Supply Chain

Microsoft tries to knife passwords once and for all - at least for consumers

Infosec In Brief PLUS: AirPlay exploits; Six-year old backdoor opens; Raytheon settles federal charges; and more!

Security04 May 2025 | 82

LLMs can't stop making up software dependencies and sabotaging everything

Hallucinated package names fuel 'slopsquatting'

AI Software Development Week12 Apr 2025 | 98

US sensor giant Sensata admits ransomware derailed ops

Props for the transparency though

Cyber-crime10 Apr 2025 | 4

Trump tariffs to make prices great – a gain

World War Fee As costs for US shoppers set to rise, markets slump, orange is new red, we speak to economic experts

Public Sector07 Apr 2025 | 78

That massive GitHub supply chain attack? It all started with a stolen SpotBugs token

But this mystery isn't over yet, Unit 42 opines

Devops07 Apr 2025 | 7

As nation-state hacking becomes 'more in your face,' are supply chains secure?

Interview Ex-US Air Force officer says companies shouldn't wait for govt mandates

CSO24 Mar 2025 | 10

Too many software supply chain defense bibles? Boffins distill advice

How to avoid another SolarWinds, Log4j, and XZ Utils situation

Security20 Mar 2025 | 10

Google acquisition target Wiz links fresh supply chain attack to 23K pwned GitHub repos

Ad giant just confirmed its cloudy arm will embrace security shop in $30B deal

Research18 Mar 2025 | 4

GitHub supply chain attack spills secrets from 23,000 projects

Large organizations among those cleaning up the mess

Cyber-crime17 Mar 2025 | 34

Poisoned Go programming language package lay undetected for 3 years

Updated Researcher says ecosystem's auto-caching is a net positive but presents exploitable quirks

Security04 Feb 2025 | 9

North Koreans clone open source projects to plant backdoors, steal credentials

Stealing crypto is so 2024. Supply-chain attacks leading to data exfil pays off better?

Devops29 Jan 2025 | 2

Supply chain attack hits Chrome extensions, could expose millions

Threat actor exploited phishing and OAuth abuse to inject malicious code

Cyber-crime22 Jan 2025 | 6

GM parks claims that driver location data was given to insurers, pushing up premiums

We'll defo ask for permission next time, automaker tells FTC

Personal Tech17 Jan 2025 | 40

Solana blockchain's popular web3.js npm package backdoored to steal keys, funds

Damage likely limited to those running bots with private PKI access

Cyber-crime05 Dec 2024 | 7

Supply chain management vendor Blue Yonder succumbs to ransomware

And it looks like major UK retailers that rely on it are feeling the pinch

Cyber-crime26 Nov 2024 | 9

Cyberattackers stole Microlise staff data following DHL, Serco disruption

Experts say incident has 'all the hallmarks of ransomware'

Cyber-crime06 Nov 2024 | 5

Socket plugs in $40M to strengthen software supply chain

Biz aims to scrub unnecessary dependencies from npm packages in the name of security

Applications22 Oct 2024 |

Global semiconductor sales up 20.6% to record $53.1B as trade wars rage on

Chip boom continues as demand surges, but challenges remain

Systems07 Oct 2024 | 1

Get ready: US port strike may snarl tech supply chains

Updated Time to see if industry learned anything from the last shortage crisis

On-Prem03 Oct 2024 | 20

Lebanon now hit with deadly walkie-talkie blasts as Israel declares ‘new phase’ of war

Updated Second wave of exploding gear kills at least 14 today

Security18 Sep 2024 | 185

Predator spyware updated with dangerous new features, also now harder to track

Infosec in brief Plus: Trump family X accounts hijacked to promote crypto scam; Fog ransomware spreads; Hijacked PyPI packages; and more

Security09 Sep 2024 | 10

Homeland security hopes to scuttle maritime cyber-threats with port infosec testbed

Supply chains, 13M jobs and $649B a year at risk, so Uncle Sam is fighting back - with a request for info

Public Sector05 Sep 2024 | 5

HP Inc loves China – but wants to reduce the risks it presents

Amid reports that plenty of PC production will shift elsewhere, supply chain boss emphasizes agility

Personal Tech09 Aug 2024 | 9

Polyfill.io claims reveal new cracks in supply chain, but how deep do they go?

Opinion There will always be bad actors in the system. We can always learn from the drama they create

Security01 Jul 2024 | 19

If you're using Polyfill.io code on your site – like 100,000+ are – remove it immediately

Scripts turn sus after mysterious CDN swallows domain

CSO25 Jun 2024 | 61

Preventing another chip shortage on G7 summit agenda

Group will also look into protecting subsea communications infrastructure

Public Sector13 Jun 2024 | 1

Euro banks worry AI will increase their dependence on US big tech

Putting such a dominant power in the middle of your supply chain a risky move...

AI + ML10 Jun 2024 | 11

It may take decade to shore up software supply chain security, says infosec CEO

interview Sure, we're waking to the risk, but we gotta get outta bed, warns Endor Labs founder Varun Badhwar

CSO03 May 2024 | 27

Japan to draw up routes for roads dedicated to robot trucks

Digital reform conference sees PM repeat calls to get online government services right at last

Public Sector23 Apr 2024 | 9

What can be done to protect open source devs from next xz backdoor drama?

Kettle What happened, how it was found, and what your vultures have made of it all

Research06 Apr 2024 | 93

Taiwan quake to hit chipmakers' capex, not chip supply

Some equipment suffered minor damage, but the silicon show must go on

Off-Prem05 Apr 2024 | 1

Malicious xz backdoor reveals fragility of open source

Analysis This time, we got lucky. It mostly affected bleeding-edge distros. But that's not a defense strategy

Devops01 Apr 2024 | 98

AI hallucinates software packages and devs download them – even if potentially poisoned with malware

In-depth Simply look out for libraries imagined by ML and make them real, with actual malicious code. No wait, don't do that

Security28 Mar 2024 | 84

Alibaba bins listing for its Cainiao logistics limb

Already backed away from cloud spinout, now gradually breaking up with its own breakup plan

Off-Prem27 Mar 2024 |

Over 170K users caught up in poisoned Python package ruse

Supply chain attack targeted GitHub community of Top.gg Discord server

Cyber-crime25 Mar 2024 | 44

In the rush to build AI apps, please, please don't leave security behind

Feature Supply-chain attacks are definitely possible and could lead to data theft, system hijacking, and more

AI + ML17 Mar 2024 | 20

GitHub struggles to keep up with automated malicious forks

Cloned then compromised, bad repos are forked faster than they can be removed

Security01 Mar 2024 | 26

The latest cold war is already being fought in the supply chain trenches

AI and the chips that power it are at the center of the equation

Systems30 Jan 2024 | 2

Logitech warns of logistical impact of Houthi attacks in Red Sea

Longer lead times, extra costs and more freight coming via air

Personal Tech24 Jan 2024 | 13

Exposed Hugging Face API tokens offered full access to Meta's Llama 2

Updated With more than 1,500 tokens exposed, research highlights importance of securing supply chains in AI and ML

Research04 Dec 2023 | 6

Industry piles in on North Korea for sustained rampage on software supply chains

Kim’s cyber cronies becoming more active, sophisticated in attempts to pwn global orgs

Security23 Nov 2023 | 18

Cisco has a new problem: You take too long to implement its products and stop buying more kit

Supply chain is back to pre-COVID normal, just in time for big clouds to spend $1 billion on networks for AI

Networks16 Nov 2023 | 8

SolarWinds charged after SEC says biz knew IT was leaky ahead of SUNBURST attack

Developer labels action 'unfounded' after company and CISO slapped with suit for misleading investors

Cybersecurity Month31 Oct 2023 | 9

MOVEit breach delivers bundle of 3.4 million baby records

Progress Software vulnerability ID'd in enormous burglary at Ontario's BORN

Cyber-crime26 Sep 2023 | 7

Sneaky Python package security fixes help no one – except miscreants

Good thing these eggheads have created a database of patches

Patches26 Jul 2023 | 8

Make sure that off-the-shelf AI model is legit – it could be a poisoned dependency

Updated Another kind of supply chain attack that can quietly mess up bots and apps

AI + ML11 Jul 2023 | 11

Dublin Airport staff pay data 'compromised' by criminals

Attackers accessed it via third-party services provider, says management group

Cyber-crime03 Jul 2023 | 6

US government extends software security deadline because vendors aren't ready

This from the Administration that made infosec a priority

Software13 Jun 2023 | 4

Raspberry Pi production rate rising to a million a month

CEO stands by decision to keep prices steady instead of scoring sweet, sweet, windfall profits

Personal Tech05 Jun 2023 | 74

This malicious PyPI package mixed source and compiled code to dodge detection

Oh cool, something else to scan for

Security02 Jun 2023 | 11

Python Package Index had one person on-call to hold back weekend malware rush

We speak to infra director after project temporarily freezes new user accounts

Devops22 May 2023 | 22

UK government prays that size doesn't matter as it chips in £1B for semiconductor sector

Domestic industry 'will never be wholly sovereign' say critics as Blighty hooks up with Japan

Systems19 May 2023 | 36

GitHub debuts pedigree check for npm packages via Actions

Publishing provenance possibly prevents problems

Security19 Apr 2023 | 4

China the largest buyer of chipmaking machines as sales hit an all-time high

Despite US blocks to advanced technology nodes

Systems14 Apr 2023 | 11

Worried about the security of your code's dependencies? Try Google's Deps.dev

Is this what the kids mean by owning the libs?

Devops13 Apr 2023 | 13

3CX teases security-focused client update, plus password hashing

As Mandiant finds more evidence it was North Korea wot done it

Security12 Apr 2023 | 4