Supply Chain Security

GitLab Ships Update for Critical Pipeline Execution Vulnerability

CVE-2024-5655, CVE-2024-6385, GitLab, Supply Chain Security, Vulnerabilities /

GitLab Ships Update for Critical Pipeline Execution Vulnerability 2024-07-11 at 18:01 By Ionut Arghire GitLab issues an advisory for a critical-severity vulnerability that allows an attacker to trigger a pipeline as another user. The post GitLab Ships Update for Critical Pipeline Execution Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS […]

React to this headline:

Loading spinner

GitLab Ships Update for Critical Pipeline Execution Vulnerability Read More »

Polyfill Domain Shut Down as Owner Disputes Accusations of Malicious Activity

Malware & Threats, Polyfill, supply chain, Supply Chain Security /

Polyfill Domain Shut Down as Owner Disputes Accusations of Malicious Activity 2024-06-28 at 12:46 By Ionut Arghire Namecheap shut down polyfill.io amid reports of malicious activity, but the Chinese owner claims it has good intentions. The post Polyfill Domain Shut Down as Owner Disputes Accusations of Malicious Activity appeared first on SecurityWeek. This article is

React to this headline:

Loading spinner

Polyfill Domain Shut Down as Owner Disputes Accusations of Malicious Activity Read More »

Polyfill Supply Chain Attack Hits Over 100k Websites 

supply chain, Supply Chain Security, web security /

Polyfill Supply Chain Attack Hits Over 100k Websites  2024-06-26 at 14:16 By Ionut Arghire More than 100,000 websites are affected by a supply chain attack injecting malware via a Polyfill domain. The post Polyfill Supply Chain Attack Hits Over 100k Websites  appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View

React to this headline:

Loading spinner

Polyfill Supply Chain Attack Hits Over 100k Websites  Read More »

Several Plugins Compromised in WordPress Supply Chain Attack 

supply chain, Supply Chain Security, WordPress /

Several Plugins Compromised in WordPress Supply Chain Attack  2024-06-25 at 16:01 By Ionut Arghire Five WordPress plugins were injected with malicious code that creates a new administrative account. The post Several Plugins Compromised in WordPress Supply Chain Attack  appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React

React to this headline:

Loading spinner

Several Plugins Compromised in WordPress Supply Chain Attack  Read More »

Zero-Day Attacks and Supply Chain Compromises Surge, MFA Remains Underutilized: Rapid7 Report

report, Supply Chain Security, Threat Intelligence, Vulnerabilities /

Zero-Day Attacks and Supply Chain Compromises Surge, MFA Remains Underutilized: Rapid7 Report 2024-05-23 at 14:31 By Kevin Townsend Attackers are getting more sophisticated, better armed, and faster. Nothing in Rapid7’s 2024 Attack Intelligence Report suggests that this will change. The post Zero-Day Attacks and Supply Chain Compromises Surge, MFA Remains Underutilized: Rapid7 Report appeared first

React to this headline:

Loading spinner

Zero-Day Attacks and Supply Chain Compromises Surge, MFA Remains Underutilized: Rapid7 Report Read More »

XZ Utils Backdoor Attack Brings Another Similar Incident to Light

supply chain, Supply Chain Security, XZ backdoor /

XZ Utils Backdoor Attack Brings Another Similar Incident to Light 2024-04-03 at 14:16 By Eduard Kovacs The discovery of the XZ Utils backdoor reminds an F-Droid developer of a similar incident that occurred a few years ago. The post XZ Utils Backdoor Attack Brings Another Similar Incident to Light appeared first on SecurityWeek. This article

React to this headline:

Loading spinner

XZ Utils Backdoor Attack Brings Another Similar Incident to Light Read More »

Supply Chain Attack: Major Linux Distributions Impacted by XZ Utils Backdoor

Featured, Supply Chain Security, Vulnerabilities /

Supply Chain Attack: Major Linux Distributions Impacted by XZ Utils Backdoor 2024-04-01 at 17:16 By Ionut Arghire Urgent security alerts issued as malicious code was found embedded in the XZ Utils data compression library used in many Linux distributions. The post Supply Chain Attack: Major Linux Distributions Impacted by XZ Utils Backdoor appeared first on

React to this headline:

Loading spinner

Supply Chain Attack: Major Linux Distributions Impacted by XZ Utils Backdoor Read More »

Malware Upload Attack Hits PyPI Repository

Checkmarx, Malware & Threats, PyPI, Supply Chain Security /

Malware Upload Attack Hits PyPI Repository 2024-03-28 at 20:31 By Ryan Naraine Maintainers of the Python Package Index (PyPI) repository were forced to suspend new project creation and new user registration to mitigate a malware upload campaign. The post Malware Upload Attack Hits PyPI Repository appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Loading spinner

Malware Upload Attack Hits PyPI Repository Read More »

Binarly Attracts $10.5M to Tackle Software Supply Chain Security

Binarly, firmware, Funding/M&A, seed-stage, supply chain, Supply Chain Security /

Binarly Attracts $10.5M to Tackle Software Supply Chain Security 2024-03-26 at 22:47 By SecurityWeek News Los Angeles firmware and software supply chain firm banks $10.5 million in seed-stage funding led by Two Bear Capital. The post Binarly Attracts $10.5M to Tackle Software Supply Chain Security appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Loading spinner

Binarly Attracts $10.5M to Tackle Software Supply Chain Security Read More »

Virtual Event Today: Supply Chain & Third-Party Risk Summit 2024 

supply chain, Supply Chain Security /

Virtual Event Today: Supply Chain & Third-Party Risk Summit 2024  2024-03-20 at 14:01 By SecurityWeek News Join the fully immersive virtual event us as we explore the critical nature of software and vendor supply chain security issues The post Virtual Event Today: Supply Chain & Third-Party Risk Summit 2024  appeared first on SecurityWeek. This article

React to this headline:

Loading spinner

Virtual Event Today: Supply Chain & Third-Party Risk Summit 2024  Read More »

SecurityWeek Cyber Insights 2024 Series

Artificial Intelligence, CISO Conversations, CISO Strategy, CyberInsights2024, ICS/OT, Management & Strategy, Ransomware, Supply Chain Security, Threat Intelligence /

SecurityWeek Cyber Insights 2024 Series 2024-03-11 at 16:01 By Kevin Townsend Cyber Insights 2024 talks to hundreds of industry experts from dozens of companies covering seven primary topics. The post SecurityWeek Cyber Insights 2024 Series appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React to this headline:

React to this headline:

Loading spinner

SecurityWeek Cyber Insights 2024 Series Read More »

Cyber Insights 2024: Supply Chain 

Cyber Insights, SBOM, supply chain, Supply Chain Security /

Cyber Insights 2024: Supply Chain  2024-02-20 at 16:16 By Kevin Townsend Supply chain security insights: A successful attack against a supplier can lead to multiple opportunities against the supplier’s downstream customers. The post Cyber Insights 2024: Supply Chain  appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React

React to this headline:

Loading spinner

Cyber Insights 2024: Supply Chain  Read More »

AnyDesk Revokes Passwords, Certificates in Response to Hack

AnyDesk, Featured, supply chain, Supply Chain Security /

AnyDesk Revokes Passwords, Certificates in Response to Hack 2024-02-05 at 13:01 By Eduard Kovacs AnyDesk is revoking certificates and passwords in response to a recently discovered security breach impacting production systems. The post AnyDesk Revokes Passwords, Certificates in Response to Hack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View

React to this headline:

Loading spinner

AnyDesk Revokes Passwords, Certificates in Response to Hack Read More »

New Offerings From Protect AI, Venafi Tackle Software Supply Chain Security

open source, Supply Chain Security, Vulnerabilities /

New Offerings From Protect AI, Venafi Tackle Software Supply Chain Security 2024-01-25 at 16:46 By Kevin Townsend Two new products aim to secure the traditional OSS supply chain, and the new AI model software supply chain. The post New Offerings From Protect AI, Venafi Tackle Software Supply Chain Security appeared first on SecurityWeek. This article

React to this headline:

Loading spinner

New Offerings From Protect AI, Venafi Tackle Software Supply Chain Security Read More »

Software Supply Chain Security Startup Kusari Raises $8 Million 

Cybersecurity Funding, seed funding, supply chain, Supply Chain Security /

Software Supply Chain Security Startup Kusari Raises $8 Million  2024-01-18 at 17:03 By Ionut Arghire Kusari has raised $8 million to help organizations gain visibility into and secure their software supply chain. The post Software Supply Chain Security Startup Kusari Raises $8 Million  appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS

React to this headline:

Loading spinner

Software Supply Chain Security Startup Kusari Raises $8 Million  Read More »

Remotely Exploitable ‘PixieFail’ Flaws Found in Tianocore EDK II PXE Implementation

Microsoft, Network Security, Pixiefail, Quarkslab, Supply Chain Security, Tianocore, UEFI, Vulnerabilities /

Remotely Exploitable ‘PixieFail’ Flaws Found in Tianocore EDK II PXE Implementation 2024-01-16 at 16:16 By Ryan Naraine Quarkslab finds serious, remotely exploitable vulnerabilities in EDK II, the de-facto open source reference implementation of the UEFI spec. The post Remotely Exploitable ‘PixieFail’ Flaws Found in Tianocore EDK II PXE Implementation appeared first on SecurityWeek. This article

React to this headline:

Loading spinner

Remotely Exploitable ‘PixieFail’ Flaws Found in Tianocore EDK II PXE Implementation Read More »

New Class of CI/CD Attacks Could Have Led to PyTorch Supply Chain Compromise

Application Security, Featured, PyTorch, supply chain, Supply Chain Security /

New Class of CI/CD Attacks Could Have Led to PyTorch Supply Chain Compromise 2024-01-12 at 14:31 By Ionut Arghire Researchers detail a CI/CD attack leading to PyTorch releases compromise via GitHub Actions self-hosted runners. The post New Class of CI/CD Attacks Could Have Led to PyTorch Supply Chain Compromise appeared first on SecurityWeek. This article

React to this headline:

Loading spinner

New Class of CI/CD Attacks Could Have Led to PyTorch Supply Chain Compromise Read More »

Major IT, Crypto Firms Exposed to Supply Chain Compromise via New Class of CI/CD Attack 

CI/CD, supply chain, Supply Chain Security /

Major IT, Crypto Firms Exposed to Supply Chain Compromise via New Class of CI/CD Attack  2024-01-08 at 15:46 By Ionut Arghire Self-hosted GitHub Actions runners could allow attackers to inject malicious code into repositories, leading to supply chain attacks. The post Major IT, Crypto Firms Exposed to Supply Chain Compromise via New Class of CI/CD

React to this headline:

Loading spinner

Major IT, Crypto Firms Exposed to Supply Chain Compromise via New Class of CI/CD Attack  Read More »

NSA Issues Guidance on Incorporating SBOMs to Improve Cybersecurity

Application Security, NSA, SBOM, Supply Chain Security, Uncategorized /

NSA Issues Guidance on Incorporating SBOMs to Improve Cybersecurity 18/12/2023 at 17:16 By Ionut Arghire NSA has published guidance to help organizations incorporate SBOM to mitigate supply chain risks. The post NSA Issues Guidance on Incorporating SBOMs to Improve Cybersecurity appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original

React to this headline:

Loading spinner

NSA Issues Guidance on Incorporating SBOMs to Improve Cybersecurity Read More »

Russian Cyberspies Exploiting TeamCity Vulnerability at Scale: Government Agencies

APT29, espionage, Malware & Threats, Russia, supply chain, Supply Chain Security /

Russian Cyberspies Exploiting TeamCity Vulnerability at Scale: Government Agencies 14/12/2023 at 14:35 By Ionut Arghire US, UK, and Poland warn of Russia-linked cyberespionage group’s broad exploitation of recent TeamCity vulnerability. The post Russian Cyberspies Exploiting TeamCity Vulnerability at Scale: Government Agencies appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View

React to this headline:

Loading spinner

Russian Cyberspies Exploiting TeamCity Vulnerability at Scale: Government Agencies Read More »

Scroll to Top