduard KovacsMarch 21, 2025

Malware & Threats

100 Car Dealerships Hit by Supply Chain Attack

The websites of over 100 auto dealerships were found serving malicious ClickFix code in a supply chain compromise.

Ionut ArghireMarch 17, 2025

Application Security

Popular GitHub Action Targeted in Supply Chain Attack

The tj-actions/changed-files GitHub Action, which is used in 23,000 repositories, has been targeted in a supply chain attack.

Eduard KovacsMarch 17, 2025

Supply Chain Security

UK Government Report Calls for Stronger Open Source Supply Chain Security Practices

Report from the Department for Science, Innovation & Technology (DSIT) finds weaknesses in current practices.

Kevin TownsendMarch 11, 2025

China's Salt Typhoon hacks US telecoms firms

Malware & Threats

China Hackers Behind US Treasury Breach Caught Targeting IT Supply Chain

Silk Typhoon APT caught using IT supply chain entry points to conduct reconnaissance, siphon data, and move laterally on victim networks.

Ryan NaraineMarch 5, 2025

Supply Chain Security

Call for Presentations Open for SecurityWeek’s 2025 Supply Chain Security & Third-Party Risk Summit

Join Us in Shaping the Future of Supply Chain Security - Don’t miss this chance to be part of the conversation addressing one of...

SecurityWeek NewsJanuary 22, 2025

Malware & Threats

North Korean Hackers Targeting Freelance Software Developers

North Korea-linked Lazarus Group is targeting freelance software developers to compromise the supply chain.

Ionut ArghireJanuary 16, 2025

Supply Chain Security

Cyber Insights 2025: Open Source and Software Supply Chain Security

Open source software (OSS) is a prime target for supply chain cyberattacks and protecting it remains a major challenge.

Kevin TownsendJanuary 15, 2025

Funding/M&A

Veracode Targets Malicious Code Threats With Phylum Acquisition

The deal includes certain Phylum assets, including its malicious package analysis, detection, and mitigation technology.

Ryan NaraineJanuary 7, 2025

Supply Chain Security

Cyberhaven Chrome Extension Hack Linked to Widening Supply Chain Campaign

The recent compromise of Cyberhaven’s Chrome extension appears to be part of a broad campaign that started over a year ago.

Ionut ArghireDecember 31, 2024

Supply Chain Security

Several Chrome Extensions Compromised in Supply Chain Attack

Cyberhaven and other Chrome extensions were compromised in a supply chain attack targeting Facebook advertising users.

Ionut ArghireDecember 30, 2024

SECURITYWEEK NETWORK:

ICS:

All posts tagged "Supply Chain"

Application Security

RevEng.ai Raises $4.15 Million to Secure Software Supply Chain

Vulnerabilities

Gerrit Misconfiguration Exposed Google Projects to Malicious Code Injection

Malware & Threats

React Native Aria Packages Backdoored in Supply Chain Attack

Nation-State

Chinese Hackers Hit Drone Sector in Supply Chain Attacks

Malware & Threats

Popular Scraping Tool’s NPM Package Compromised in Supply Chain Attack

Application Security

Manifest Raises $15 Million for SBOM Management Platform

Funding/M&A

Chainguard Raises Hefty $356M Series D at $3.5 Billion Valuation

Supply Chain Security

AI Hallucinations Create a New Software Supply Chain Threat

Application Security

Compromised SpotBugs Token Led to GitHub Actions Supply Chain Hack

Supply Chain Security

Impact, Root Cause of GitHub Actions Supply Chain Hack Revealed

Malware & Threats

100 Car Dealerships Hit by Supply Chain Attack

Application Security

Popular GitHub Action Targeted in Supply Chain Attack

Supply Chain Security

UK Government Report Calls for Stronger Open Source Supply Chain Security Practices

Malware & Threats

China Hackers Behind US Treasury Breach Caught Targeting IT Supply Chain

Supply Chain Security

Call for Presentations Open for SecurityWeek’s 2025 Supply Chain Security & Third-Party Risk Summit

Malware & Threats

North Korean Hackers Targeting Freelance Software Developers

Supply Chain Security

Cyber Insights 2025: Open Source and Software Supply Chain Security

Funding/M&A

Veracode Targets Malicious Code Threats With Phylum Acquisition

Supply Chain Security

Cyberhaven Chrome Extension Hack Linked to Widening Supply Chain Campaign

Supply Chain Security

Several Chrome Extensions Compromised in Supply Chain Attack

Featured

Artificial Intelligence

Grok-4 Falls to a Jailbreak Two days After Its Release

Mobile & Wireless

July 2025 Breaks a Decade of Monthly Android Patches

Mobile & Wireless

eSIM Hack Allows for Cloning, Spying

IoT Security

Millions of Cars Exposed to Remote Hacking via PerfektBlue Attack

Data Breaches

Nippon Steel Subsidiary Blames Data Breach on Zero-Day Attack

Nation-State

Alleged Chinese State Hacker Wanted by US Arrested in Italy

Artificial Intelligence

The Wild West of Agentic AI – An Attack Surface CISOs Can’t Afford to Ignore

Latest News

Malware & Threats

In Other News: Microsoft Finds AMD CPU Flaws, ZuRu macOS Malware Evolves, DoNot APT Targets Govs

Cybersecurity Funding

Cyberstarts Launches $300M Liquidity Fund to Help Startups Retain Top Talent

Artificial Intelligence

EU Unveils AI Code of Practice to Help Businesses Comply With Bloc’s Rules

Data Breaches

McDonald’s Chatbot Recruitment Platform Exposed 64 Million Job Applications

Vulnerabilities

Critical Wing FTP Server Vulnerability Exploited

Privacy & Compliance

TikTok Faces Fresh European Privacy Investigation Over China Data Transfers

Mobile & Wireless

July 2025 Breaks a Decade of Monthly Android Patches

Daily Briefing Newsletter