supply chain

Ransomware remains the leading cause of costly cyber claims

Allianz, cyber insurance, News, social engineering, supply chain, threats /

Ransomware remains the leading cause of costly cyber claims 2025-10-01 at 07:04 By Anamarija Pogorelec Cyber threats are shifting in 2025, and while large companies are still targets, attackers are turning their attention to smaller and mid-sized firms. According to Allianz’s Cyber Security Resilience 2025 report, hardened defenses at major corporates have pushed criminals to […]

React to this headline:

Loading spinner

Ransomware remains the leading cause of costly cyber claims Read More »

The hidden risks inside open-source code

cybersecurity, Don't miss, Features, Hot stuff, News, open source, research, Risk Management, software, supply chain /

The hidden risks inside open-source code 2025-09-30 at 09:12 By Mirko Zorz Open-source software is everywhere. It runs the browsers we use, the apps we rely on, and the infrastructure that keeps businesses connected. For many security leaders, it is simply part of the environment, not something they think about every day. That is where

React to this headline:

Loading spinner

The hidden risks inside open-source code Read More »

Cyber risk quantification helps CISOs secure executive support

Artificial Intelligence, CISO, cyber resilience, cybersecurity, Don't miss, Features, Hot stuff, News, strategy, supply chain, Zurich Resilience Solutions /

Cyber risk quantification helps CISOs secure executive support 2025-09-30 at 08:44 By Mirko Zorz In this Help Net Security interview, Vivien Bilquez, Global Head of Cyber Resilience at Zurich Resilience Solutions, discusses how organizations are rethinking cyber resilience. He talks about the priorities CISOs should focus on and the risks that are often overlooked. Bilquez

React to this headline:

Loading spinner

Cyber risk quantification helps CISOs secure executive support Read More »

Keeping the internet afloat: How to protect the global cable network

critical infrastructure, cyber resilience, cybersecurity, Don't miss, Features, hardware, networking, News, resilience, Risk Management, supply chain /

Keeping the internet afloat: How to protect the global cable network 2025-09-30 at 08:08 By Mirko Zorz The resilience of the world’s submarine cable network is under new pressure from geopolitical tensions, supply chain risks, and slow repair processes. A new report from the Center for Cybersecurity Policy and Law outlines how governments and industry

React to this headline:

Loading spinner

Keeping the internet afloat: How to protect the global cable network Read More »

GitHub Boosting Security in Response to NPM Supply Chain Attacks 

2FA, Application Security, authentication, GitHub, NPM, supply chain, Supply Chain Security /

GitHub Boosting Security in Response to NPM Supply Chain Attacks  2025-09-24 at 13:18 By Ionut Arghire GitHub will implement local publishing with mandatory 2FA, granular tokens that expire after seven days, and trusted publishing. The post GitHub Boosting Security in Response to NPM Supply Chain Attacks  appeared first on SecurityWeek. This article is an excerpt

React to this headline:

Loading spinner

GitHub Boosting Security in Response to NPM Supply Chain Attacks  Read More »

Shifting supply chains and rules test CPS security strategies

CISO, Claroty, critical infrastructure, cyber risk, cybersecurity, News, report, strategy, supply chain /

Shifting supply chains and rules test CPS security strategies 2025-09-19 at 08:31 By Sinisa Markovic Cyber-physical systems are getting harder to protect as the business landscape keeps shifting. Economic pressures, supply chain changes, and new regulations are creating more openings for attackers while complicating how organizations manage security. A new report from Claroty, based on

React to this headline:

Loading spinner

Shifting supply chains and rules test CPS security strategies Read More »

Shai-Hulud Supply Chain Attack: Worm Used to Steal Secrets, 180+ NPM Packages Hit

Application Security, Featured, NPM, Shai-Hulud, supply chain, Supply Chain Security, worm /

Shai-Hulud Supply Chain Attack: Worm Used to Steal Secrets, 180+ NPM Packages Hit 2025-09-17 at 16:04 By Ionut Arghire The packages were injected with malicious code to harvest secrets, dump them to a public repository, and make private repositories public. The post Shai-Hulud Supply Chain Attack: Worm Used to Steal Secrets, 180+ NPM Packages Hit

React to this headline:

Loading spinner

Shai-Hulud Supply Chain Attack: Worm Used to Steal Secrets, 180+ NPM Packages Hit Read More »

Highly Popular NPM Packages Poisoned in New Supply Chain Attack

Application Security, Cryptocurrency, cryptojacking, Featured, NPM, supply chain, Supply Chain Security /

Highly Popular NPM Packages Poisoned in New Supply Chain Attack 2025-09-10 at 11:45 By Ionut Arghire Designed to intercept cryptocurrency transactions, the malicious code reached 10% of cloud environments. The post Highly Popular NPM Packages Poisoned in New Supply Chain Attack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

React to this headline:

Loading spinner

Highly Popular NPM Packages Poisoned in New Supply Chain Attack Read More »

Connected cars are racing ahead, but security is stuck in neutral

car, connected cars, cyber risk, Don't miss, Features, hardware, Hot stuff, News, supply chain /

Connected cars are racing ahead, but security is stuck in neutral 2025-09-09 at 09:46 By Mirko Zorz Connected cars are already on Europe’s roads, loaded with software, sensors, and constant data connections. Drivers love the features these vehicles bring, from remote apps to smart navigation, but each new connection also opens a door to potential

React to this headline:

Loading spinner

Connected cars are racing ahead, but security is stuck in neutral Read More »

Over 6,700 Private Repositories Made Public in Nx Supply Chain Attack

GitHub, S1ngularity, secrets sprawl, supply chain, Supply Chain Security /

Over 6,700 Private Repositories Made Public in Nx Supply Chain Attack 2025-09-08 at 13:46 By Ionut Arghire The private repositories of hundreds of organizations were published publicly in the second phase of the Nx supply chain attack. The post Over 6,700 Private Repositories Made Public in Nx Supply Chain Attack appeared first on SecurityWeek. This

React to this headline:

Loading spinner

Over 6,700 Private Repositories Made Public in Nx Supply Chain Attack Read More »

Hackers Target Popular Nx Build System in First AI-Weaponized Supply Chain Attack

Development, Featured, supply chain, Supply Chain Security, Vulnerabilities /

Hackers Target Popular Nx Build System in First AI-Weaponized Supply Chain Attack 2025-08-28 at 13:55 By Ionut Arghire With more than 4 million weekly downloads, the Nx build platform became the first known supply chain breach where hackers weaponized AI assistants for data theft. The post Hackers Target Popular Nx Build System in First AI-Weaponized

React to this headline:

Loading spinner

Hackers Target Popular Nx Build System in First AI-Weaponized Supply Chain Attack Read More »

How Brandolini’s law informs our everyday infosec reality

attacks, automation, cyber resilience, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, Portnox, social engineering, supply chain /

How Brandolini’s law informs our everyday infosec reality 2025-08-11 at 09:00 By Help Net Security Brandolini’s law, also known as the “bullshit asymmetry principle”, is simple but devastating: “The amount of energy needed to refute bullshit is an order of magnitude bigger than to produce it.” While it’s often thrown around in political debates and

React to this headline:

Loading spinner

How Brandolini’s law informs our everyday infosec reality Read More »

Pentesting is now central to CISO strategy

Artificial Intelligence, CISO, cybersecurity, Data Protection, generative AI, News, penetration testing, report, supply chain /

Pentesting is now central to CISO strategy 2025-08-11 at 07:36 By Anamarija Pogorelec Security leaders are rethinking their approach to cybersecurity as digital supply chains expand and generative AI becomes embedded in critical systems. A recent survey of 225 security leaders conducted by Emerald Research found that 68% are concerned about the risks posed by

React to this headline:

Loading spinner

Pentesting is now central to CISO strategy Read More »

Third-party partners or ticking time bombs?

CISO, cyber risk, cybersecurity, CyXcel, Don't miss, Hot stuff, News, resilience, Risk Management, strategy, supply chain, third party compromise, tips, Video /

Third-party partners or ticking time bombs? 2025-08-08 at 08:46 By Help Net Security In this Help Net Security video, Ngaire Elizabeth Guzzetti, Technical Director Supply Chain at CyXcel, discusses why a third of U.S. organizations don’t trust third-party vendors to manage critical risks and what that means for supply chain security. She breaks down the

React to this headline:

Loading spinner

Third-party partners or ticking time bombs? Read More »

Cybersecurity and the development of software-defined vehicles

automotive security, CIO, CISO, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, supply chain, VicOne /

Cybersecurity and the development of software-defined vehicles 2025-08-06 at 13:18 By Help Net Security In many automotive companies, the same systems-engineering teams are responsible for both safety and security. As a result, cybersecurity is treated as a subset of safety, undergirded by an implicit assumption: “If it’s safe, it must be secure.” But that’s not

React to this headline:

Loading spinner

Cybersecurity and the development of software-defined vehicles Read More »

AIBOMs are the new SBOMs: The missing link in AI risk management

Artificial Intelligence, CISO, Compliance, cybersecurity, Don't miss, Features, Hot stuff, Manifest Cyber, News, opinion, risk, strategy, supply chain, tips /

AIBOMs are the new SBOMs: The missing link in AI risk management 2025-08-04 at 09:11 By Mirko Zorz In this Help Net Security interview, Marc Frankel, CEO at Manifest Cyber, discusses how overlooked AI-specific risks, like poisoned training data and shadow AI, can lead to security issues that conventional tools fail to detect. He explains

React to this headline:

Loading spinner

AIBOMs are the new SBOMs: The missing link in AI risk management Read More »

What’s keeping risk leaders up at night? AI, tariffs, and cost cuts

Compliance, CXO, cyber risk, enterprise, Gartner, News, report, Risk Management, supply chain /

What’s keeping risk leaders up at night? AI, tariffs, and cost cuts 2025-08-04 at 07:10 By Sinisa Markovic Enterprise risk leaders are most concerned about rising tariffs and trade tensions heading into the second half of 2025, according to a new report from Gartner. The firm’s second-quarter Emerging Risk Report, based on a survey of

React to this headline:

Loading spinner

What’s keeping risk leaders up at night? AI, tariffs, and cost cuts Read More »

Your supply chain security strategy might be missing the biggest risk

cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, Imprivata, News, opinion, Risk Management, strategy, supply chain /

Your supply chain security strategy might be missing the biggest risk 2025-07-28 at 09:03 By Help Net Security Third-party involvement in data breaches has doubled this year from 15 percent to nearly 30 percent. In response, many organizations have sharpened their focus on third-party risk management, carefully vetting the security practices of their vendors. However,

React to this headline:

Loading spinner

Your supply chain security strategy might be missing the biggest risk Read More »

High-Value NPM Developers Compromised in New Phishing Campaign

NPM, phishing, supply chain, Supply Chain Security /

High-Value NPM Developers Compromised in New Phishing Campaign 2025-07-24 at 14:22 By Ionut Arghire Hackers have injected malware into popular NPM packages after compromising several developer accounts in a fresh phishing campaign. The post High-Value NPM Developers Compromised in New Phishing Campaign appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

React to this headline:

Loading spinner

High-Value NPM Developers Compromised in New Phishing Campaign Read More »

Scroll to Top