Tag: supply-chain
-
Secure by Design Must Lead Software Development
Tags: awareness, cybersecurity, defense, office, open-source, programming, risk, software, supply-chainCrossley of Schneider Electric Urges Supplier Scrutiny and Continuous Risk Review. To strengthen defenses, organizations must adopt secure-by-design practices, select mature open-source components and embed risk awareness throughout development, according to Cassie Crossley, vice president, supply chain security, cybersecurity and product security office, Schneider Electric. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/secure-by-design-must-lead-software-development-a-27811
-
Oracle Cloud breach may impact 140,000 enterprise customers
Tags: access, attack, authentication, breach, business, cloud, control, credentials, data, extortion, finance, hacker, mfa, mitigation, oracle, password, radius, ransom, risk, security-incident, service, strategy, supply-chain, threatBusiness impact and risks: In an alarming development, the threat actor has initiated an extortion campaign, contacting affected companies and demanding payment to remove their data from the stolen cache. This creates immediate financial pressure and complex legal and ethical decisions for victims regarding ransom payments.To increase pressure on both Oracle and affected organizations, the…
-
âš¡ THN Weekly Recap: GitHub Supply Chain Attack, AI Malware, BYOVD Tactics, and More
A quiet tweak in a popular open-source tool opened the door to a supply chain breach—what started as a targeted attack quickly spiraled, exposing secrets across countless projects.That wasn’t the only stealth move. A new all-in-one malware is silently stealing passwords, crypto, and control—while hiding in plain sight. And over 300 Android apps joined the…
-
CISOs are taking on ever more responsibilities and functional roles has it gone too far?
Tags: ai, business, cio, ciso, cloud, compliance, computing, control, corporate, cyber, cybersecurity, data, defense, framework, fraud, governance, healthcare, infosec, intelligence, international, Internet, jobs, law, mitigation, nist, privacy, regulation, resilience, risk, risk-management, service, skills, software, supply-chain, technology, threatth century alongside technology and internet-enabled threats, morphing to meet the demands of the moment. But the position hasn’t just matured; in many cases it has expanded, taking on additional domains.”The CISO role has expanded significantly over the years as companies realize that information security has a unique picture of what is going on across…
-
Coinbase Initially Targeted in GitHub Actions Supply Chain Attack; 218 Repositories’ CI/CD Secrets Exposed
The supply chain attack involving the GitHub Action “tj-actions/changed-files” started as a highly-targeted attack against one of Coinbase’s open-source projects, before evolving into something more widespread in scope.”The payload was focused on exploiting the public CI/CD flow of one of their open source projects agentkit, probably with the purpose of leveraging it for further compromises,”…
-
GitHub Supply Chain Breach: Coinbase Attack Exposes 218 Repositories, Leaks CI/CD Secrets
The supply chain attack involving the GitHub Action “tj-actions/changed-files” started as a highly-targeted attack against one of Coinbase’s open-source projects, before evolving into something more widespread in scope.”The payload was focused on exploiting the public CI/CD flow of one of their open source projects agentkit, probably with the purpose of leveraging it for further compromises,”…
-
Coinbase was primary target of recent GitHub Actions breaches
Researchers have determined that Coinbase was the primary target in a recent GitHub Actions cascading supply chain attack that compromised secrets in hundreds of repositories. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/coinbase-was-primary-target-of-recent-github-actions-breaches/
-
GitHub Action supply chain attack less impactful than thought
First seen on scworld.com Jump to article: www.scworld.com/brief/github-action-supply-chain-attack-less-impactful-than-thought
-
Securing Your Supply Chain from Phishing Attacks
In this piece, Tass Kalfoglou, the director of our APAC Business Unit, sheds light on supply chain vulnerabilities and the need to level up domain security. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/03/securing-your-supply-chain-from-phishing-attacks/
-
Coinbase originally targeted during GitHub Action supply chain attack
Researchers from Palo Alto Networks said the hackers likely planned to leverage an open source project of the company for additional attacks. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/coinbase-targeted-github-action-attack/743186/
-
Cyberangriffe auf die Lieferkette: Das unterschätzte Einfallstor für Hacker
Die Lieferkette ist ein komplexes Netzwerk aus verschiedenen Akteuren und genau das macht sie zu einem bevorzugten Angriffsziel für Cyberkriminelle. Neue Technologien und gesellschaftliche Veränderungen verstärken die Bedrohung zusätzlich. Doch die gute Nachricht ist: Unternehmen sind dieser Gefahr nicht schutzlos ausgeliefert. Sie können sich aktiv verteidigen. First seen on itsicherheit-online.com Jump to article: www.itsicherheit-online.com/news/security-management/cyberangriffe-auf-die-lieferkette-das-unterschaetzte-einfallstor-fuer-hacker/
-
Watch on Demand: Supply Chain Third-Party Risk Security Summit
Join the virtual event as we explore of the critical nature of software and vendor supply chain security issues. The post Watch on Demand: Supply Chain & Third-Party Risk Security Summit appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/virtual-event-today-supply-chain-third-party-risk-security-summit/
-
Impact, Root Cause of GitHub Actions Supply Chain Hack Revealed
More details have come to light on the recent supply chain attack targeting GitHub Actions, including its root cause. The post Impact, Root Cause of GitHub Actions Supply Chain Hack Revealed appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/impact-root-cause-of-github-actions-supply-chain-hack-revealed/
-
GitHub Action compromise linked to previously undisclosed attack
Researchers uncovered a March 11 incident that may have led to the larger supply chain attack.;; First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/github-action-compromise-linked-undisclosed-attack/743079/
-
GitHub Action supply chain attack exposed secrets in 218 repos
The compromise of GitHub Action tj-actions/changed-files has impacted only a small percentage of the 23,000 projects using it, with it estimated that only 218 repositories exposed secrets due to the supply chain attack. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/github-action-supply-chain-attack-exposed-secrets-in-218-repos/
-
Too many software supply chain defense bibles? Boffins distill advice
How to avoid another SolarWinds, Log4j, and XZ Utils situation First seen on theregister.com Jump to article: www.theregister.com/2025/03/20/software_supply_chain_defense/
-
Supply-chain CAPTCHA attack hits over 100 car dealerships
A security researcher has discovered that the websites of over 100 car dealerships have been compromised in a supply-chain attack that attempted to infect the PCs of internet visitors. First seen on bitdefender.com Jump to article: www.bitdefender.com/en-us/blog/hotforsecurity/supply-chain-captcha-attack-hits-over-100-car-dealerships
-
Chinese military-linked companies dominate US digital supply chain
Despite growing national security concerns and government restrictions, Chinese military-linked companies remain deeply embedded in the US digital supply chain, according to … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/03/20/digital-supply-chain-security-concerns/
-
The Importance of Code Signing Best Practices in the Software Development Lifecycle
To ensure a secure software supply chain, the need for robust security measures cannot be overstated. One such measure, which serves as a cornerstone for safeguarding software authenticity and integrity, is code signing. Code signing is a process that involves attaching a digital signature to executables, scripts, or software packages. This digital signature verifies that……
-
Supply-Chain-Angriff auf die Webseiten von 100+ US-Automobilhändlern
Auto Dealership Supply Chain Attack First seen on rmceoin.github.io Jump to article: rmceoin.github.io/malware-analysis/2025/03/13/supply-chain.html
-
CISA Warns of Active Exploitation in GitHub Action Supply Chain Compromise
Tags: breach, cisa, cve, cybersecurity, exploit, flaw, github, infrastructure, kev, malicious, supply-chain, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a vulnerability linked to the supply chain compromise of the GitHub Action, tj-actions/changed-files, to its Known Exploited Vulnerabilities (KEV) catalog.The high-severity flaw, tracked as CVE-2025-30066 (CVSS score: 8.6), involves the breach of the GitHub Action to inject malicious code that enables a remote First…
-
Critical vulnerability in AMI MegaRAC BMC allows server’ takeover
Tags: access, advisory, api, apt, attack, authentication, control, credentials, cve, cyberespionage, cybersecurity, data, data-breach, endpoint, exploit, firewall, firmware, flaw, group, infrastructure, Internet, linux, malicious, malware, network, ransomware, supply-chain, technology, training, update, vulnerabilityth vulnerability that Eclypsium researchers found in MegaRAC, the BMC firmware implementation from UEFI/BIOS vendor American Megatrends (AMI). BMCs are microcontrollers present on server motherboards that have their own firmware, dedicated memory, power, and network ports and are used for out-of-band management of servers when their main operating systems are shut down.Administrators can access BMCs…
-
GitHub Action hack likely led to another in cascading supply chain attack
A cascading supply chain attack that began with the compromise of the “reviewdog/action-setup@v1” GitHub Action is believed to have led to the recent breach of “tj-actions/changed-files” that leaked CI/CD secrets. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/github-action-hack-likely-led-to-another-in-cascading-supply-chain-attack/
-
ClickFix supply chain attack impacts over 100 car dealerships
First seen on scworld.com Jump to article: www.scworld.com/brief/clickfix-supply-chain-attack-impacts-over-100-car-dealerships
-
Thousands of GitHub repositories’ secrets exposed by supply chain compromise
First seen on scworld.com Jump to article: www.scworld.com/brief/thousands-of-github-repositories-secrets-exposed-by-supply-chain-compromise
-
Second GitHub Actions Supply Chain Attack Discovered
Malicious Code Injected in reviewdog Just Hours Before tj-actions Backdoored. Just days after researchers discovered an attack that subverted a widely used tool for software development platform GitHub, they discovered a second, prior attack, as part of what one expert said may be a chain of supply chain attacks eventually leading to a specific high-value…
-
New ‘Rules File Backdoor’ Attack Lets Hackers Inject Malicious Code via AI Code Editors
Cybersecurity researchers have disclosed details of a new supply chain attack vector dubbed Rules File Backdoor that affects artificial intelligence (AI)-powered code editors like GitHub Copilot and Cursor, causing them to inject malicious code.”This technique enables hackers to silently compromise AI-generated code by injecting hidden malicious instructions into seemingly innocent First seen on thehackernews.com Jump…
-
Google acquisition target Wiz links fresh supply chain attack to 23K pwned GitHub repos
Ad giant just confirmed its cloudy arm will embrace security shop in $30B deal First seen on theregister.com Jump to article: www.theregister.com/2025/03/18/wiz_github_supply_chain/
-
Die Lieferkette als primäres Ziel für Cyberangreifer
Mit dem stetigen Voranschreiten der digitalen Transformation in den letzten Jahren wurden Unternehmen zunehmend abhängig von zahlreichen Partnern und Lieferanten. Diese Verschiebung hat zu einer komplexeren IT-Infrastruktur geführt und signifikant die Angriffsfläche vergrößert, die Cyberkriminelle ausnutzen können. Sie haben es auf das schwächste Glied in der Lieferkette abgesehen, um Zugang zum Gesamtsystem zu bekommen. Ein…