Tag: supply-chain

Future-Proofing Your Software Supply Chain with SCA Best Practices

Aug 9, 2025 5:11 AM

Tags: best-practice, finance, government, healthcare, open-source, programming, software, supply-chain, technology
Cybersecurity Snapshot: CISA Analyzes Malware Used in SharePoint Attacks, as U.K. Boosts Cyber Assessment Framework

Aug 9, 2025 12:11 AM

Tags: access, advisory, ai, attack, authentication, automation, backup, breach, china, cisa, cloud, computer, credentials, cve, cyber, cybersecurity, data, defense, detection, docker, exploit, framework, github, google, government, grc, group, guide, hacker, healthcare, identity, infrastructure, iot, ISO-27001, jobs, kubernetes, malicious, malware, mfa, microsoft, mitigation, monitoring, network, nist, open-source, password, programming, ransomware, resilience, risk, risk-management, service, social-engineering, software, startup, strategy, supply-chain, tactics, technology, threat, tool, update, vulnerability, zero-day

Check out what CISA found after it dissected malware from the latest SharePoint hacks. Plus, the U.K.’s cyber agency is overhauling its cyber framework to keep pace as threats escalate. In addition, Google is warning that cloud attacks are getting dangerously sophisticated. And get the latest on CISA’s new malware analysis platform and its report…
Cybersecurity Snapshot: CISA Analyzes Malware Used in SharePoint Attacks, as U.K. Boosts Cyber Assessment Framework

Aug 9, 2025 12:11 AM

Tags: access, advisory, ai, attack, authentication, automation, backup, breach, china, cisa, cloud, computer, credentials, cve, cyber, cybersecurity, data, defense, detection, docker, exploit, framework, github, google, government, grc, group, guide, hacker, healthcare, identity, infrastructure, iot, ISO-27001, jobs, kubernetes, malicious, malware, mfa, microsoft, mitigation, monitoring, network, nist, open-source, password, programming, ransomware, resilience, risk, risk-management, service, social-engineering, software, startup, strategy, supply-chain, tactics, technology, threat, tool, update, vulnerability, zero-day

Check out what CISA found after it dissected malware from the latest SharePoint hacks. Plus, the U.K.’s cyber agency is overhauling its cyber framework to keep pace as threats escalate. In addition, Google is warning that cloud attacks are getting dangerously sophisticated. And get the latest on CISA’s new malware analysis platform and its report…
Beyond cryptocurrency: Blockchain 101 for CISOs and why it matters

Aug 8, 2025 2:11 PM

Tags: access, ai, api, attack, blockchain, breach, ciso, compliance, container, control, credentials, crypto, data, framework, gartner, governance, identity, incident response, infrastructure, international, malicious, nist, regulation, risk, saas, sbom, software, supply-chain, technology, threat, tool, unauthorized, vulnerability, zero-trust

Decentralization. Eliminates single points of failure or compromise Immutability. Data written to the chain is nearly impossible to change Verifiability. Stakeholders can independently verify logs or data integrity Transparency + confidentiality. You can audit metadata while encrypting sensitive content According to Gartner, 20% of large enterprises will use blockchain for digital trust initiatives by 2025. That’s not hype, it’s…
Beyond cryptocurrency: Blockchain 101 for CISOs and why it matters

Aug 8, 2025 2:11 PM

Tags: access, ai, api, attack, blockchain, breach, ciso, compliance, container, control, credentials, crypto, data, framework, gartner, governance, identity, incident response, infrastructure, international, malicious, nist, regulation, risk, saas, sbom, software, supply-chain, technology, threat, tool, unauthorized, vulnerability, zero-trust

Decentralization. Eliminates single points of failure or compromise Immutability. Data written to the chain is nearly impossible to change Verifiability. Stakeholders can independently verify logs or data integrity Transparency + confidentiality. You can audit metadata while encrypting sensitive content According to Gartner, 20% of large enterprises will use blockchain for digital trust initiatives by 2025. That’s not hype, it’s…
Beyond cryptocurrency: Blockchain 101 for CISOs and why it matters

Aug 8, 2025 2:11 PM

Tags: access, ai, api, attack, blockchain, breach, ciso, compliance, container, control, credentials, crypto, data, framework, gartner, governance, identity, incident response, infrastructure, international, malicious, nist, regulation, risk, saas, sbom, software, supply-chain, technology, threat, tool, unauthorized, vulnerability, zero-trust

Decentralization. Eliminates single points of failure or compromise Immutability. Data written to the chain is nearly impossible to change Verifiability. Stakeholders can independently verify logs or data integrity Transparency + confidentiality. You can audit metadata while encrypting sensitive content According to Gartner, 20% of large enterprises will use blockchain for digital trust initiatives by 2025. That’s not hype, it’s…
RubyGems, PyPI Hit by Malicious Packages Stealing Credentials, Crypto, Forcing Security Changes

Aug 8, 2025 2:11 PM

Tags: automation, credentials, crypto, malicious, pypi, service, software, supply-chain, tool

A fresh set of 60 malicious packages has been uncovered targeting the RubyGems ecosystem by posing as seemingly innocuous automation tools for social media, blogging, or messaging services to steal credentials from unsuspecting users.The activity is assessed to be active since at least March 2023, according to the software supply chain security company Socket. Cumulatively,…
Third-party partners or ticking time bombs?

Aug 8, 2025 8:12 AM

Tags: supply-chain

In this Help Net Security video, Ngaire Elizabeth Guzzetti, Technical Director Supply Chain at CyXcel, discusses why a third of U.S. organizations don’t trust … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/08/08/third-party-risk-management-supply-chain-video/
Third-party partners or ticking time bombs?

Aug 8, 2025 8:12 AM

Tags: supply-chain

In this Help Net Security video, Ngaire Elizabeth Guzzetti, Technical Director Supply Chain at CyXcel, discusses why a third of U.S. organizations don’t trust … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/08/08/third-party-risk-management-supply-chain-video/
Securing the AI Era: Sonatype Safeguards Open Source Software Supply Chains

Aug 7, 2025 5:11 PM

Tags: ai, open-source, software, supply-chain

Open source drives modern software”, but with innovation comes risk. Learn how Sonatype secures the software supply chain to enable safer, faster delivery. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/08/securing-the-ai-era-sonatype-safeguards-open-source-software-supply-chains/
Weaponized npm Packages Target WhatsApp Developers with Remote Kill Switch

Aug 7, 2025 5:11 PM

Tags: attack, automation, business, cyber, email, exploit, malicious, supply-chain, switch, threat, tool

Socket’s Threat Research Team has uncovered a sophisticated supply chain attack targeting developers integrating with the WhatsApp Business API. Two malicious npm packages, naya-flore and nvlore-hsc, published by the npm user nayflore using the email idzzcch@gmail.com, disguise themselves as legitimate WhatsApp socket libraries. These packages exploit the growing ecosystem of third-party tools for WhatsApp automation,…
6 ways hackers hide their tracks

Aug 7, 2025 10:11 AM

Tags: access, ai, antivirus, api, attack, backdoor, breach, captcha, ceo, computer, control, credentials, crypto, cybersecurity, data, data-breach, defense, detection, email, endpoint, exploit, github, hacker, injection, intelligence, jobs, law, linux, LLM, login, malicious, malware, monitoring, network, open-source, openai, phishing, programming, RedTeam, resilience, reverse-engineering, risk, rust, service, social-engineering, software, supply-chain, threat, tool, virus, windows

Backdoors in legitimate software libraries: In April 2024, it was revealed that the XZ Utils library had been covertly backdoored as part of years-long supply-chain compromise effort. The widely used data compression library that ships as a part of major Linux distributions had malicious code inserted into it by a trusted maintainer.Over the last decade,…
Webinar: How to Stop Python Supply Chain Attacks”, and the Expert Tools You Need

Aug 7, 2025 10:11 AM

Tags: malicious, supply-chain, tool

Python is everywhere in modern software. From machine learning models to production microservices, chances are your code”, and your business”, depends on Python packages you didn’t write.But in 2025, that trust comes with a serious risk.Every few weeks, we’re seeing fresh headlines about malicious packages uploaded to the Python Package Index (PyPI)”, many going undetected…
Minimal, Hardened, and Updated Daily: The New Standard for Secure Containers

Aug 5, 2025 3:28 PM

Tags: container, linux, software, startup, supply-chain

Chainguard provides DevSecOps teams with a library of secure-by-default container images so that they don’t have to worry about software supply chain vulnerabilities. The startup is expanding its focus to include Java and Linux, as well. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/minimal-hardened-updated-daily-new-standard-secure-containers
Threat Actors Exploit Open-Source Vulnerabilities to Spread Malicious Code

Aug 5, 2025 2:28 PM

Tags: ai, cyber, data, exploit, malicious, malware, open-source, pypi, software, supply-chain, threat, vulnerability

FortiGuard Labs has reported a sustained trend in the exploitation of open-source software (OSS) repositories for malware dissemination within supply chain ecosystems. As development workflows increasingly depend on third-party packages, adversaries are capitalizing on vulnerabilities in platforms like NPM and PyPI to inject malicious code, facilitate data exfiltration, and inflict broader damage. Leveraging proprietary AI-driven…
Healthcare Under Pressure

Aug 5, 2025 2:28 PM

Tags: attack, breach, credentials, cybersecurity, healthcare, phishing, ransomware, supply-chain, threat, vulnerability

There’s no such thing as a routine day in healthcare IT anymore. While clinicians focus on saving lives, cybersecurity teams are fighting their own battles behind the scenes”, battles against credential thieves, ransomware disruptions, phishing attacks and supply chain vulnerabilities that can knock entire hospital systems offline. And the threats are accelerating. With record-breaking breach…
Top cybersecurity M&A deals for 2025

Aug 5, 2025 9:28 AM

Tags: 5G, access, ai, api, apple, application-security, attack, automation, awareness, banking, breach, business, ceo, cisco, cloud, compliance, control, crowdstrike, cyber, cybersecurity, data, ddos, defense, detection, edr, email, endpoint, finance, firewall, gitlab, government, group, ibm, identity, incident response, infrastructure, intelligence, leak, microsoft, mitigation, network, password, programming, risk, risk-management, saas, service, software, sophos, strategy, supply-chain, technology, threat, tool, training, vulnerability, waf, zero-trust

Palo Alto Networks to buy CyberArk for $25B as identity security takes center stage July 30, 2025: Palo Alto Networks is making what could be its biggest bet yet by agreeing to buy Israeli identity security company CyberArk for around $25 billion. “We envision Identity Security becoming the next major pillar of our multi-platform strategy, complementing our leadership…
Ransomware attacks: The evolving extortion threat to US financial institutions

Aug 4, 2025 2:28 PM

Tags: access, ai, antivirus, attack, backup, banking, breach, business, cloud, communications, compliance, control, credentials, crime, crimes, cyber, cybercrime, cybersecurity, dark-web, data, ddos, defense, detection, edr, email, encryption, endpoint, extortion, finance, firewall, governance, group, identity, incident response, infrastructure, insurance, intelligence, international, korea, law, leak, least-privilege, lessons-learned, linkedin, linux, lockbit, login, malicious, mfa, monitoring, network, north-korea, organized, phishing, ransom, ransomware, resilience, risk, rust, service, soc, social-engineering, software, startup, strategy, supply-chain, tactics, theft, threat, tool, training, update, usa, vmware, vulnerability, warfare, windows, zero-trust

Before sunrise on a chilly November morning, I got the kind of call no security leader ever wants. A mid-sized U.S. bank had been hit overnight hard. Customers couldn’t access their accounts, ATMs were non-functional and every screen in the company’s environment glowed with the same ominous message: their systems were encrypted, and data had…
MCP: securing the backbone of Agentic AI

Aug 4, 2025 11:56 AM

Tags: access, ai, attack, authentication, business, ciso, control, credentials, cyber, data, detection, injection, least-privilege, mfa, monitoring, RedTeam, risk, security-incident, service, supply-chain, training

Four cornerstones for securing MCP servers: CISOs can largely rely on the proven basic principles of cyber security for MCP they just need to adapt them in a few places. Pure checklists fall short here. Instead, a clear, principles-based approach is required. Four central pillars have proven themselves in practice: Strong authentication and clean credential…
North Korean hackers target open-source repositories in new espionage campaign

Jul 31, 2025 5:28 PM

Tags: espionage, hacker, lazarus, north-korea, open-source, software, supply-chain, tool

In its latest operation, Lazarus took advantage of major gaps in the open-source software supply chain, like developers depending on unvetted packages and the lack of oversight for popular tools that are often maintained by just one or two people. First seen on therecord.media Jump to article: therecord.media/north-korean-hackers-targeting-open-source-repositories
Cybersecurity Trends 2025: What’s Really Coming for Your Digital Defenses

Jul 30, 2025 11:28 PM

Tags: ai, attack, cybersecurity, data, defense, finance, risk, supply-chain, threat

Cybersecurity trends in 2025 reveal rising AI threats, quantum risks, and supply chain attacks, pushing firms to adapt or face major data and financial losses. First seen on hackread.com Jump to article: hackread.com/cybersecurity-trends-2025-whats-your-digital-defenses/
Prepping for the quantum threat requires a phased approach to crypto agility

Jul 30, 2025 10:28 AM

Tags: access, ceo, ciso, computing, crypto, cryptography, cybersecurity, encryption, firmware, government, Hardware, identity, network, nist, open-source, software, supply-chain, threat, tool, vulnerability

Missing pieces: Michael Smith, field CTO at DigiCert, noted that the industry is “yet to develop a completely PQC-safe TLS protocol.””We have the algorithms for encryption and signatures, but TLS as a protocol doesn’t have a quantum-safe session key exchange and we’re still using Diffie-Hellman variants,” Smith explained. “This is why the US government in…
The food supply chain has a cybersecurity problem

Jul 30, 2025 8:28 AM

Tags: cybersecurity, supply-chain

It’s unsettling to think that our food supply chain could be targeted or that the safety of our food could be compromised. But this is exactly the challenge the agri-food … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/07/30/agri-food-sector-cybersecurity/
Allianz Life Data Breach Hits 1.4 Million Customers

Jul 29, 2025 5:27 PM

Tags: breach, data, data-breach, exploit, finance, insurance, risk, social-engineering, supply-chain, tactics

Allianz Life Insurance confirms a July 2025 data breach impacting 1.4 million customers, financial pros and employees. Learn how social engineering exploited a third-party CRM, the hallmarks of Scattered Spider tactics, and the broader risks of supply chain vulnerabilities. First seen on hackread.com Jump to article: hackread.com/allianz-life-data-breach-hits-1-4-million-customers/
Lazarus Subgroup ‘TraderTraitor’ Targets Cloud Platforms and Contaminates Supply Chains

Jul 29, 2025 5:27 PM

Tags: cloud, cyber, cybersecurity, group, lazarus, mandiant, microsoft, north-korea, supply-chain, threat

The North Korean state-sponsored advanced persistent threat (APT) known as TraderTraitor, a subgroup of the notorious Lazarus Group, has emerged as a formidable actor specializing in digital asset heists. Tracked under aliases such as UNC4899, Jade Sleet, TA444, and Slow Pisces by various cybersecurity firms including Mandiant, Microsoft, Proofpoint, and Unit42, TraderTraitor operates under the…
Supply Chain Attacks Spotted in GitHub Actions, Gravity Forms, npm

Jul 29, 2025 3:28 PM

Tags: attack, backdoor, github, malicious, software, supply-chain, tool

Researchers discovered backdoors, poisoned code, and malicious commits in some of the more popular tool developers, jeopardizing software supply chains. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/supply-chain-attacks-github-actions-gravity-forms-npm
Hackers Breach Toptal GitHub, Publish 10 Malicious npm Packages With 5,000 Downloads

Jul 28, 2025 8:27 PM

Tags: access, attack, authentication, breach, github, hacker, malicious, software, supply-chain, threat

In what’s the latest instance of a software supply chain attack, unknown threat actors managed to compromise Toptal’s GitHub organization account and leveraged that access to publish 10 malicious packages to the npm registry.The packages contained code to exfiltrate GitHub authentication tokens and destroy victim systems, Socket said in a report published last week. In…
Allianz Life discloses massive data breach linked to supply-chain attack

Jul 28, 2025 5:27 PM

Tags: attack, breach, data, data-breach, insurance, social-engineering, supply-chain

The intrusion comes amid a wave of recent social-engineering attacks targeting the insurance sector and other industries. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/allianz-life-data-breach-supply-chain-attack/754192/
Entwickler-Tool von Amazon verseucht

Jul 28, 2025 10:27 AM

Tags: access, ai, cloud, cyberattack, cybersecurity, github, governance, hacker, injection, monitoring, open-source, risk, supply-chain, tool, update, vulnerability

Auch die leistungsstärksten KI-Tools sind kontraproduktiv, wenn sie nicht richtig abgesichert sind. Einem Hacker ist es gelungen, zerstörerische Systembefehle in die Visual-Studio-Code-Extension einzuschleusen, die für den Zugriff auf Amazons KI-gestützten Programmierassistenten Q verwendet wird. Der Angreifer konnte das Entwickler-Tool (mit mehr als 950.000 Installationen) über ein nicht-verifiziertes GitHub-Konto verseuchen: Er reichte Ende Juni 2025 einen…
Your supply chain security strategy might be missing the biggest risk

Jul 28, 2025 8:27 AM

Tags: breach, data, risk, strategy, supply-chain

Third-party involvement in data breaches has doubled this year from 15 percent to nearly 30 percent. In response, many organizations have sharpened their focus on third-party … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/07/28/vendor-risk-management/