supply chain

Software supply chains are heading for a transparency test

Compliance, cybersecurity, ENISA, EU, Europe, News, regulation, software development, supply chain /

Software supply chains are heading for a transparency test 2026-06-16 at 12:24 By Anamarija Pogorelec Software supply chain visibility is becoming part of product security work as the EU Cyber Resilience Act (CRA) moves toward application in December 2027. ENISA’s SBOM Adoption State of Play 2026 shows organizations preparing for CRA obligations through SBOM tooling, […]

Software supply chains are heading for a transparency test Read More »

NPM 12 Will Change Script Execution Behavior to Prevent Supply Chain Attacks

GitHub, NPM, supply chain, Supply Chain Security /

NPM 12 Will Change Script Execution Behavior to Prevent Supply Chain Attacks 2026-06-13 at 18:52 By Ionut Arghire By default, npm install will no longer execute scripts from dependencies, unless explicitly allowed. The post NPM 12 Will Change Script Execution Behavior to Prevent Supply Chain Attacks appeared first on SecurityWeek. This article is an excerpt

NPM 12 Will Change Script Execution Behavior to Prevent Supply Chain Attacks Read More »

Socket Raises $60 Million at $1 Billion Valuation

Cybersecurity Funding, funding, Socket, supply chain, Supply Chain Security /

Socket Raises $60 Million at $1 Billion Valuation 2026-05-21 at 13:50 By Ionut Arghire The company will invest in its firewall, certified patches, protection extensions, new products, and team expansion. The post Socket Raises $60 Million at $1 Billion Valuation appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Socket Raises $60 Million at $1 Billion Valuation Read More »

Supply Chain Security Crisis: Too Many Vulnerabilities, Too Little Visibility

Black Kite, report, supply chain, Supply Chain Security, Vulnerabilities, vulnerability /

Supply Chain Security Crisis: Too Many Vulnerabilities, Too Little Visibility 2026-05-21 at 11:40 By Kevin Townsend New vulnerabilities are being discovered too fast, the time-to-exploitation is too short, and our visibility into them is largely lacking. The post Supply Chain Security Crisis: Too Many Vulnerabilities, Too Little Visibility appeared first on SecurityWeek. This article is

Supply Chain Security Crisis: Too Many Vulnerabilities, Too Little Visibility Read More »

HEIDI: Free IDE security plugin for open-source vulnerability checks

Connecting Software, DevSecOps, Don't miss, LLMs, News, programming, software, software development, supply chain /

HEIDI: Free IDE security plugin for open-source vulnerability checks 2026-05-12 at 09:28 By Mirko Zorz Open-source dependencies make up a large percentage of the code in production applications, and most vulnerability checks still run late in the pipeline, inside CI/CD systems or after a release ships. Meterian is moving those checks earlier with HEIDI, a

HEIDI: Free IDE security plugin for open-source vulnerability checks Read More »

Build Application Firewalls Aim to Stop the Next Supply Chain Attack

supply chain, Supply Chain Security, Vulnerabilities /

Build Application Firewalls Aim to Stop the Next Supply Chain Attack 2026-05-11 at 17:12 By Kevin Townsend Rather than scanning code alone, Build Application Firewalls inspect runtime behavior inside the software build pipeline. The post Build Application Firewalls Aim to Stop the Next Supply Chain Attack appeared first on SecurityWeek. This article is an excerpt

Build Application Firewalls Aim to Stop the Next Supply Chain Attack Read More »

AI Coding Agents Could Fuel Next Supply Chain Crisis

Artificial Intelligence, Claude Code, Featured, supply chain, Supply Chain Security /

AI Coding Agents Could Fuel Next Supply Chain Crisis 2026-05-07 at 17:33 By Kevin Townsend “TrustFall” attack shows how AI coding agents can be manipulated into launching stealthy supply chain compromises. The post AI Coding Agents Could Fuel Next Supply Chain Crisis appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

AI Coding Agents Could Fuel Next Supply Chain Crisis Read More »

Gemini CLI Vulnerability Could Have Led to Code Execution, Supply Chain Attack

AI, Artificial Intelligence, Gemini, Gemini CLI, supply chain, Vulnerabilities, vulnerability /

Gemini CLI Vulnerability Could Have Led to Code Execution, Supply Chain Attack 2026-05-07 at 14:33 By Ionut Arghire Attackers could inject prompts into a GitHub issue and take over the AI agent designed to automatically triage the issue. The post Gemini CLI Vulnerability Could Have Led to Code Execution, Supply Chain Attack appeared first on

Gemini CLI Vulnerability Could Have Led to Code Execution, Supply Chain Attack Read More »

Are SBOMs Failing? Supply Chain Attacks Rise as Security Teams Struggle With SBOM Data

SBOM, supply chain, Supply Chain Security, VEX /

Are SBOMs Failing? Supply Chain Attacks Rise as Security Teams Struggle With SBOM Data 2026-04-22 at 14:47 By Kevin Townsend Researcher says the missing piece is a governance-driven intelligence layer that turns SBOM and VEX data into explainable security decisions. The post Are SBOMs Failing? Supply Chain Attacks Rise as Security Teams Struggle With SBOM

Are SBOMs Failing? Supply Chain Attacks Rise as Security Teams Struggle With SBOM Data Read More »

CISOs grapple with AI demands within flat budgets

Artificial Intelligence, CISO, cybersecurity, News, report, RH-ISAC, skill development, supply chain /

CISOs grapple with AI demands within flat budgets 2026-04-06 at 09:16 By Anamarija Pogorelec Security spending continues to edge upward across large organizations, though the changes remain gradual and tightly managed. The 2026 RH-ISAC CISO Benchmark reflects a steady environment where budgets expand in small steps, even as AI becomes a routine part of security

CISOs grapple with AI demands within flat budgets Read More »

Your facilities run on fragile supply chains and nobody wants to admit it

cyber risk, cybersecurity, Don't miss, Features, Hot stuff, IFMA, News, resilience, Risk Management, supply chain /

Your facilities run on fragile supply chains and nobody wants to admit it 2026-03-26 at 12:32 By Mirko Zorz In this Help Net Security interview, Christa Dodoo, Global Chair at IFMA, discusses how facility managers are managing supply chain risk in critical building systems. She explains how sourcing, localized redundancy, and flexible infrastructure design are

Your facilities run on fragile supply chains and nobody wants to admit it Read More »

New ‘Sandworm_Mode’ Supply Chain Attack Hits NPM

Malware & Threats, NPM, Shai-Hulud, supply chain, supply chain attack, worm /

New ‘Sandworm_Mode’ Supply Chain Attack Hits NPM 2026-02-24 at 15:47 By Ionut Arghire The malicious code propagates like a worm, poisons AI assistants, exfiltrates secrets, and contains a destructive dead switch. The post New ‘Sandworm_Mode’ Supply Chain Attack Hits NPM appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

New ‘Sandworm_Mode’ Supply Chain Attack Hits NPM Read More »

RapidFort Raises $42M to Automate Software Supply Chain Security

Cybersecurity Funding, funding, supply chain, vulnerability management /

RapidFort Raises $42M to Automate Software Supply Chain Security 2026-02-03 at 17:01 By Eduard Kovacs The company will use the latest capital to scale its go-to-market efforts and expand its platform’s capabilities. The post RapidFort Raises $42M to Automate Software Supply Chain Security appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

RapidFort Raises $42M to Automate Software Supply Chain Security Read More »

Open-source attacks move through normal development workflows

attacks, Don't miss, News, open source, report, ReversingLabs, supply chain, supply chain attacks, vulnerability management /

Open-source attacks move through normal development workflows 2026-02-03 at 08:18 By Anamarija Pogorelec Software development relies on a steady flow of third-party code, automated updates, and fast release cycles. That environment has made the software supply chain a routine point of entry for attackers, with malicious activity blending into normal build and deployment processes. A

Open-source attacks move through normal development workflows Read More »

eScan Antivirus Delivers Malware in Supply Chain Attack

antivirus, eScan, Featured, Malware, Malware & Threats, supply chain, supply chain attack, Supply Chain Security /

eScan Antivirus Delivers Malware in Supply Chain Attack 2026-01-31 at 17:24 By Ionut Arghire Hackers compromised a MicroWorld Technologies update server and fed a malicious file to eScan customers. The post eScan Antivirus Delivers Malware in Supply Chain Attack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

eScan Antivirus Delivers Malware in Supply Chain Attack Read More »

‘PackageGate’ Flaws Open JavaScript Ecosystem to Supply Chain Attacks

NPM, supply chain, supply chain attack, Supply Chain Security /

‘PackageGate’ Flaws Open JavaScript Ecosystem to Supply Chain Attacks 2026-01-27 at 15:49 By Ionut Arghire The protections against NPM supply chain attacks could be bypassed, leading to arbitrary code execution. The post ‘PackageGate’ Flaws Open JavaScript Ecosystem to Supply Chain Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

‘PackageGate’ Flaws Open JavaScript Ecosystem to Supply Chain Attacks Read More »

Cyber risk keeps winning, even as AI takes over

Allianz, Artificial Intelligence, cyber risk, cybersecurity, News, report, Risk Management, supply chain /

Cyber risk keeps winning, even as AI takes over 2026-01-19 at 07:00 By Anamarija Pogorelec Cyber risk continues to dominate global business concerns, with AI rising quickly alongside it. According to a new risk survey from Allianz, both are influencing how organizations plan for disruption, resilience, and recovery across regions and industries. Cyber incidents stay

Cyber risk keeps winning, even as AI takes over Read More »

CISOs flag gaps in third-party risk management

Artificial Intelligence, CISO, cybersecurity, Incident Response, News, Panorays, regulation, report, supply chain, third party compromise /

CISOs flag gaps in third-party risk management 2026-01-15 at 07:37 By Anamarija Pogorelec Third-party cyber risk continues to concern security leaders as vendor ecosystems grow, supply chains stretch, and AI plays a larger role in business operations. A recent Panorays survey of U.S. CISOs shows rising third-party incidents and growing regulatory attention, while visibility beyond

CISOs flag gaps in third-party risk management Read More »

Shai-Hulud Supply Chain Attack Led to $8.5 Million Trust Wallet Heist

Application Security, cryptocurrency heist, Shai-Hulud, supply chain, supply chain attack, Supply Chain Security, Trust Wallet /

Shai-Hulud Supply Chain Attack Led to $8.5 Million Trust Wallet Heist 2025-12-31 at 14:09 By Ionut Arghire The worm exposed Trust Wallet’s Developer GitHub secrets, allowing attackers to publish a backdoor extension and steal funds from 2,520 wallets. The post Shai-Hulud Supply Chain Attack Led to $8.5 Million Trust Wallet Heist appeared first on SecurityWeek.

Shai-Hulud Supply Chain Attack Led to $8.5 Million Trust Wallet Heist Read More »

The soft underbelly of space isn’t in orbit, it’s on the ground

aerospace, CISO, cybersecurity, Don't miss, Features, Hot stuff, KSAT, News, security telemetry, strategy, supply chain, tips /

The soft underbelly of space isn’t in orbit, it’s on the ground 2025-12-18 at 09:08 By Mirko Zorz In this Help Net Security interview, Øystein Thorvaldsen, CISO at KSAT, discusses how adversaries view the ground segment as the practical way to reach space systems and why stations remain a focal point for security efforts. He

The soft underbelly of space isn’t in orbit, it’s on the ground Read More »

Scroll to Top