supply chain

48% of security pros are falling behind compliance requirements

48% of security pros are falling behind compliance requirements 2025-06-02 at 07:07 By Help Net Security 32% of security professionals think they can deliver zero-vulnerability software despite rising threats and compliance regulations, according to Lineaje. Meanwhile, 68% are more realistic, noting they feel uncertain about achieving this near impossible outcome. Software compliance adoption varies across […]

React to this headline:

Loading spinner

48% of security pros are falling behind compliance requirements Read More »

4.5% of breaches now extend to fourth parties

4.5% of breaches now extend to fourth parties 2025-05-27 at 07:32 By Help Net Security Security teams can no longer afford to treat third-party security as a compliance checkbox, according to SecurityScorecard. Traditional vendor risk assessments, conducted annually or quarterly, are too slow to detect active threats. 35.5% of all breaches in 2024 were third-party

React to this headline:

Loading spinner

4.5% of breaches now extend to fourth parties Read More »

Chinese Hackers Hit Drone Sector in Supply Chain Attacks

Chinese Hackers Hit Drone Sector in Supply Chain Attacks 2025-05-15 at 14:39 By Ionut Arghire The China-linked hacking group Earth Ammit has launched multi-wave attacks in Taiwan and South Korea to disrupt the drone sector. The post Chinese Hackers Hit Drone Sector in Supply Chain Attacks appeared first on SecurityWeek. This article is an excerpt

React to this headline:

Loading spinner

Chinese Hackers Hit Drone Sector in Supply Chain Attacks Read More »

Popular Scraping Tool’s NPM Package Compromised in Supply Chain Attack

Popular Scraping Tool’s NPM Package Compromised in Supply Chain Attack 2025-05-09 at 17:32 By Ionut Arghire Supply chain attack compromises the popular rand-user-agent NPM package to deploy and activate a backdoor. The post Popular Scraping Tool’s NPM Package Compromised in Supply Chain Attack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

React to this headline:

Loading spinner

Popular Scraping Tool’s NPM Package Compromised in Supply Chain Attack Read More »

Manifest Raises $15 Million for SBOM Management Platform

Manifest Raises $15 Million for SBOM Management Platform 2025-04-25 at 15:18 By Ionut Arghire Software and AI supply chain transparency firm Manifest has raised $15 million in a Series A funding round led by Ensemble VC. The post Manifest Raises $15 Million for SBOM Management Platform appeared first on SecurityWeek. This article is an excerpt

React to this headline:

Loading spinner

Manifest Raises $15 Million for SBOM Management Platform Read More »

Chainguard Raises Hefty $356M Series D at $3.5 Billion Valuation

Chainguard Raises Hefty $356M Series D at $3.5 Billion Valuation 2025-04-23 at 17:20 By Ryan Naraine The cash infusion brings Chainguard’s total funding to about $612 million since launching in 2021 and prices the company at $3.5 billion. The post Chainguard Raises Hefty $356M Series D at $3.5 Billion Valuation appeared first on SecurityWeek. This

React to this headline:

Loading spinner

Chainguard Raises Hefty $356M Series D at $3.5 Billion Valuation Read More »

AI Hallucinations Create a New Software Supply Chain Threat

AI Hallucinations Create a New Software Supply Chain Threat 2025-04-14 at 16:07 By Ionut Arghire Researchers uncover new software supply chain threat from LLM-generated package hallucinations. The post AI Hallucinations Create a New Software Supply Chain Threat appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to this headline:

React to this headline:

Loading spinner

AI Hallucinations Create a New Software Supply Chain Threat Read More »

Compromised SpotBugs Token Led to GitHub Actions Supply Chain Hack

Compromised SpotBugs Token Led to GitHub Actions Supply Chain Hack 2025-04-04 at 12:49 By Ionut Arghire Evidence shows a SpotBugs token compromised in December 2024 was used in the March 2025 GitHub Actions supply chain attack. The post Compromised SpotBugs Token Led to GitHub Actions Supply Chain Hack appeared first on SecurityWeek. This article is

React to this headline:

Loading spinner

Compromised SpotBugs Token Led to GitHub Actions Supply Chain Hack Read More »

Impact, Root Cause of GitHub Actions Supply Chain Hack Revealed

Impact, Root Cause of GitHub Actions Supply Chain Hack Revealed 2025-03-21 at 12:17 By Eduard Kovacs More details have come to light on the recent supply chain attack targeting GitHub Actions, including its root cause. The post Impact, Root Cause of GitHub Actions Supply Chain Hack Revealed appeared first on SecurityWeek. This article is an

React to this headline:

Loading spinner

Impact, Root Cause of GitHub Actions Supply Chain Hack Revealed Read More »

Chinese military-linked companies dominate US digital supply chain

Chinese military-linked companies dominate US digital supply chain 2025-03-20 at 07:35 By Help Net Security Despite growing national security concerns and government restrictions, Chinese military-linked companies remain deeply embedded in the US digital supply chain, according to Bitsight. These organizations, many of which have been designated by the US Department of Defense as “Chinese Military

React to this headline:

Loading spinner

Chinese military-linked companies dominate US digital supply chain Read More »

Hackers target AI and crypto as software supply chain risks grow

Hackers target AI and crypto as software supply chain risks grow 2025-03-18 at 07:47 By Help Net Security The growing sophistication of software supply chain attacks is driven by widespread flaws in open-source and third-party commercial software, along with malicious campaigns that specifically target AI and cryptocurrency development pipelines, according to a ReversingLabs report. According

React to this headline:

Loading spinner

Hackers target AI and crypto as software supply chain risks grow Read More »

100 Car Dealerships Hit by Supply Chain Attack

100 Car Dealerships Hit by Supply Chain Attack 2025-03-17 at 14:17 By Ionut Arghire The websites of over 100 auto dealerships were found serving malicious ClickFix code in a supply chain compromise. The post 100 Car Dealerships Hit by Supply Chain Attack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

React to this headline:

Loading spinner

100 Car Dealerships Hit by Supply Chain Attack Read More »

Popular GitHub Action Targeted in Supply Chain Attack

Popular GitHub Action Targeted in Supply Chain Attack 2025-03-17 at 12:04 By Eduard Kovacs The tj-actions/changed-files GitHub Action, which is used in 23,000 repositories, has been targeted in a supply chain attack. The post Popular GitHub Action Targeted in Supply Chain Attack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

React to this headline:

Loading spinner

Popular GitHub Action Targeted in Supply Chain Attack Read More »

UK Government Report Calls for Stronger Open Source Supply Chain Security Practices

UK Government Report Calls for Stronger Open Source Supply Chain Security Practices 2025-03-11 at 19:05 By Kevin Townsend Report from the Department for Science, Innovation & Technology (DSIT) finds weaknesses in current practices. The post UK Government Report Calls for Stronger Open Source Supply Chain Security Practices appeared first on SecurityWeek. This article is an

React to this headline:

Loading spinner

UK Government Report Calls for Stronger Open Source Supply Chain Security Practices Read More »

China Hackers Behind US Treasury Breach Caught Targeting IT Supply Chain

China Hackers Behind US Treasury Breach Caught Targeting IT Supply Chain 2025-03-05 at 18:02 By Ryan Naraine Silk Typhoon APT caught using IT supply chain entry points to conduct reconnaissance, siphon data, and move laterally on victim networks. The post China Hackers Behind US Treasury Breach Caught Targeting IT Supply Chain appeared first on SecurityWeek.

React to this headline:

Loading spinner

China Hackers Behind US Treasury Breach Caught Targeting IT Supply Chain Read More »

It’s time to secure the extended digital supply chain

It’s time to secure the extended digital supply chain 2025-02-12 at 07:35 By Help Net Security Organizations’ increasing reliance on third-party software and services has created an environment with more vulnerabilities and harder-to-detect risks. Attackers know they can increase efficiency and profitability by compromising the supply chain and are focusing their efforts accordingly. The commoditization

React to this headline:

Loading spinner

It’s time to secure the extended digital supply chain Read More »

Only 26% of Europe’s top companies earn a high rating for cybersecurity

Only 26% of Europe’s top companies earn a high rating for cybersecurity 2025-01-06 at 07:02 By Help Net Security With the EU’s Digital Operational Resilience Act (DORA) deadline approaching on 17th January, 2025, Europe’s top 100 companies face an urgent cybersecurity challenge, according to SecurityScorecard. A-rated companies safer from breaches The report highlights the role

React to this headline:

Loading spinner

Only 26% of Europe’s top companies earn a high rating for cybersecurity Read More »

Containers have 600+ vulnerabilities on average

Containers have 600+ vulnerabilities on average 2024-12-11 at 06:31 By Help Net Security Containers are the fastest growing – and weakest cybersecurity link – in software supply chains, according to NetRise. Companies are struggling to get container security right. Issues from misconfigured clouds, containers, and networks to uncertainty over who owns container security throughout the

React to this headline:

Loading spinner

Containers have 600+ vulnerabilities on average Read More »

Evaluating your organization’s application risk management journey

Evaluating your organization’s application risk management journey 2024-11-12 at 07:33 By Mirko Zorz In this Help Net Security interview, Chris Wysopal, Chief Security Evangelist at Veracode, discusses strategies for CISOs to quantify application risk in financial terms. Wysopal outlines the need for continuous risk management practices and robust strategies to manage third-party software dependencies, ensuring

React to this headline:

Loading spinner

Evaluating your organization’s application risk management journey Read More »

Effective strategies for measuring and testing cyber resilience

Effective strategies for measuring and testing cyber resilience 2024-10-23 at 08:02 By Mirko Zorz In this Help Net Security interview, Detective Superintendent Ian Kirby, CEO of the National Cyber Resilience Centre Group (NCRCG), discusses the emerging cyber threats and strategies organizations can use to increase cyber resilience. He emphasizes basic cyber hygiene, security awareness training,

React to this headline:

Loading spinner

Effective strategies for measuring and testing cyber resilience Read More »

Scroll to Top