Supply Chain Security - Security Ticks

Impact, Root Cause of GitHub Actions Supply Chain Hack Revealed

Featured, GitHub, GitHub actions, supply chain, Supply Chain Security / SecurityTicks

Impact, Root Cause of GitHub Actions Supply Chain Hack Revealed 2025-03-21 at 12:17 By Eduard Kovacs More details have come to light on the recent supply chain attack targeting GitHub Actions, including its root cause. The post Impact, Root Cause of GitHub Actions Supply Chain Hack Revealed appeared first on SecurityWeek. This article is an […]

React to this headline:

Impact, Root Cause of GitHub Actions Supply Chain Hack Revealed Read More »

Virtual Event Today: Supply Chain & Third-Party Risk Security Summit

event, Supply Chain Security / SecurityTicks

Virtual Event Today: Supply Chain & Third-Party Risk Security Summit 2025-03-19 at 16:31 By SecurityWeek News Join the virtual event as we explore of the critical nature of software and vendor supply chain security issues. The post Virtual Event Today: Supply Chain & Third-Party Risk Security Summit appeared first on SecurityWeek. This article is an

React to this headline:

Virtual Event Today: Supply Chain & Third-Party Risk Security Summit Read More »

100 Car Dealerships Hit by Supply Chain Attack

ClickFix, Malware, Malware & Threats, supply chain, Supply Chain Security / SecurityTicks

100 Car Dealerships Hit by Supply Chain Attack 2025-03-17 at 14:17 By Ionut Arghire The websites of over 100 auto dealerships were found serving malicious ClickFix code in a supply chain compromise. The post 100 Car Dealerships Hit by Supply Chain Attack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

React to this headline:

100 Car Dealerships Hit by Supply Chain Attack Read More »

Popular GitHub Action Targeted in Supply Chain Attack

Application Security, Featured, GitHub, GitHub actions, supply chain, Supply Chain Security / SecurityTicks

Popular GitHub Action Targeted in Supply Chain Attack 2025-03-17 at 12:04 By Eduard Kovacs The tj-actions/changed-files GitHub Action, which is used in 23,000 repositories, has been targeted in a supply chain attack. The post Popular GitHub Action Targeted in Supply Chain Attack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

React to this headline:

UK Government Report Calls for Stronger Open Source Supply Chain Security Practices

open source, supply chain, Supply Chain Security / SecurityTicks

UK Government Report Calls for Stronger Open Source Supply Chain Security Practices 2025-03-11 at 19:05 By Kevin Townsend Report from the Department for Science, Innovation & Technology (DSIT) finds weaknesses in current practices. The post UK Government Report Calls for Stronger Open Source Supply Chain Security Practices appeared first on SecurityWeek. This article is an

React to this headline:

UK Government Report Calls for Stronger Open Source Supply Chain Security Practices Read More »

Endor Labs and Allies Launch Opengrep, Reviving True OSS for SAST

Application Security, open source, Opengrep, Supply Chain Security / SecurityTicks

Endor Labs and Allies Launch Opengrep, Reviving True OSS for SAST 2025-01-27 at 17:20 By Kevin Townsend Opengrep is a new consortium-backed fork of Semgrep, intended to be and remain a true genuine OSS SAST tool. The post Endor Labs and Allies Launch Opengrep, Reviving True OSS for SAST appeared first on SecurityWeek. This article

React to this headline:

Endor Labs and Allies Launch Opengrep, Reviving True OSS for SAST Read More »

Zero-Day Breach at Rackspace Sparks Vendor Blame Game

Data Breaches, Featured, Rackspace, Ransomware, ScienceLogic, SL1, Supply Chain Security, Zero-Day / SecurityTicks

Zero-Day Breach at Rackspace Sparks Vendor Blame Game 2024-10-02 at 21:01 By Ryan Naraine A breach at Rackspace exposes the fragility of the software supply chain, triggering a blame game among vendors over an exploited zero-day. The post Zero-Day Breach at Rackspace Sparks Vendor Blame Game appeared first on SecurityWeek. This article is an excerpt

React to this headline:

Zero-Day Breach at Rackspace Sparks Vendor Blame Game Read More »

Fortifying the Weakest Link: How to Safeguard Against Supply Chain Cyberattacks

Risk Management, supply chain, Supply Chain Security / SecurityTicks

Fortifying the Weakest Link: How to Safeguard Against Supply Chain Cyberattacks 2024-09-26 at 15:01 By Torsten George As organizations have fortified their defenses against direct network attacks, hackers have shifted their focus to exploiting vulnerabilities in the supply chain to gain backdoor access to systems. The post Fortifying the Weakest Link: How to Safeguard Against

React to this headline:

Fortifying the Weakest Link: How to Safeguard Against Supply Chain Cyberattacks Read More »

Software Supply Chain Security Firm Lineaje Raises $20M in Series A Funding

Cybersecurity Funding, funding, Lineaje, supply chain, Supply Chain Security / SecurityTicks

Software Supply Chain Security Firm Lineaje Raises $20M in Series A Funding 2024-07-30 at 17:01 By Eduard Kovacs Software supply chain security startup Lineaje has raised $20 million in a Series A funding round that brings the total to $27 million. The post Software Supply Chain Security Firm Lineaje Raises $20M in Series A Funding

React to this headline:

Software Supply Chain Security Firm Lineaje Raises $20M in Series A Funding Read More »

Chainguard Raises $140 Million, Expands Tech to Secure AI Workloads

Chainguard, container, Funding/M&A, open source, Sequioa, Series C, Supply Chain Security / SecurityTicks

Chainguard Raises $140 Million, Expands Tech to Secure AI Workloads 2024-07-25 at 19:49 By Ryan Naraine Software supply chain security startup Chainguard raises a $140 million Series C round that values the company at $1.2 billion. The post Chainguard Raises $140 Million, Expands Tech to Secure AI Workloads appeared first on SecurityWeek. This article is

React to this headline:

Chainguard Raises $140 Million, Expands Tech to Secure AI Workloads Read More »

Judge Dismisses Major SEC Charges Against SolarWinds and CISO

Application Security, CISO, CISO Strategy, Nation-State, SolarWinds, SUNBURST, Supply Chain Security / SecurityTicks

Judge Dismisses Major SEC Charges Against SolarWinds and CISO 2024-07-20 at 00:31 By Ryan Naraine Judge dismissed SEC lawsuit charging SolarWinds and CISO Timothy Brown with hiding security problems before and after the SUNBURST supply chain compromise. The post Judge Dismisses Major SEC Charges Against SolarWinds and CISO appeared first on SecurityWeek. This article is

React to this headline:

Judge Dismisses Major SEC Charges Against SolarWinds and CISO Read More »

GitLab Ships Update for Critical Pipeline Execution Vulnerability

CVE-2024-5655, CVE-2024-6385, GitLab, Supply Chain Security, Vulnerabilities / SecurityTicks

GitLab Ships Update for Critical Pipeline Execution Vulnerability 2024-07-11 at 18:01 By Ionut Arghire GitLab issues an advisory for a critical-severity vulnerability that allows an attacker to trigger a pipeline as another user. The post GitLab Ships Update for Critical Pipeline Execution Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS

React to this headline:

GitLab Ships Update for Critical Pipeline Execution Vulnerability Read More »

Polyfill Domain Shut Down as Owner Disputes Accusations of Malicious Activity

Malware & Threats, Polyfill, supply chain, Supply Chain Security / SecurityTicks

Polyfill Domain Shut Down as Owner Disputes Accusations of Malicious Activity 2024-06-28 at 12:46 By Ionut Arghire Namecheap shut down polyfill.io amid reports of malicious activity, but the Chinese owner claims it has good intentions. The post Polyfill Domain Shut Down as Owner Disputes Accusations of Malicious Activity appeared first on SecurityWeek. This article is

React to this headline:

Polyfill Domain Shut Down as Owner Disputes Accusations of Malicious Activity Read More »

Polyfill Supply Chain Attack Hits Over 100k Websites

supply chain, Supply Chain Security, web security / SecurityTicks

Polyfill Supply Chain Attack Hits Over 100k Websites 2024-06-26 at 14:16 By Ionut Arghire More than 100,000 websites are affected by a supply chain attack injecting malware via a Polyfill domain. The post Polyfill Supply Chain Attack Hits Over 100k Websites appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View

React to this headline:

Polyfill Supply Chain Attack Hits Over 100k Websites Read More »

Several Plugins Compromised in WordPress Supply Chain Attack

supply chain, Supply Chain Security, WordPress / SecurityTicks

Several Plugins Compromised in WordPress Supply Chain Attack 2024-06-25 at 16:01 By Ionut Arghire Five WordPress plugins were injected with malicious code that creates a new administrative account. The post Several Plugins Compromised in WordPress Supply Chain Attack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React

React to this headline:

Several Plugins Compromised in WordPress Supply Chain Attack Read More »

Zero-Day Attacks and Supply Chain Compromises Surge, MFA Remains Underutilized: Rapid7 Report

report, Supply Chain Security, Threat Intelligence, Vulnerabilities / SecurityTicks

Zero-Day Attacks and Supply Chain Compromises Surge, MFA Remains Underutilized: Rapid7 Report 2024-05-23 at 14:31 By Kevin Townsend Attackers are getting more sophisticated, better armed, and faster. Nothing in Rapid7’s 2024 Attack Intelligence Report suggests that this will change. The post Zero-Day Attacks and Supply Chain Compromises Surge, MFA Remains Underutilized: Rapid7 Report appeared first

React to this headline:

Zero-Day Attacks and Supply Chain Compromises Surge, MFA Remains Underutilized: Rapid7 Report Read More »

XZ Utils Backdoor Attack Brings Another Similar Incident to Light

supply chain, Supply Chain Security, XZ backdoor / SecurityTicks

XZ Utils Backdoor Attack Brings Another Similar Incident to Light 2024-04-03 at 14:16 By Eduard Kovacs The discovery of the XZ Utils backdoor reminds an F-Droid developer of a similar incident that occurred a few years ago. The post XZ Utils Backdoor Attack Brings Another Similar Incident to Light appeared first on SecurityWeek. This article

React to this headline:

XZ Utils Backdoor Attack Brings Another Similar Incident to Light Read More »

Supply Chain Attack: Major Linux Distributions Impacted by XZ Utils Backdoor

Featured, Supply Chain Security, Vulnerabilities / SecurityTicks

Supply Chain Attack: Major Linux Distributions Impacted by XZ Utils Backdoor 2024-04-01 at 17:16 By Ionut Arghire Urgent security alerts issued as malicious code was found embedded in the XZ Utils data compression library used in many Linux distributions. The post Supply Chain Attack: Major Linux Distributions Impacted by XZ Utils Backdoor appeared first on

React to this headline:

Supply Chain Attack: Major Linux Distributions Impacted by XZ Utils Backdoor Read More »

Malware Upload Attack Hits PyPI Repository

Checkmarx, Malware & Threats, PyPI, Supply Chain Security / SecurityTicks

Malware Upload Attack Hits PyPI Repository 2024-03-28 at 20:31 By Ryan Naraine Maintainers of the Python Package Index (PyPI) repository were forced to suspend new project creation and new user registration to mitigate a malware upload campaign. The post Malware Upload Attack Hits PyPI Repository appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Malware Upload Attack Hits PyPI Repository Read More »

Binarly Attracts $10.5M to Tackle Software Supply Chain Security

Binarly, firmware, Funding/M&A, seed-stage, supply chain, Supply Chain Security / SecurityTicks

Binarly Attracts $10.5M to Tackle Software Supply Chain Security 2024-03-26 at 22:47 By SecurityWeek News Los Angeles firmware and software supply chain firm banks $10.5 million in seed-stage funding led by Two Bear Capital. The post Binarly Attracts $10.5M to Tackle Software Supply Chain Security appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Binarly Attracts $10.5M to Tackle Software Supply Chain Security Read More »