Supply Chain Security

GitHub Boosting Security in Response to NPM Supply Chain Attacks 

2FA, Application Security, authentication, GitHub, NPM, supply chain, Supply Chain Security /

GitHub Boosting Security in Response to NPM Supply Chain Attacks  2025-09-24 at 13:18 By Ionut Arghire GitHub will implement local publishing with mandatory 2FA, granular tokens that expire after seven days, and trusted publishing. The post GitHub Boosting Security in Response to NPM Supply Chain Attacks  appeared first on SecurityWeek. This article is an excerpt […]

React to this headline:

Loading spinner

GitHub Boosting Security in Response to NPM Supply Chain Attacks  Read More »

Shai-Hulud Supply Chain Attack: Worm Used to Steal Secrets, 180+ NPM Packages Hit

Application Security, Featured, NPM, Shai-Hulud, supply chain, Supply Chain Security, worm /

Shai-Hulud Supply Chain Attack: Worm Used to Steal Secrets, 180+ NPM Packages Hit 2025-09-17 at 16:04 By Ionut Arghire The packages were injected with malicious code to harvest secrets, dump them to a public repository, and make private repositories public. The post Shai-Hulud Supply Chain Attack: Worm Used to Steal Secrets, 180+ NPM Packages Hit

React to this headline:

Loading spinner

Shai-Hulud Supply Chain Attack: Worm Used to Steal Secrets, 180+ NPM Packages Hit Read More »

Highly Popular NPM Packages Poisoned in New Supply Chain Attack

Application Security, Cryptocurrency, cryptojacking, Featured, NPM, supply chain, Supply Chain Security /

Highly Popular NPM Packages Poisoned in New Supply Chain Attack 2025-09-10 at 11:45 By Ionut Arghire Designed to intercept cryptocurrency transactions, the malicious code reached 10% of cloud environments. The post Highly Popular NPM Packages Poisoned in New Supply Chain Attack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

React to this headline:

Loading spinner

Highly Popular NPM Packages Poisoned in New Supply Chain Attack Read More »

GitHub Workflows Attack Affects Hundreds of Repos, Thousands of Secrets

Application Security, GhostAction, GitHub, secrets sprawl, Supply Chain Security /

GitHub Workflows Attack Affects Hundreds of Repos, Thousands of Secrets 2025-09-08 at 16:20 By Eduard Kovacs A supply chain attack called GhostAction has enabled threat actors to steal secrets and exploit them. The post GitHub Workflows Attack Affects Hundreds of Repos, Thousands of Secrets appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

GitHub Workflows Attack Affects Hundreds of Repos, Thousands of Secrets Read More »

Over 6,700 Private Repositories Made Public in Nx Supply Chain Attack

GitHub, S1ngularity, secrets sprawl, supply chain, Supply Chain Security /

Over 6,700 Private Repositories Made Public in Nx Supply Chain Attack 2025-09-08 at 13:46 By Ionut Arghire The private repositories of hundreds of organizations were published publicly in the second phase of the Nx supply chain attack. The post Over 6,700 Private Repositories Made Public in Nx Supply Chain Attack appeared first on SecurityWeek. This

React to this headline:

Loading spinner

Over 6,700 Private Repositories Made Public in Nx Supply Chain Attack Read More »

Hackers Target Popular Nx Build System in First AI-Weaponized Supply Chain Attack

Development, Featured, supply chain, Supply Chain Security, Vulnerabilities /

Hackers Target Popular Nx Build System in First AI-Weaponized Supply Chain Attack 2025-08-28 at 13:55 By Ionut Arghire With more than 4 million weekly downloads, the Nx build platform became the first known supply chain breach where hackers weaponized AI assistants for data theft. The post Hackers Target Popular Nx Build System in First AI-Weaponized

React to this headline:

Loading spinner

Hackers Target Popular Nx Build System in First AI-Weaponized Supply Chain Attack Read More »

CISA Requests Public Feedback on Updated SBOM Guidance

Application Security, CISA, guidance, SBOM, Supply Chain Security /

CISA Requests Public Feedback on Updated SBOM Guidance 2025-08-25 at 13:54 By Ionut Arghire CISA has updated the Minimum Elements for a Software Bill of Materials (SBOM) guidance and is seeking public comment. The post CISA Requests Public Feedback on Updated SBOM Guidance appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

React to this headline:

Loading spinner

CISA Requests Public Feedback on Updated SBOM Guidance Read More »

High-Value NPM Developers Compromised in New Phishing Campaign

NPM, phishing, supply chain, Supply Chain Security /

High-Value NPM Developers Compromised in New Phishing Campaign 2025-07-24 at 14:22 By Ionut Arghire Hackers have injected malware into popular NPM packages after compromising several developer accounts in a fresh phishing campaign. The post High-Value NPM Developers Compromised in New Phishing Campaign appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

React to this headline:

Loading spinner

High-Value NPM Developers Compromised in New Phishing Campaign Read More »

React Native Aria Packages Backdoored in Supply Chain Attack

backdoor, Malware & Threats, NPM, supply chain, Supply Chain Security /

React Native Aria Packages Backdoored in Supply Chain Attack 2025-06-09 at 17:22 By Ionut Arghire A threat actor published backdoored versions of 17 NPM packages from GlueStack in a fresh supply chain attack. The post React Native Aria Packages Backdoored in Supply Chain Attack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

React Native Aria Packages Backdoored in Supply Chain Attack Read More »

Ongoing Campaign Uses 60 NPM Packages to Steal Data

Info stealer, Malware & Threats, NPM, open source, Socket, Supply Chain Security /

Ongoing Campaign Uses 60 NPM Packages to Steal Data 2025-05-27 at 17:17 By Ionut Arghire Security firm Socket warns flags a campaign targeting NPM users with tens of malicious packages that can hijack system information. The post Ongoing Campaign Uses 60 NPM Packages to Steal Data appeared first on SecurityWeek. This article is an excerpt

React to this headline:

Loading spinner

Ongoing Campaign Uses 60 NPM Packages to Steal Data Read More »

Chinese Hackers Hit Drone Sector in Supply Chain Attacks

China APT, drone, Featured, Nation-State, supply chain, Supply Chain Security /

Chinese Hackers Hit Drone Sector in Supply Chain Attacks 2025-05-15 at 14:39 By Ionut Arghire The China-linked hacking group Earth Ammit has launched multi-wave attacks in Taiwan and South Korea to disrupt the drone sector. The post Chinese Hackers Hit Drone Sector in Supply Chain Attacks appeared first on SecurityWeek. This article is an excerpt

React to this headline:

Loading spinner

Chinese Hackers Hit Drone Sector in Supply Chain Attacks Read More »

China’s Secret Weapon? How EV Batteries Could be Weaponized to Disrupt America

China, cyberwar, Cyberwarfare, ICS/OT, Supply Chain Security /

China’s Secret Weapon? How EV Batteries Could be Weaponized to Disrupt America 2025-04-29 at 18:02 By Kevin Townsend As Xi Jinping advances his vision for China’s dominance by 2049, cybersecurity experts warn that connected technologies—like EV batteries—may quietly serve as tools of influence, espionage, and disruption. The post China’s Secret Weapon? How EV Batteries Could

React to this headline:

Loading spinner

China’s Secret Weapon? How EV Batteries Could be Weaponized to Disrupt America Read More »

Chainguard Raises Hefty $356M Series D at $3.5 Billion Valuation

Chainguard, containers, Funding/M&A, Kleiner Perkins, Kubernetes, open source, supply chain, Supply Chain Security /

Chainguard Raises Hefty $356M Series D at $3.5 Billion Valuation 2025-04-23 at 17:20 By Ryan Naraine The cash infusion brings Chainguard’s total funding to about $612 million since launching in 2021 and prices the company at $3.5 billion. The post Chainguard Raises Hefty $356M Series D at $3.5 Billion Valuation appeared first on SecurityWeek. This

React to this headline:

Loading spinner

Chainguard Raises Hefty $356M Series D at $3.5 Billion Valuation Read More »

Huntress Documents In-The-Wild Exploitation of Critical Gladinet Vulnerabilities

CrushFTP, CVE-2025-30406, Gladinet, Malware & Threats, Supply Chain Security, Triofox /

Huntress Documents In-The-Wild Exploitation of Critical Gladinet Vulnerabilities 2025-04-14 at 20:31 By Ryan Naraine The flaw, tagged as CVE-2025-30406, was added to CISA’s Known Exploited Vulnerabilities (KEV) catalog in early April. The post Huntress Documents In-The-Wild Exploitation of Critical Gladinet Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

React to this headline:

Loading spinner

Huntress Documents In-The-Wild Exploitation of Critical Gladinet Vulnerabilities Read More »

AI Hallucinations Create a New Software Supply Chain Threat

AI, Featured, Gen-AI, supply chain, Supply Chain Security /

AI Hallucinations Create a New Software Supply Chain Threat 2025-04-14 at 16:07 By Ionut Arghire Researchers uncover new software supply chain threat from LLM-generated package hallucinations. The post AI Hallucinations Create a New Software Supply Chain Threat appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to this headline:

React to this headline:

Loading spinner

AI Hallucinations Create a New Software Supply Chain Threat Read More »

Malicious NPM Packages Target Cryptocurrency, PayPal Users

cybercrime, Supply Chain Security /

Malicious NPM Packages Target Cryptocurrency, PayPal Users 2025-04-14 at 13:45 By Ionut Arghire Threat actors are publishing malicious NPM packages to steal PayPal credentials and hijack cryptocurrency transfers. The post Malicious NPM Packages Target Cryptocurrency, PayPal Users appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to this headline:

React to this headline:

Loading spinner

Malicious NPM Packages Target Cryptocurrency, PayPal Users Read More »

Compromised SpotBugs Token Led to GitHub Actions Supply Chain Hack

Application Security, GitHub actions, supply chain, Supply Chain Security /

Compromised SpotBugs Token Led to GitHub Actions Supply Chain Hack 2025-04-04 at 12:49 By Ionut Arghire Evidence shows a SpotBugs token compromised in December 2024 was used in the March 2025 GitHub Actions supply chain attack. The post Compromised SpotBugs Token Led to GitHub Actions Supply Chain Hack appeared first on SecurityWeek. This article is

React to this headline:

Loading spinner

Compromised SpotBugs Token Led to GitHub Actions Supply Chain Hack Read More »

Impact, Root Cause of GitHub Actions Supply Chain Hack Revealed

Featured, GitHub, GitHub actions, supply chain, Supply Chain Security /

Impact, Root Cause of GitHub Actions Supply Chain Hack Revealed 2025-03-21 at 12:17 By Eduard Kovacs More details have come to light on the recent supply chain attack targeting GitHub Actions, including its root cause. The post Impact, Root Cause of GitHub Actions Supply Chain Hack Revealed appeared first on SecurityWeek. This article is an

React to this headline:

Loading spinner

Impact, Root Cause of GitHub Actions Supply Chain Hack Revealed Read More »

Virtual Event Today: Supply Chain & Third-Party Risk Security Summit

event, Supply Chain Security /

Virtual Event Today: Supply Chain & Third-Party Risk Security Summit 2025-03-19 at 16:31 By SecurityWeek News Join the virtual event as we explore of the critical nature of software and vendor supply chain security issues. The post Virtual Event Today: Supply Chain & Third-Party Risk Security Summit appeared first on SecurityWeek. This article is an

React to this headline:

Loading spinner

Virtual Event Today: Supply Chain & Third-Party Risk Security Summit Read More »

100 Car Dealerships Hit by Supply Chain Attack

ClickFix, Malware, Malware & Threats, supply chain, Supply Chain Security /

100 Car Dealerships Hit by Supply Chain Attack 2025-03-17 at 14:17 By Ionut Arghire The websites of over 100 auto dealerships were found serving malicious ClickFix code in a supply chain compromise. The post 100 Car Dealerships Hit by Supply Chain Attack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

React to this headline:

Loading spinner

100 Car Dealerships Hit by Supply Chain Attack Read More »

Scroll to Top