supply chain

From Open Source to OpenAI: The Evolution of Third-Party Risk

open source, supply chain, Supply Chain Security, vibe coding, Vulnerabilities /

From Open Source to OpenAI: The Evolution of Third-Party Risk 2025-12-16 at 20:15 By Nadir Izrael From open source libraries to AI-powered coding assistants, speed-driven development is introducing new third-party risks that threat actors are increasingly exploiting. The post From Open Source to OpenAI: The Evolution of Third-Party Risk appeared first on SecurityWeek. This article […]

From Open Source to OpenAI: The Evolution of Third-Party Risk Read More »

Notepad++ Patches Updater Flaw After Reports of Traffic Hijacking

China, Featured, Malware & Threats, Notepad++, supply chain, updater /

Notepad++ Patches Updater Flaw After Reports of Traffic Hijacking 2025-12-12 at 12:53 By Eduard Kovacs Notepad++ found a vulnerability in the way the software updater authenticates update files.  The post Notepad++ Patches Updater Flaw After Reports of Traffic Hijacking appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Notepad++ Patches Updater Flaw After Reports of Traffic Hijacking Read More »

Smart grids are trying to modernize and attackers are treating it like an invitation

access control, Analog Devices, critical infrastructure, cybersecurity, Don't miss, energy sector, Features, firmware, hardware, Hot stuff, News, strategy, supply chain, threats /

Smart grids are trying to modernize and attackers are treating it like an invitation 2025-12-04 at 09:05 By Mirko Zorz In this Help Net Security interview, Sonia Kumar, Senior Director Cyber Security at Analog Devices, discusses how securing decentralized smart grids demands a shift in defensive strategy. Millions of distributed devices are reshaping the attack

Smart grids are trying to modernize and attackers are treating it like an invitation Read More »

640 NPM Packages Infected in New ‘Shai-Hulud’ Supply Chain Attack

Malware, Malware & Threats, NPM, Shai-Hulud, supply chain /

640 NPM Packages Infected in New ‘Shai-Hulud’ Supply Chain Attack 2025-11-25 at 12:58 By Ionut Arghire The new self-replicating worm iteration has destructive capabilities, erasing home directory contents if it cannot spread to more repositories. The post 640 NPM Packages Infected in New ‘Shai-Hulud’ Supply Chain Attack appeared first on SecurityWeek. This article is an

640 NPM Packages Infected in New ‘Shai-Hulud’ Supply Chain Attack Read More »

Supply chain sprawl is rewriting security priorities

access control, cybersecurity, data breach, ISC2, News, report, Risk Management, supply chain, third party compromise /

Supply chain sprawl is rewriting security priorities 2025-11-25 at 07:32 By Anamarija Pogorelec Organizations depend on long chains of vendors, but many cybersecurity professionals say these relationships create gaps they cannot see or control. A new ISC2 survey of more than 1,000 cybersecurity professionals shows that supply chain risk sits near the top of their

Supply chain sprawl is rewriting security priorities Read More »

Chinese Cyberspies Deploy ‘BadAudio’ Malware via Supply Chain Attacks

APT, BadAudio, China, China APT, Malware, Malware & Threats, Nation-State, supply chain /

Chinese Cyberspies Deploy ‘BadAudio’ Malware via Supply Chain Attacks 2025-11-21 at 13:46 By Ionut Arghire APT24 has been relying on various techniques to drop the BadAudio downloader and then deploy additional payloads. The post Chinese Cyberspies Deploy ‘BadAudio’ Malware via Supply Chain Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

Chinese Cyberspies Deploy ‘BadAudio’ Malware via Supply Chain Attacks Read More »

The tech that turns supply chains from brittle to unbreakable

cyber risk, cybersecurity, Don't miss, Features, Hot stuff, monitoring, News, resilience, security ROI, strategy, supply chain, Tecsys /

The tech that turns supply chains from brittle to unbreakable 2025-11-17 at 16:32 By Mirko Zorz In this Help Net Security interview, Sev Kelian, CISO and VP of Security at Tecsys, discusses how organizations can strengthen supply chain resilience through a more unified and forward-looking strategy. Kelian also shares how new technologies and a blended

The tech that turns supply chains from brittle to unbreakable Read More »

Adopting a counterintelligence mindset in luxury logistics

CISO, cyber risk, cybersecurity, Data Protection, Don't miss, Features, Ferrari Group, Hot stuff, News, resilience, Risk Management, strategy, supply chain, threats, transportation /

Adopting a counterintelligence mindset in luxury logistics 2025-11-10 at 11:28 By Mirko Zorz In this Help Net Security interview, Andrea Succi, Group CISO at Ferrari Group, discusses how cybersecurity is integrated into every aspect of the logistics industry. He explains why protecting data can be as critical as securing physical assets and how a layered

Adopting a counterintelligence mindset in luxury logistics Read More »

Chinese APT Uses ‘Airstalk’ Malware in Supply Chain Attacks

China APT, Featured, Malware, supply chain, Supply Chain Security /

Chinese APT Uses ‘Airstalk’ Malware in Supply Chain Attacks 2025-11-03 at 12:28 By Ionut Arghire PowerShell and .NET variants of the malware abuse AirWatch’s MDM API to establish a C&C communication channel. The post Chinese APT Uses ‘Airstalk’ Malware in Supply Chain Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

Chinese APT Uses ‘Airstalk’ Malware in Supply Chain Attacks Read More »

Heisenberg: Open-source software supply chain health check tool

AppOmni, Don't miss, GitHub, News, open source, software, supply chain /

Heisenberg: Open-source software supply chain health check tool 2025-11-03 at 08:30 By Mirko Zorz Heisenberg is an open-source tool that checks the health of a software supply chain. It analyzes dependencies using data from deps.dev, Software Bills of Materials (SBOMs), and external advisories to measure package health, detect risks, and generate reports for individual dependencies

Heisenberg: Open-source software supply chain health check tool Read More »

Chainguard Raises $280 Million in Growth Funding

Chainguard, Cybersecurity Funding, funding, open source, supply chain /

Chainguard Raises $280 Million in Growth Funding 2025-10-27 at 17:14 By Eduard Kovacs Chainguard has raised $636 million in the past six months alone for its software supply chain security solutions.  The post Chainguard Raises $280 Million in Growth Funding appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Chainguard Raises $280 Million in Growth Funding Read More »

The next cyber crisis may start in someone else’s supply chain

Artificial Intelligence, cybersecurity, News, report, Risk Management, Riskonnect, supply chain, threats /

The next cyber crisis may start in someone else’s supply chain 2025-10-23 at 09:23 By Anamarija Pogorelec Organizations are getting better at some aspects of risk management but remain underprepared for the threats reshaping the business landscape, according to a new Riskonnect report. The findings show a growing gap between awareness and action as technology,

The next cyber crisis may start in someone else’s supply chain Read More »

When everything’s connected, everything’s at risk

access control, Brown & Brown, CISO, cyber risk, cybersecurity, Don't miss, Features, Hot stuff, IoT, News, supply chain /

When everything’s connected, everything’s at risk 2025-10-21 at 09:02 By Mirko Zorz In this Help Net Security interview, Ken Deitz, CISO at Brown & Brown, discusses how the definition of cyber risk has expanded beyond IT to include IoT, OT, and broader supply chain ecosystems. As organizations connect these assets through cloud and networked systems,

When everything’s connected, everything’s at risk Read More »

Ransomware remains the leading cause of costly cyber claims

Allianz, cyber insurance, News, social engineering, supply chain, threats /

Ransomware remains the leading cause of costly cyber claims 2025-10-01 at 07:04 By Anamarija Pogorelec Cyber threats are shifting in 2025, and while large companies are still targets, attackers are turning their attention to smaller and mid-sized firms. According to Allianz’s Cyber Security Resilience 2025 report, hardened defenses at major corporates have pushed criminals to

Ransomware remains the leading cause of costly cyber claims Read More »

The hidden risks inside open-source code

cybersecurity, Don't miss, Features, Hot stuff, News, open source, research, Risk Management, software, supply chain /

The hidden risks inside open-source code 2025-09-30 at 09:12 By Mirko Zorz Open-source software is everywhere. It runs the browsers we use, the apps we rely on, and the infrastructure that keeps businesses connected. For many security leaders, it is simply part of the environment, not something they think about every day. That is where

The hidden risks inside open-source code Read More »

Cyber risk quantification helps CISOs secure executive support

Artificial Intelligence, CISO, cyber resilience, cybersecurity, Don't miss, Features, Hot stuff, News, strategy, supply chain, Zurich Resilience Solutions /

Cyber risk quantification helps CISOs secure executive support 2025-09-30 at 08:44 By Mirko Zorz In this Help Net Security interview, Vivien Bilquez, Global Head of Cyber Resilience at Zurich Resilience Solutions, discusses how organizations are rethinking cyber resilience. He talks about the priorities CISOs should focus on and the risks that are often overlooked. Bilquez

Cyber risk quantification helps CISOs secure executive support Read More »

Keeping the internet afloat: How to protect the global cable network

critical infrastructure, cyber resilience, cybersecurity, Don't miss, Features, hardware, networking, News, resilience, Risk Management, supply chain /

Keeping the internet afloat: How to protect the global cable network 2025-09-30 at 08:08 By Mirko Zorz The resilience of the world’s submarine cable network is under new pressure from geopolitical tensions, supply chain risks, and slow repair processes. A new report from the Center for Cybersecurity Policy and Law outlines how governments and industry

Keeping the internet afloat: How to protect the global cable network Read More »

GitHub Boosting Security in Response to NPM Supply Chain Attacks 

2FA, Application Security, authentication, GitHub, NPM, supply chain, Supply Chain Security /

GitHub Boosting Security in Response to NPM Supply Chain Attacks  2025-09-24 at 13:18 By Ionut Arghire GitHub will implement local publishing with mandatory 2FA, granular tokens that expire after seven days, and trusted publishing. The post GitHub Boosting Security in Response to NPM Supply Chain Attacks  appeared first on SecurityWeek. This article is an excerpt

GitHub Boosting Security in Response to NPM Supply Chain Attacks  Read More »

Shifting supply chains and rules test CPS security strategies

CISO, Claroty, critical infrastructure, cyber risk, cybersecurity, News, report, strategy, supply chain /

Shifting supply chains and rules test CPS security strategies 2025-09-19 at 08:31 By Sinisa Markovic Cyber-physical systems are getting harder to protect as the business landscape keeps shifting. Economic pressures, supply chain changes, and new regulations are creating more openings for attackers while complicating how organizations manage security. A new report from Claroty, based on

Shifting supply chains and rules test CPS security strategies Read More »

Scroll to Top