Tag: supply-chain
-
Over half of India-based companies suffer security breaches
Business supply chains, which include Indian companies, are at risk of attack as more than half of suppliers were breached last year First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366632058/Over-half-of-India-based-companies-suffer-security-breaches
-
Over half of India-based companies suffer security breaches
Business supply chains, which include Indian companies, are at risk of attack as more than half of suppliers were breached last year First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366632058/Over-half-of-India-based-companies-suffer-security-breaches
-
Over half of India-based companies suffer security breaches
Business supply chains, which include Indian companies, are at risk of attack as more than half of suppliers were breached last year First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366632058/Over-half-of-India-based-companies-suffer-security-breaches
-
Shai-Hulud-Angriff: Schwachstellen in der Open-Source-Sicherheit
Open Source bildet das Fundament der digitalen Welt, doch aktuelle Ereignisse zeigen, wie anfällig die Lieferkette ist. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/shai-hulud-angriff-schwachstellen-open-source
-
Shai-Hulud-Angriff: Schwachstellen in der Open-Source-Sicherheit
Open Source bildet das Fundament der digitalen Welt, doch aktuelle Ereignisse zeigen, wie anfällig die Lieferkette ist. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/shai-hulud-angriff-schwachstellen-open-source
-
Shai-Hulud-Angriff: Schwachstellen in der Open-Source-Sicherheit
Open Source bildet das Fundament der digitalen Welt, doch aktuelle Ereignisse zeigen, wie anfällig die Lieferkette ist. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/shai-hulud-angriff-schwachstellen-open-source
-
The New Perimeter is Your Supply Chain
Alan examines why the software supply chain has become the new perimeter in cloud-native security. From SBOMs to SLSA and Sigstore, discover how leaders can defend against attacks that target dependencies, pipelines and trusted updates. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/09/the-new-perimeter-is-your-supply-chain/
-
The New Perimeter is Your Supply Chain
Alan examines why the software supply chain has become the new perimeter in cloud-native security. From SBOMs to SLSA and Sigstore, discover how leaders can defend against attacks that target dependencies, pipelines and trusted updates. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/09/the-new-perimeter-is-your-supply-chain/
-
Google Warns of BRICKSTORM Malware Driving Supply Chain Intrusions
China-linked hackers use BRICKSTORM malware to hit tech, SaaS, and legal firms, threatening the US supply chain. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/news/google-warns-brickstorm-malware/
-
How GitHub Is Securing the Software Supply Chain
In light of recent cyberattacks and growing security concerns, GitHub is taking immediate and direct action to secure the open-source software supply chain. The post How GitHub Is Securing the Software Supply Chain appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-github-security-npm-supply-chain/
-
Malicious Rust Crates Steal Solana and Ethereum Keys, 8,424 Downloads Confirmed
Cybersecurity researchers have discovered two malicious Rust crates impersonating a legitimate library called fast_log to steal Solana and Ethereum wallet keys from source code.The crates, named faster_log and async_println, were published by the threat actor under the alias rustguruman and dumbnbased on May 25, 2025, amassing 8,424 downloads in total, according to software supply chain…
-
Vulnerability in Salesforce AI could be tricked into leaking CRM data
Tags: access, ai, api, attack, cybersecurity, data, exploit, injection, Internet, software, supply-chain, tool, update, vulnerabilityGuardrails, not just patches: While Salesforce responded quickly with a patch, experts agree that AI agents represent a fundamentally broader attack surface. These systems combine memory, decision-making, and tool execution, meaning compromises can spread quickly and, as Bennett puts it, “at machine speed.” “It’s advisable to secure the systems around the AI agents in use, which…
-
Government might support Jaguar Land Rover supply chain to mitigate cyber attack impact
The government is considering buying car parts from JLR’s supply chain to sell them on to the company once it recovers from the August cyber attack First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366632054/Government-might-support-Jaguar-Land-Rover-supply-chain-to-mitigate-cyber-attack-impact
-
Co-op declares cyber attack damage cost £206m
Co-op reveals £206m costs from April cyber attack, with revenues hit, member data stolen and shelves emptied, exposing major retail supply chain vulnerabilities First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366632018/Co-op-declares-cyber-attack-damage-cost-it-206m
-
Malicious Rust Crates Steal Solana and Ethereum Keys, 8,424 Downloads Confirmed
Cybersecurity researchers have discovered two malicious Rust crates impersonating a legitimate library called fast_log to steal Solana and Ethereum wallet keys from source code.The crates, named faster_log and async_println, were published by the threat actor under the alias rustguruman and dumbnbased on May 25, 2025, amassing 8,424 downloads in total, according to software supply chain…
-
The fight to lock down drones and their supply chains
Drones have already shown their impact in military operations, and their influence is spreading across the agricultural and industrial sectors. Given their technological … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/09/25/drones-cybersecurity-risks/
-
Application Security Posture Management ein Kaufratgeber
Tags: application-security, cloud, compliance, container, gartner, supply-chain, tool, vulnerabilityUm eine geeignete ASPM-Plattform auswählen zu können, ist ein tiefgreifendes Verständnis der eigenen Applikationsstruktur unerlässlich.Ähnlich wie Cyberbedrohungen sind auch die Anwendungen von Unternehmen mit der Zeit immer komplexer geworden. Das liegt vor allem daran, dass sie in einer Vielzahl von Domänen betrieben werden etwa der Cloud, Containern oder lokalen Systemen. Traditionelle Security-Tools stellt das vor…
-
Application Security Posture Management ein Kaufratgeber
Tags: application-security, cloud, compliance, container, gartner, supply-chain, tool, vulnerabilityUm eine geeignete ASPM-Plattform auswählen zu können, ist ein tiefgreifendes Verständnis der eigenen Applikationsstruktur unerlässlich.Ähnlich wie Cyberbedrohungen sind auch die Anwendungen von Unternehmen mit der Zeit immer komplexer geworden. Das liegt vor allem daran, dass sie in einer Vielzahl von Domänen betrieben werden etwa der Cloud, Containern oder lokalen Systemen. Traditionelle Security-Tools stellt das vor…
-
GitHub Aims to Secure Supply Chain as NPM Hacks Ramp Up
GitHub will address weak authentication and overly permissive tokens in the NPM ecosystem, following high-profile threat campaigns like those involving Shai-Hulud malware. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/github-secure-supply-chain-npm-hacks-ramp-up
-
Jaguar Land Rover extends cyber attack-induced shutdown to October
Jaguar Land Rover is extending its production shutdown caused by the 31 August cyber attack into next month, as government ministers drop by and supply chain workers lose wages First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366631527/Jaguar-Land-Rover-extends-cyber-attack-induced-shutdown-to-October
-
OAuth-Token-Leck Weckruf für Supply-Chain-Risikomanagement
Cloud-Dienste und SaaS-Anwendungen sind aus dem Unternehmensalltag nicht mehr wegzudenken. Sie steigern Effizienz, vereinfachen Prozesse und ermöglichen flexible Zusammenarbeit. Gleichzeitig entstehen jedoch immer komplexere Integrationen zwischen verschiedenen Plattformen und genau diese Schnittstellen entwickeln sich zunehmend zu einem kritischen Einfallstor für Angriffe. Wer die Vorteile der Cloud nutzt, muss daher auch die wachsenden Sicherheitsrisiken im […]…
-
GitHub Mandates 2FA and Short-Lived Tokens to Strengthen npm Supply Chain Security
GitHub on Monday announced that it will be changing its authentication and publishing options “in the near future” in response to a recent wave of supply chain attacks targeting the npm ecosystem, including the Shai-Hulud attack.This includes steps to address threats posed by token abuse and self-replicating malware by allowing local publishing with required two-factor…
-
Anton’s Security Blog Quarterly Q3 2025
Tags: ai, automation, breach, ciso, cloud, cyber, defense, detection, edr, google, governance, guide, metric, office, RedTeam, risk, siem, soc, software, supply-chain, threat, vulnerability, vulnerability-management, zero-trustAmazingly, Medium has fixed the stats so my blog / podcast quarterly is back to life. As before, this covers both Anton on Security and my posts from Google Cloud blog, Google Cloud community blog, and our Cloud Security Podcast (subscribe on Spotify). Gemini for docs based on this blog Top 10 posts with the most…
-
European Airports Disrupted by Supply Chain Cyberattack
A cyberattack that occurred over the weekend has caused significant disruption at major European airports. The incident targeted Collins Aerospace, a service provider for automated check-in and boarding systems. The cyberattack forced airports, including Heathrow, Brussels, and Berlin, to revert to manual procedures, leading to widespread flight delays and cancellations. At Heathrow, over 600 flights…
-
Airport Chaos Enters Third Day After Supply Chain Attack
Heathrow, Brussels, Dublin and Berlin airports are among those disrupted by a cyber-attack on Collins Aerospace First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/airport-chaos-third-day-supply/
-
Airport Chaos Enters Third Day After Supply Chain Attack
Heathrow, Brussels, Dublin and Berlin airports are among those disrupted by a cyber-attack on Collins Aerospace First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/airport-chaos-third-day-supply/
-
A Cyberattack on Jaguar Land Rover Is Causing a Supply Chain Disaster
The UK-based automaker has been forced to stop vehicle production as a result of the attack”, costing JLR tens of millions of dollars and forcing its parts suppliers to lay off workers. First seen on wired.com Jump to article: www.wired.com/story/jlr-jaguar-land-rover-cyberattack-supply-chain-disaster/
-
Agentic AI der neue Horror für Sicherheitsentscheider?
Tags: ai, antivirus, api, breach, ciso, compliance, cyberattack, cybersecurity, cyersecurity, detection, governance, law, mail, malware, monitoring, risk, service, supply-chain, tool, vulnerabilityKI ist mittlerweile in den meisten Unternehmen gesetzt. Im Trend liegen aktuell vor allem Systeme mit autonomen Fähigkeiten bei denen die potenziellen Sicherheitsrisiken besonders ausgeprägt sind.KI-Agenten werden im Unternehmensumfeld immer beliebter und zunehmend in Workflows und Prozesse integriert. Etwa in den Bereichen Softwareentwicklung, Kundenservice und -Support, Prozessautomatisierung oder Employee Experience. Für CISOs und ihre Teams…
-
Pentagon Bans China-Based Engineers Over Hacking Concerns
The Pentagon bans China-based staff from cloud work after reports warn of espionage risks and urge tighter supply chain security. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/news/pentagon-bans-china-based-engineers-over-hacking-concerns/
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 63
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter SmokeLoader Rises From the Ashes Hive0154, aka Mustang Panda, drops updated Toneshell backdoor and novel SnakeDisk USB worm Popular Tinycolor npm Package Compromised in Supply Chain Attack Affecting 40+ Packages Self-replicating Shai-hulud worm spreads…