supply chain

Highly Popular NPM Packages Poisoned in New Supply Chain Attack

Application Security, Cryptocurrency, cryptojacking, Featured, NPM, supply chain, Supply Chain Security /

Highly Popular NPM Packages Poisoned in New Supply Chain Attack 2025-09-10 at 11:45 By Ionut Arghire Designed to intercept cryptocurrency transactions, the malicious code reached 10% of cloud environments. The post Highly Popular NPM Packages Poisoned in New Supply Chain Attack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source […]

React to this headline:

Loading spinner

Highly Popular NPM Packages Poisoned in New Supply Chain Attack Read More »

Connected cars are racing ahead, but security is stuck in neutral

car, connected cars, cyber risk, Don't miss, Features, hardware, Hot stuff, News, supply chain /

Connected cars are racing ahead, but security is stuck in neutral 2025-09-09 at 09:46 By Mirko Zorz Connected cars are already on Europe’s roads, loaded with software, sensors, and constant data connections. Drivers love the features these vehicles bring, from remote apps to smart navigation, but each new connection also opens a door to potential

React to this headline:

Loading spinner

Connected cars are racing ahead, but security is stuck in neutral Read More »

Over 6,700 Private Repositories Made Public in Nx Supply Chain Attack

GitHub, S1ngularity, secrets sprawl, supply chain, Supply Chain Security /

Over 6,700 Private Repositories Made Public in Nx Supply Chain Attack 2025-09-08 at 13:46 By Ionut Arghire The private repositories of hundreds of organizations were published publicly in the second phase of the Nx supply chain attack. The post Over 6,700 Private Repositories Made Public in Nx Supply Chain Attack appeared first on SecurityWeek. This

React to this headline:

Loading spinner

Over 6,700 Private Repositories Made Public in Nx Supply Chain Attack Read More »

Hackers Target Popular Nx Build System in First AI-Weaponized Supply Chain Attack

Development, Featured, supply chain, Supply Chain Security, Vulnerabilities /

Hackers Target Popular Nx Build System in First AI-Weaponized Supply Chain Attack 2025-08-28 at 13:55 By Ionut Arghire With more than 4 million weekly downloads, the Nx build platform became the first known supply chain breach where hackers weaponized AI assistants for data theft. The post Hackers Target Popular Nx Build System in First AI-Weaponized

React to this headline:

Loading spinner

Hackers Target Popular Nx Build System in First AI-Weaponized Supply Chain Attack Read More »

How Brandolini’s law informs our everyday infosec reality

attacks, automation, cyber resilience, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, Portnox, social engineering, supply chain /

How Brandolini’s law informs our everyday infosec reality 2025-08-11 at 09:00 By Help Net Security Brandolini’s law, also known as the “bullshit asymmetry principle”, is simple but devastating: “The amount of energy needed to refute bullshit is an order of magnitude bigger than to produce it.” While it’s often thrown around in political debates and

React to this headline:

Loading spinner

How Brandolini’s law informs our everyday infosec reality Read More »

Pentesting is now central to CISO strategy

Artificial Intelligence, CISO, cybersecurity, Data Protection, generative AI, News, penetration testing, report, supply chain /

Pentesting is now central to CISO strategy 2025-08-11 at 07:36 By Anamarija Pogorelec Security leaders are rethinking their approach to cybersecurity as digital supply chains expand and generative AI becomes embedded in critical systems. A recent survey of 225 security leaders conducted by Emerald Research found that 68% are concerned about the risks posed by

React to this headline:

Loading spinner

Pentesting is now central to CISO strategy Read More »

Third-party partners or ticking time bombs?

CISO, cyber risk, cybersecurity, CyXcel, Don't miss, Hot stuff, News, resilience, Risk Management, strategy, supply chain, third party compromise, tips, Video /

Third-party partners or ticking time bombs? 2025-08-08 at 08:46 By Help Net Security In this Help Net Security video, Ngaire Elizabeth Guzzetti, Technical Director Supply Chain at CyXcel, discusses why a third of U.S. organizations don’t trust third-party vendors to manage critical risks and what that means for supply chain security. She breaks down the

React to this headline:

Loading spinner

Third-party partners or ticking time bombs? Read More »

Cybersecurity and the development of software-defined vehicles

automotive security, CIO, CISO, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, supply chain, VicOne /

Cybersecurity and the development of software-defined vehicles 2025-08-06 at 13:18 By Help Net Security In many automotive companies, the same systems-engineering teams are responsible for both safety and security. As a result, cybersecurity is treated as a subset of safety, undergirded by an implicit assumption: “If it’s safe, it must be secure.” But that’s not

React to this headline:

Loading spinner

Cybersecurity and the development of software-defined vehicles Read More »

AIBOMs are the new SBOMs: The missing link in AI risk management

Artificial Intelligence, CISO, Compliance, cybersecurity, Don't miss, Features, Hot stuff, Manifest Cyber, News, opinion, risk, strategy, supply chain, tips /

AIBOMs are the new SBOMs: The missing link in AI risk management 2025-08-04 at 09:11 By Mirko Zorz In this Help Net Security interview, Marc Frankel, CEO at Manifest Cyber, discusses how overlooked AI-specific risks, like poisoned training data and shadow AI, can lead to security issues that conventional tools fail to detect. He explains

React to this headline:

Loading spinner

AIBOMs are the new SBOMs: The missing link in AI risk management Read More »

What’s keeping risk leaders up at night? AI, tariffs, and cost cuts

Compliance, CXO, cyber risk, enterprise, Gartner, News, report, Risk Management, supply chain /

What’s keeping risk leaders up at night? AI, tariffs, and cost cuts 2025-08-04 at 07:10 By Sinisa Markovic Enterprise risk leaders are most concerned about rising tariffs and trade tensions heading into the second half of 2025, according to a new report from Gartner. The firm’s second-quarter Emerging Risk Report, based on a survey of

React to this headline:

Loading spinner

What’s keeping risk leaders up at night? AI, tariffs, and cost cuts Read More »

Your supply chain security strategy might be missing the biggest risk

cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, Imprivata, News, opinion, Risk Management, strategy, supply chain /

Your supply chain security strategy might be missing the biggest risk 2025-07-28 at 09:03 By Help Net Security Third-party involvement in data breaches has doubled this year from 15 percent to nearly 30 percent. In response, many organizations have sharpened their focus on third-party risk management, carefully vetting the security practices of their vendors. However,

React to this headline:

Loading spinner

Your supply chain security strategy might be missing the biggest risk Read More »

High-Value NPM Developers Compromised in New Phishing Campaign

NPM, phishing, supply chain, Supply Chain Security /

High-Value NPM Developers Compromised in New Phishing Campaign 2025-07-24 at 14:22 By Ionut Arghire Hackers have injected malware into popular NPM packages after compromising several developer accounts in a fresh phishing campaign. The post High-Value NPM Developers Compromised in New Phishing Campaign appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

React to this headline:

Loading spinner

High-Value NPM Developers Compromised in New Phishing Campaign Read More »

Inorganic DNA: How nanoparticles could be the future of anti-counterfeiting tech

authentication, Don't miss, Elementag, EU, Europe, Features, hardware, Hot stuff, News, QR codes, supply chain /

Inorganic DNA: How nanoparticles could be the future of anti-counterfeiting tech 2025-07-15 at 09:00 By Mirko Zorz For decades, manufacturers and security professionals have been playing a high-stakes game of cat and mouse with counterfeiters. From holograms and QR codes to RFID tags and serial numbers, the industry’s toolkit has evolved, but so have the

React to this headline:

Loading spinner

Inorganic DNA: How nanoparticles could be the future of anti-counterfeiting tech Read More »

Global software supply chain visibility remains critically low

Artificial Intelligence, cyber resilience, cybersecurity, LevelBlue, News, regulation, report, supply chain /

Global software supply chain visibility remains critically low 2025-07-10 at 07:44 By Help Net Security Only 23% of organizations are confident that they have very high visibility of their software supply chain, according to LevelBlue’s Data Accelerator. The limited visibility reported by organizations significantly impacts their cyber resilience. Poor risk visibility leaves software supply chains

React to this headline:

Loading spinner

Global software supply chain visibility remains critically low Read More »

Third-party breaches double, creating ripple effects across industries

cybersecurity, Incident Response, News, report, risk, SecurityScorecard, supply chain, third party compromise /

Third-party breaches double, creating ripple effects across industries 2025-06-30 at 07:04 By Help Net Security Supply chain risks remain top-of-mind for the vast majority of CISOs and cybersecurity leaders, according to SecurityScorecard. Their findings reveal that the way most organizations manage supply chain cyber risk isn’t keeping pace with expanding threats. The expanding web of

React to this headline:

Loading spinner

Third-party breaches double, creating ripple effects across industries Read More »

RevEng.ai Raises $4.15 Million to Secure Software Supply Chain

Application Security, Cybersecurity Funding, funding, supply chain /

RevEng.ai Raises $4.15 Million to Secure Software Supply Chain 2025-06-27 at 13:17 By Ionut Arghire RevEng.ai has raised $4.15 million in seed funding for an AI platform that automatically detects malicious code and vulnerabilities in software. The post RevEng.ai Raises $4.15 Million to Secure Software Supply Chain appeared first on SecurityWeek. This article is an

React to this headline:

Loading spinner

RevEng.ai Raises $4.15 Million to Secure Software Supply Chain Read More »

Building cyber resilience in always-on industrial environments

CISO, cyber resilience, cybersecurity, Don't miss, Features, Hot stuff, Jungheinrich, monitoring, News, Risk Management, security controls, strategy, supply chain /

Building cyber resilience in always-on industrial environments 2025-06-26 at 09:07 By Mirko Zorz In this Help Net Security interview, Dr. Tim Sattler, CISO at Jungheinrich, discusses the cybersecurity risks tied to smart warehouses and industrial control systems. He explains how to maintain operational continuity while building real cyber resilience in always-on environments. Dr. Sattler also

React to this headline:

Loading spinner

Building cyber resilience in always-on industrial environments Read More »

Gerrit Misconfiguration Exposed Google Projects to Malicious Code Injection

GerriScary, Gerrit, Google, supply chain, Vulnerabilities, vulnerability /

Gerrit Misconfiguration Exposed Google Projects to Malicious Code Injection 2025-06-18 at 20:11 By Ionut Arghire Misconfigured permissions in Google’s Gerrit code collaboration platform could have led to the compromise of ChromiumOS and other Google projects. The post Gerrit Misconfiguration Exposed Google Projects to Malicious Code Injection appeared first on SecurityWeek. This article is an excerpt

React to this headline:

Loading spinner

Gerrit Misconfiguration Exposed Google Projects to Malicious Code Injection Read More »

React Native Aria Packages Backdoored in Supply Chain Attack

backdoor, Malware & Threats, NPM, supply chain, Supply Chain Security /

React Native Aria Packages Backdoored in Supply Chain Attack 2025-06-09 at 17:22 By Ionut Arghire A threat actor published backdoored versions of 17 NPM packages from GlueStack in a fresh supply chain attack. The post React Native Aria Packages Backdoored in Supply Chain Attack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

React Native Aria Packages Backdoored in Supply Chain Attack Read More »

Vet: Open-source software supply chain security tool

DevSecOps, Don't miss, GitHub, Hot stuff, News, open source, software, supply chain /

Vet: Open-source software supply chain security tool 2025-06-03 at 08:34 By Help Net Security Vet is an open source tool designed to help developers and security engineers spot risks in their software supply chains. It goes beyond traditional software composition analysis by detecting known vulnerabilities and flagging malicious packages. Vet supports several ecosystems, including npm,

React to this headline:

Loading spinner

Vet: Open-source software supply chain security tool Read More »

Scroll to Top